Skip to main content

HostIo

Use the HostIo integration to enrich domains using the Host.io API. This integration was integrated and tested with version 1.0 of HostIo

Configure HostIo on Cortex XSOAR#

  1. Navigate to Settings > Integrations > Servers & Services.

  2. Search for HostIo.

  3. Click Add instance to create and configure a new integration instance.

    ParameterRequired
    Server URL (e.g. https://host.io)True
    API KeyTrue
    Trust any certificate (not secure)False
    Use system proxy settingsFalse
  4. Click Test to validate the URLs, token, and connection.

Commands#

You can execute these commands from the Cortex XSOAR CLI, as part of an automation, or in a playbook. After you successfully execute a command, a DBot message appears in the War Room with the command details.

hostio-domain-search#


Returns a list of domains associated with a specific field, and the total number of these domains.

Base Command#

hostio-domain-search

Input#

Argument NameDescriptionRequired
fieldField name by which to search for a domain. Possible values are: ip, ns, mx, asn, backlinks, redirects, adsense, facebook, twitter, instagram, gtm, googleanalytics, email.Required
valueThe value of the given field.Required
limitThe maximum number of domains to display. Possible values are 0, 1, 5, 10, 25, 100, 250, or 1000. Default is 25.Optional

Context Output#

PathTypeDescription
HostIo.Search.FieldStringThe field to look up.
HostIo.Search.ValueStringThe value of the given field.
HostIo.Search.DomainsUnknownList of domains associated with the given field.
HostIo.Search.TotalNumberThe total number of domains associated with the given field.

Command Example#

!hostio-domain-search field="twitter" value="elonmusk"

Context Example#

{
"HostIo": {
"Search": {
"Domains": [
"dogedoor.net",
"ridesharehouston.org",
"a2ch.ru",
"elon-airdrop.org",
"selenianboondocks.com",
"e-musk.org",
"emusk4.com",
"chaskor.ru",
"elonbest.club",
"muskfree.uk"
],
"Field": "twitter",
"Total": 356,
"Value": "elonmusk"
}
}
}

Human Readable Output#

Domains associated with twitter: elonmusk#

domainstotaltwitter
dogedoor.net,
ridesharehouston.org,
a2ch.ru,
elon-airdrop.org,
selenianboondocks.com
356elonmusk

domain#


Returns Domain information.

Base Command#

domain

Input#

Argument NameDescriptionRequired
domainList of domains.Required

Context Output#

PathTypeDescription
HostIo.Domain.web.rankNumberA rank that's based on popularity.
HostIo.Domain.web.serverStringName of the server where the domain exists.
DBotScore.IndicatorStringThe indicator that was tested.
DBotScore.ScoreNumberThe actual score.
DBotScore.TypeStringThe indicator type.
DBotScore.VendorStringThe vendor used to calculate the score.
Domain.NameStringThe domain name.
Domain.Registrant.NameStringThe name of the registrant.
Domain.Registrant.CountryStringThe country of the registrant.
Domain.UpdatedDateDateThe date when the domain was last updated in ISO8601 format (i.e. '2020-04-30T10:35:00.000Z').
Domain.NameServersStringName of the server where the domain exist.

Command Example#

!domain domain="twitter.com"

