DNS_NAME_UNRESOLVED Appeared in Output

Question

DNS_NAME_UNRESOLVED Appeared in Output

Closed this issue 4 months ago · 1 comments

I'm using
-c omit_event_types=["DNS_NAME_UNRESOLVED","URL_UNVERIFIED"]

However, this one single of DNS_NAME_UNRESOLVED appeared in output.ndjson

{"type": "DNS_NAME_UNRESOLVED", "id": "DNS_NAME_UNRESOLVED:d157715699ddff2f4cf3844e8b7181968d02d668", "scope_description": "distance-1", "data": "dev-content.dellsupportcenter.com", "host": "dev-content.dellsupportcenter.com", "resolved_hosts": ["104.68.77.154", "dev-content.dellsupportcenter.com.edgekey.net"], "dns_children": {"CNAME": ["dev-content.dellsupportcenter.com.edgekey.net"], "A": ["104.68.77.154"]}, "web_spider_distance": 0, "scope_distance": 1, "scan": "SCAN:5ba8f0947209a7f8e2362774209cefc59b650ea9", "timestamp": 1721797481.254403, "parent": "DNS_NAME:95fc4163f033803e502ab6aa3d076fa976eaed25", "tags": ["subdomain", "distance-1", "cdn-akamai", "internal", "unresolved"], "module": "internetdb", "module_sequence": "internetdb", "discovery_context": "internetdb queried Shodan's InternetDB API for \"apjdelivery.dell.com (88.221.9.216)\" and found DNS_NAME: dev-content.dellsupportcenter.com", "discovery_path": ["Scan 2024-07-24_06-52-07 seeded with DNS_NAME: dell.com", "rapiddns searched rapiddns API for \"dell.com\" and found DNS_NAME: apjdelivery.dell.com", "internetdb queried Shodan's InternetDB API for \"apjdelivery.dell.com (88.221.9.216)\" and found DNS_NAME: dev-content.dellsupportcenter.com"]}

Answer 1 · 2024-07-25T13:16:11.000Z

This should only happen if the event is part of the discovery chain to another in-scope event. In that case an exception is made to preserve the connection in the graph.