Returned search data
Learn about how Validin categorizes data generated from a Global Search
Validin Global Search results are organized into data categories that reflect the type of information available for the input being searched.
Each category is presented as a tab in the results view. The tabs you see depend on the input type (for example, domains, IP addresses, or hashes), as not all data sources apply to every indicator.
This article explains the data categories that may appear after a search and how they differ based on input.
NoteNot all tabs are available for all inputs. For example, IP address searches do not return Certificate Transparency data, while domain searches do.
Summary
The Summary tab provides a high-level view of the searched indicator and acts as a starting point for navigation.
It typically includes:
- Basic indicator details (domain, IP, or hash)
- Project membership status
- Usage context (how the indicator is interpreted)
- Informational hints such as estimated pivot counts
- Quick links to jump into other data categories
The Summary tab does not replace detailed data views but helps orient analysts before deeper review.
OSINT
The OSINT tab shows references to open source intelligence sources where the indicator has been observed or referenced.
This may include:
- Threat feeds and warning lists
- Research repositories
- Popularity and ranking datasets
- Public reporting and community intelligence
Each entry includes first seen, last seen, and source attribution.
NoteOSINT data provides external context and references. It is presented alongside first-party data and does not imply automated scoring.
Resolutions
The Resolutions tab shows DNS resolution history associated with the indicator.
For domains, this includes:
- Historical A and AAAA resolutions
- Nameserver relationships
- First seen and last seen timestamps
For IP addresses, this includes:
- Domains that have resolved to the IP
- Resolution timelines across domains
This tab is commonly used to understand hosting history and infrastructure reuse.
Subdomains
The Subdomains tab lists known subdomains associated with a parent domain.
Each entry includes:
- Subdomain name
- Observation timestamps
- Count of observations
This tab is only available for domain searches.
DNS Records
The DNS Records tab provides enumerated DNS record data beyond simple resolution.
Examples include:
- MX, TXT, CNAME, SOA, and NS records
- Record values and types
- Historical observation windows
This tab helps analysts understand configuration and delegation details.
Host Connections
The Host Connections tab shows relationships inferred from network-level and certificate-based observations.
Examples include:
- Certificate-domain associations
- Linkage between hosts and IPs
- Cross-host relationships derived from observed artifacts
This tab is available for domains, IPs, and some hash-based searches.
NoteHost Connections focus on relationships, not content. Detailed response artifacts are shown in Host Responses.
Host Responses
The Host Responses tab contains HTTP and HTTPS response data collected by Validin.
This may include:
- Response status and headers
- Request paths
- Page titles
- Bytes received
- Observation timestamps
Host Responses are collected using an emulated client and represent how infrastructure responds when accessed.
This tab is available for domains and IP addresses.
CT Stream
The CT Stream tab shows Certificate Transparency observations for domains.
It includes:
- Certificate fingerprints
- Common Names and SANs
- Validity periods
- Observation timestamps
This tab is only available for domain-based searches.
Registration
The Registration tab shows historical WHOIS and RDAP data where available.
It may include:
- Registrar information
- Registration and expiration dates
- Change timestamps
- Historical record counts
This tab is available for domain searches only.
Updated 23 days ago