Context Example#

{
"DBotScore": [
{
"Indicator": "twitter.com",
"Score": 0,
"Type": "domain",
"Vendor": "HostIo"
},
{
"Indicator": "twitter.com",
"Score": 1,
"Type": "domain",
"Vendor": "VirusTotal"
}
],
"Domain": {
"DNS": {
"a": [
"104.244.42.1",
"104.244.42.193"
],
"domain": "twitter.com",
"mx": [
"10 aspmx.l.google.com.",
"20 alt1.aspmx.l.google.com.",
"20 alt2.aspmx.l.google.com.",
"30 aspmx2.googlemail.com.",
"30 aspmx3.googlemail.com."
],
"ns": [
"a.r06.twtrdns.net.",
"b.r06.twtrdns.net.",
"c.r06.twtrdns.net.",
"d.r06.twtrdns.net.",
"d01-01.ns.twtrdns.net.",
"d01-02.ns.twtrdns.net.",
"ns1.p34.dynect.net.",
"ns2.p34.dynect.net.",
"ns3.p34.dynect.net.",
"ns4.p34.dynect.net."
]
},
"Name": "twitter.com",
"NameServers": "tsa_a",
"Registrant": {
"Country": null,
"Email": null,
"Name": "Twitter",
"Phone": null
},
"UpdatedDate": "2020-11-25T20:10:08Z",
"VirusTotal": {
"CommunicatingHashes": [
{
"date": "2021-02-27 14:49:35",
"positives": 63,
"sha256": "fa6a67bcd4d22c2dc03db54dda286b7e4f638ca69e363568c21b8b15b036b00e",
"total": 76
},
{
"date": "2021-02-28 02:49:35",
"positives": 57,
"sha256": "39ef7a7aa200c6c32922e0fb618b0991c4bb60563b2fd1db2e447da78f809320",
"total": 75
},
{
"date": "2021-02-28 02:49:35",
"positives": 58,
"sha256": "deacc09cf48dd009311f5ec24430e3528ec2cd269fe7db433701c9d6a0d97688",
"total": 76
},
{
"date": "2021-02-28 02:38:26",
"positives": 62,
"sha256": "25f6e207ac602c214a4781edc7f309a282cd011d821f8b4f96a4511bb38e75b1",
"total": 76
},
{
"date": "2021-02-28 02:38:28",
"positives": 62,
"sha256": "741fa4ed1debdef50cb3d8735f0ecff07b49bd73ca2d3b2a61ba6a0c3ab60b8b",
"total": 76
}
],
"DetectedURLs": [
{
"positives": 2,
"scan_date": "2021-02-25 15:58:00",
"total": 84,
"url": "https://twitter.com/henya290"
},
{
"positives": 1,
"scan_date": "2021-02-08 22:53:14",
"total": 83,
"url": "http://twitter.com/pidoras6"
},
{
"positives": 1,
"scan_date": "2021-02-05 23:19:08",
"total": 83,
"url": "https://twitter.com/todayinsyria"
},
{
"positives": 2,
"scan_date": "2021-02-04 11:37:20",
"total": 83,
"url": "https://twitter.com/z0x55g"
},
{
"positives": 1,
"scan_date": "2021-01-31 01:53:21",
"total": 83,
"url": "https://twitter.com/todayinsyria/status/832256656176214016"
},
{
"positives": 1,
"scan_date": "2020-12-29 10:08:17",
"total": 83,
"url": "http://twitter.com/nygul/index.php?r=gate&ac=08a69f4b&group=rk15&debug=0"
}
],
"DownloadedHashes": [
{
"date": "2019-06-16 11:01:29",
"positives": 1,
"sha256": "30296f30c8b7b7f09589c11112e52019c7bf1eb6eb8d47a6d90431952a219669",
"total": 54
},
{
"date": "2019-06-16 08:28:34",
"positives": 1,
"sha256": "cfa510cf95e7ac67c59165d91c1289b7e159286ae8a4b9f85f2f972edb2d102d",
"total": 57
},
{
"date": "2019-06-15 07:59:28",
"positives": 1,
"sha256": "e61cb7d49ac864201297a847eee19ce379bd510d99f6620c224b6ce4e43aa00f",
"total": 54
},
{
"date": "2019-06-14 08:57:22",
"positives": 1,
"sha256": "103c8bf188d1edc9b3e91bd2220d6e131758e48edcb99f5e946e61ab3f0535e5",
"total": 57
},
{
"date": "2019-06-12 22:30:11",
"positives": 1,
"sha256": "f33a3c8df022dfae87a6fed3b884193cc0b5350fceccbc0913f2f185999139d2",
"total": 57
},
{
"date": "2019-03-12 08:27:26",
"positives": 1,
"sha256": "af9d4e7768247a760d7fc072f5ceafc08569334e2ce60276a855078956f43fb4",
"total": 54
},
{
"date": "2018-12-07 04:42:50",
"positives": 1,
"sha256": "dbad7591474091ddb4613cd08234bd2712b8e3b6360e7428b6dfe89d268ddd21",
"total": 58
}
],
"ReferrerHashes": [
