From 0d5c192809fa991db54a171cf93cfc7f2ecfd57f Mon Sep 17 00:00:00 2001
From: Joas A Santos <34966120+CyberSecurityUP@users.noreply.github.com>
Date: Tue, 16 Dec 2025 21:04:59 -0300
Subject: [PATCH] Create prompt-03

---
 Blue Team/prompt-03 | 13 +++++++++++++
 1 file changed, 13 insertions(+)
 create mode 100644 Blue Team/prompt-03

diff --git a/Blue Team/prompt-03 b/Blue Team/prompt-03
new file mode 100644
index 0000000..3b6fbc1
--- /dev/null
+++ b/Blue Team/prompt-03	
@@ -0,0 +1,13 @@
+Investigate the domain behind this URL as a threat hunter: <URL or DOMAIN>
+
+Provide:
+- Registrant/age heuristics (newly registered? likely disposable?)
+- DNS posture: A/AAAA, MX, TXT/SPF/DMARC, NS patterns, fast-flux signs
+- Certificate/TLS hints (issuer, validity, SANs) and what to pivot on
+- Similar domains / typosquat possibilities (what to look for internally)
+- Recommended detections (SIEM queries ideas)
+Output as:
+1) Key Observations
+2) Pivots (what else to search for)
+3) Detection Opportunities
+4) Recommended Response