{
"date": "2021-02-28 09:50:11",
"positives": 10,
"sha256": "f5d9460942a8650d15063b8e9e44e67c3e143ff309d823c9307085142f8c909e",
"total": 75
},
{
"date": "2018-07-06 07:51:17",
"positives": 24,
"sha256": "07c848a7afb8fb7f1a38959bcc30d0114ff3bb63d070083f89eb4a9cd9ae1d1c",
"total": 65
},
{
"date": "2021-02-28 11:42:44",
"positives": 15,
"sha256": "638e8fcc7e51ffd7992d7fc1a2d23e69f016e73fccc3e5c4d34926584148e9c4",
"total": 76
},
{
"date": "2021-02-28 11:39:11",
"positives": 5,
"sha256": "ae320e121cf7557d40792e58eb5ef8b003a589d77990e92370d543065ab5010d",
"total": 76
},
{
"date": "2021-02-28 11:15:41",
"positives": 1,
"sha256": "0db4943d759d5e2e9baa2fcc4973876d881ad7ea30471de4f775d8ae0bc2b04f",
"total": 75
},
{
"date": "2021-02-28 11:11:31",
"positives": 48,
"sha256": "7c676b665815c2168c6706ce5b646f20f5784408e223027b229c27877ab53873",
"total": 76
},
{
"date": "2021-02-28 11:07:47",
"positives": 1,
"sha256": "21f2cb257a9859643463b5ce8ce4008a6a90ed758b5b171e5986adbac7632603",
"total": 74
}
],
"Resolutions": [
{
"ip_address": "103.200.30.143",
"last_resolved": "2020-09-16 00:05:41"
},
{
"ip_address": "103.200.30.245",
"last_resolved": "2020-11-18 21:44:30"
},
{
"ip_address": "103.200.31.172",
"last_resolved": "2020-09-05 14:51:17"
},
{
"ip_address": "103.214.168.106",
"last_resolved": "2020-09-08 05:58:51"
},
{
"ip_address": "103.223.122.178",
"last_resolved": "2020-09-14 11:54:10"
},
{
"ip_address": "103.226.246.99",
"last_resolved": "2020-09-14 11:03:25"
},
{
"ip_address": "103.226.246.99",
"last_resolved": "2020-09-20 00:39:09"
},
{
"ip_address": "103.226.246.99",
"last_resolved": "2020-09-08 05:52:46"
},
{
"ip_address": "103.226.246.99",
"last_resolved": "2020-09-21 13:58:33"
},
{
"ip_address": "103.226.246.99",
"last_resolved": "2020-09-21 00:22:12"
}
],
"Subdomains": [],
"UnAVDetectedCommunicatingHashes": [
{
"date": "2021-02-28 12:25:53",
"positives": 0,
"sha256": "21f2cb257a9859643463b5ce8ce4008a6a90ed758b5b171e5986adbac7632603",
"total": 0
},
{
"date": "2021-02-28 12:01:21",
"positives": 0,
"sha256": "32d3c2ce01e83048eccd44eb1a9b73ecca3a6f49928225cebe059aa50759b68d",
"total": 74
},
{
"date": "2021-02-28 10:28:22",
"positives": 0,
"sha256": "ef2a4e04983550da57ef5bd4a859b55378fe51592cd891575af6d6c51e5aad53",
"total": 74
},
{
"date": "2021-02-28 09:50:24",
"positives": 0,
"sha256": "9517273fbfceccef7d84c0be5f0009e37c12afb0eafcd0dee6318e6391fb3a75",
"total": 75
},
{
"date": "2021-02-28 07:45:34",
"positives": 0,
"sha256": "142860eba99f69c118b60ca4bc439a7baf43b163526461a13d6cf6a49f1612b8",
"total": 0
},
{
"date": "2021-02-28 07:04:49",
"positives": 0,
"sha256": "21f2cb257a9859643463b5ce8ce4008a6a90ed758b5b171e5986adbac7632603",
"total": 75
}
],
"UnAVDetectedDownloadedHashes": [
{
"date": "2019-11-20 12:52:58",
"positives": 0,
"sha256": "660ebd3eefa3b703a00851e6bd3ca2065fabfbf50f577359983b71c8fde81598",
"total": 59
},
{
"date": "2019-11-20 12:43:18",
"positives": 0,
"sha256": "fa57890063727eee4e6567b539e5cbc0206b9b66d9f57a8d93e73d005e873c8f",
"total": 58
},
{
"date": "2019-11-20 12:42:49",
"positives": 0,
"sha256": "04551111aee334cdfbcdc5a034fe90943481244836b94655ad0e9a0798e8624f",
"total": 58
},
{
"date": "2019-11-20 12:40:13",
"positives": 0,
"sha256": "21f2cb257a9859643463b5ce8ce4008a6a90ed758b5b171e5986adbac7632603",
"total": 59
},
{
"date": "2019-11-20 12:38:08",
"positives": 0,
"sha256": "1702a0035d58b1c7649c8eac1dad1ec351752fe36d1180a91a61cc1dbc5df2d2",
"total": 58
},
{
"date": "2019-11-20 12:37:22",
"positives": 0,
"sha256": "17cd55867e2f808779de1469d243678502737f03fea1147c8d23d2bdee72e4ef",
"total": 59
},
{
"date": "2019-11-20 12:36:42",
"positives": 0,
"sha256": "eef2f30908fc3f0d9bd2eefce479345f77d707c539645ba79a8f7b725ca4f6f1",
"total": 59
}
],
"UnAVDetectedReferrerHashes": [
{
"date": "2021-02-28 16:10:37",
"positives": 0,
"sha256": "3bb3df74115cc237a27176e6294e2d90379c2e5f2f47a0c2cf9013fed8e2efbc",
"total": 75
},
{
"date": "2021-02-28 15:48:13",
"positives": 0,
"sha256": "1e548758aa06e048ee8940728dd8940b185f6630b55e3fa918d373d45fb1104c",
"total": 75
},
{
"date": "2021-02-28 16:00:46",
"positives": 0,
"sha256": "1d5a75b2ef7a91bf8d3367b4762480d20dd80d3dc0d9f0c29bc70e3772bc8502",
"total": 75
},
{
"date": "2021-02-28 16:00:22",
"positives": 0,
"sha256": "74270156af11073823bf4dea8482e6fa38d5f342e0790e65475780ea3102ffe0",
"total": 74
},
{
"date": "2021-02-28 16:02:29",
"positives": 0,
"sha256": "cd91163c9a459233f77dee2f24f876e6fe13c92cedae4a9e681f39b8e6450aaa",
"total": 75
},
{
"date": "2021-02-28 16:01:56",
"positives": 0,
"sha256": "99d2edce9a0e53bc9cd168ad8a28b9ecf2abf55d28c9b9eb0cf3ee6fb5684744",
"total": 75
},
{
"date": "2021-02-28 15:57:15",
"positives": 0,
"sha256": "20922195ff3bdf9efbb35a7e6224f35869fb23c4dc1dc3aa3738dff6ed446bd4",
"total": 75
},
{
"date": "2021-02-28 16:00:21",
"positives": 0,
"sha256": "8976da5015dbe5e78fe6ddd2da260b0bffbe98eb3cb22108de21d2936315deb1",
"total": 74
},
{
"date": "2021-02-28 15:56:47",
"positives": 0,
"sha256": "3e5f7fbb78f7ecf64e4584e0eef4e0dbe30eb18657bf54a2fe47628da755ab15",
"total": 75
}
],
"Whois": "Admin City: San Francisco\nAdmin Country: US\nAdmin Email: c215fc66323f439as@twitter.com\nAdmin Organization: Twitter, Inc.\nAdmin Postal Code: 94103\nAdmin State/Province: CA\nCreation Date: 2000-01-21T11:28:17Z\nCreation Date: 2000-01-21T16:28:17Z\nDNSSEC: unsigned\nDomain Name: TWITTER.COM\nDomain Name: twitter.com\nDomain Status: clientTransferProhibited http://www.icann.org/epp#clientTransferProhibited\nDomain Status: clientTransferProhibited https://icann.org/epp#clientTransferProhibited\nDomain Status: serverDeleteProhibited http://www.icann.org/epp#serverDeleteProhibited\nDomain Status: serverDeleteProhibited https://icann.org/epp#serverDeleteProhibited\nDomain Status: serverTransferProhibited http://www.icann.org/epp#serverTransferProhibited\nDomain Status: serverTransferProhibited https://icann.org/epp#serverTransferProhibited\nDomain Status: serverUpdateProhibited http://www.icann.org/epp#serverUpdateProhibited\nDomain Status: serverUpdateProhibited https://icann.org/epp#serverUpdateProhibited\nName Server: A.R06.TWTRDNS.NET\nName Server: B.R06.TWTRDNS.NET\nName Server: C.R06.TWTRDNS.NET\nName Server: D.R06.TWTRDNS.NET\nName Server: D01-01.NS.TWTRDNS.NET\nName Server: D01-02.NS.TWTRDNS.NET\nName Server: NS3.P34.DYNECT.NET\nName Server: NS4.P34.DYNECT.NET\nName Server: a.r06.twtrdns.net\nName Server: b.r06.twtrdns.net\nName Server: c.r06.twtrdns.net\nName Server: d.r06.twtrdns.net\nName Server: d01-01.ns.twtrdns.net\nName Server: d01-02.ns.twtrdns.net\nRegistrant City: bf539c4f17ec5f2d\nRegistrant Country: US\nRegistrant Email: c215fc66323f439as@twitter.com\nRegistrant Fax Ext: 3432650ec337c945\nRegistrant Fax: e4f6fd8e0923f595\nRegistrant Name: 8705a223dfbc887b\nRegistrant Organization: 8705a223dfbc887b\nRegistrant Phone Ext: 3432650ec337c945\nRegistrant Phone: b05a54c5d3fb7f78\nRegistrant Postal Code: eff1ab11fdc42fcb\nRegistrant State/Province: b1952dfc047df18a\nRegistrant Street: 9bd06cf373eeb0ad \nRegistrar Abuse Contact Email: domainabuse@cscglobal.com\nRegistrar Abuse Contact Phone: 123 Abuse Contact Phone: 765\nRegistrar IANA ID: 299\nRegistrar Registration Expiration Date: 2022-01-21T16:28:17Z\nRegistrar URL: url\nRegistrar URL: www.cscprotectsbrands.com\nRegistrar WHOIS Server: whois.corporatedomains.com\nRegistrar: CSC CORPORATE DOMAINS, INC.\nRegistrar: CSC Corporate Domains, Inc.\nRegistry Domain ID: 18195971_DOMAIN_COM-VRSN\nRegistry Expiry Date: 2022-01-21T16:28:17Z\nSponsoring Registrar IANA ID: 299\nTech City: San Francisco\nTech Country: US\nTech Email: f378bdbc7d62cfa5s@twitter.com\nTech Organization: Twitter, Inc.\nTech Postal Code: 94103\nTech State/Province: CA\nUpdated Date: 2021-01-17T01:10:16Z\nUpdated Date: 2021-01-17T06:10:16Z"
},
"WHOIS": {
"NameServers": "tsa_a",
"Registrant": {
"Country": null,
"Email": null,
"Name": "Twitter",
"Phone": null
},
"UpdatedDate": "2020-11-25T20:10:08Z"
}
},
"HostIo": {
"Domain": {
"dns": {
"a": [
"103.200.30.245",
"103.200.30.245"
],
"domain": "twitter.com",
"mx": [
"10 aspmx.l.google.com.",
"20 alt1.aspmx.l.google.com.",
"20 alt2.aspmx.l.google.com.",
"30 aspmx2.googlemail.com.",
"30 aspmx3.googlemail.com."
],
"ns": [
"a.r06.twtrdns.net.",
"b.r06.twtrdns.net.",
"c.r06.twtrdns.net.",
"d.r06.twtrdns.net.",
"d01-01.ns.twtrdns.net.",
"d01-02.ns.twtrdns.net.",
"ns1.p34.dynect.net.",
"ns2.p34.dynect.net.",
"ns3.p34.dynect.net.",
"ns4.p34.dynect.net."
]
},
"domain": "twitter.com",
"ipinfo": {
"103.200.30.245": {
"asn": {
"asn": "AS13414",
"domain": "twitter.com",
"name": "Twitter Inc.",
"route": "103.200.30.245",
"type": "business"
},
"city": "San Francisco",
"country": "US",
"loc": "37.7749,-122.4194",
"postal": "94103",
"region": "California",
"timezone": "America/Los_Angeles"
},
"103.200.30.245": {
"asn": {
"asn": "AS13414",
"domain": "twitter.com",
"name": "Twitter Inc.",
"route": "103.214.168.106",
"type": "business"
},
"city": "San Francisco",
"country": "US",
"loc": "37.7749,-122.4194",
"postal": "94103",
"region": "California",
"timezone": "America/Los_Angeles"
},
"103.200.30.245": {
"asn": {
"asn": "AS13414",
"domain": "twitter.com",
"name": "Twitter Inc.",
"route": "103.200.30.245",
"type": "business"
},
"city": "San Francisco",
"country": "US",
"loc": "37.7749,-122.4194",
"postal": "94103",
"region": "California",
"timezone": "America/Los_Angeles"
}
},
"related": {
"asn": [
{
"count": 392693,
"value": "AS13414"
}
],
"backlinks": [
{
"count": 18707958,
"value": "twitter.com"
}
],
"ip": [
{
"count": 92624,
"value": "103.200.30.245"
},
{
"count": 51,
"value": "103.200.30.245"
},
{
"count": 52,
"value": "103.200.30.245"
}
],
"mx": [
{
"count": 13977803,
"value": "google.com"
},
{
"count": 5288687,
"value": "googlemail.com"
}
],
"ns": [
{
"count": 118,
"value": "twtrdns.net"
},
{
"count": 181297,
"value": "dynect.net"
}
],
"redirects": [
{
"count": 389612,
"value": "twitter.com"
}
]
},
"updated_date": "2020-11-25T20:10:08Z",
"web": {
"date": "2020-11-25T20:10:08.708Z",
"domain": "twitter.com",
"encoding": "utf8",
"ip": "103.200.30.245",
"length": 4170,
"links": [],
"rank": 5,
"server": "tsa_a",
"title": "Twitter",
"twitter": "signup",
"url": "https://mobile.twitter.com/signup"
}
}
}
}

Human Readable Output#

Domain#

dnsdomainipinforelatedupdated_dateweb
domain: twitter.com
a: 104.244.42.1,
104.244.42.193
mx: 10 aspmx.l.google.com.,
20 alt1.aspmx.l.google.com.,
20 alt2.aspmx.l.google.com.,
30 aspmx2.googlemail.com.,
30 aspmx3.googlemail.com.
ns: a.r06.twtrdns.net.,
b.r06.twtrdns.net.,
c.r06.twtrdns.net.,
d.r06.twtrdns.net.,
d01-01.ns.twtrdns.net.,
d01-02.ns.twtrdns.net.,
ns1.p34.dynect.net.,
ns2.p34.dynect.net.,
ns3.p34.dynect.net.,
ns4.p34.dynect.net.
twitter.com104.244.42.6: {"city": "San Francisco", "region": "California", "country": "US", "loc": "37.7749,-122.4194", "postal": "94103", "timezone": "America/Los_Angeles", "asn": {"asn": "AS13414", "name": "Twitter Inc.", "domain": "twitter.com", "route": "104.244.42.0/24", "type": "business"}}
104.244.42.1: {"city": "San Francisco", "region": "California", "country": "US", "loc": "37.7749,-122.4194", "postal": "94103", "timezone": "America/Los_Angeles", "asn": {"asn": "AS13414", "name": "Twitter Inc.", "domain": "twitter.com", "route": "104.244.42.0/24", "type": "business"}}
104.244.42.193: {"city": "San Francisco", "region": "California", "country": "US", "loc": "37.7749,-122.4194", "postal": "94103", "timezone": "America/Los_Angeles", "asn": {"asn": "AS13414", "name": "Twitter Inc.", "domain": "twitter.com", "route": "104.244.42.0/24", "type": "business"}}
ip: {'value': '104.244.42.6', 'count': 92624},
{'value': '104.244.42.1', 'count': 51},
{'value': '104.244.42.193', 'count': 52}
asn: {'value': 'AS13414', 'count': 392693}
ns: {'value': 'twtrdns.net', 'count': 118},
{'value': 'dynect.net', 'count': 181297}
mx: {'value': 'google.com', 'count': 13977803},
{'value': 'googlemail.com', 'count': 5288687}
backlinks: {'value': 'twitter.com', 'count': 18707958}
redirects: {'value': 'twitter.com', 'count': 389612}
2020-11-25T20:10:08Zdomain: twitter.com
rank: 5
url: https://mobile.twitter.com/signup
ip: 104.244.42.6
date: 2020-11-25T20:10:08.708Z
length: 4170
server: tsa_a
encoding: utf8
twitter: signup
title: Twitter
links: