While threat hunting has become quite challenging, partly because of WHOIS data redaction, the DNS continues to provide clues. - by whoisxmlapi dns maliciousdomains
No one is as excited about opening a can of worms as people in the cybersecurity community, including us. While threat hunting has become quite challenging, partly because of WHOIS data redaction, theIn this post, we intend to demonstrate how one malicious domain can lead to multiple other dangerous web properties using the, a 9-in-1 domain search and monitoring platform.
We started our investigation with the domain deliveryrescheduled-auspost[.]com, which seemingly targeted Australia Post customers. We ended up with 1,871 suspicious domains. Here's a step-by-step guide on how we did the investigation.The first step is to ensure the suspected domain name has indeed been reported as malicious. We used thefor that. The tool’s malware database check detected that deliveryrescheduled-auspost[.]com is indeed dangerous to access.
But even when a suspicious domain hasn’t been reported by malware engines yet, you can follow your gut and proceed to the next step.Now that the domain’s nefarious nature has been confirmed, we can dig deeper by looking at its WHOIS records. For that, we usedAt first glance, we can deduce from the website screenshot that the operators installed the NGINX web server software. However, the corresponding configuration hasn’t been completed yet or the website may have been taken down.
Either way, you can scroll down the WHOIS search results until you find the Registrant Contact details.The WHOIS records of deliveryrescheduled-auspost[.]com are unredacted, so you can pivot off one data point to retrieve other domains registered using the selected registrant information. In this demonstration, we chose the registrant’s email address.This action returned 1,712 domain names with the same email address in their current WHOIS records.
Note that selecting Build historic Reverse WHOIS report would give you the historical footprint for that email address, which in turn returns an additional 200 or so domains.Aside from WHOIS-connected domains, we can also retrieve a list of digital properties that resolve to the malicious domain’s IP address. To do that, go toWe found 159 domains that shared the IP host of deliveryrescheduled-auspost[.]com. That brings the total number of currently related domains to 1,871.
Canada Latest News, Canada Headlines
Similar News:You can also read news stories similar to this one that we have collected from other news sources.
Chemists Discover Why Synonymous DNA Mutations Are Not Always SilentModeling shows how genetic changes that don’t lead to changes in protein sequence can still alter protein function. New modeling shows how synonymous mutations — those that change the DNA sequence of a gene but not the sequence of the encoded protein — can still impact protein production and func
Read more »
Scientists Discover That Reduced Activity and High Sugar Consumption Is Worse for Men Than WomenThe study involved short-term exposure to decreased activity and increased sugar intake. New research from the University of Missouri School of Medicine provides the first evidence in humans that short-term lifestyle changes can disrupt the response to insulin in blood vessels. It is also the first
Read more »
Researchers discover never-before-seen mechanism bacteria use to resist antibiotic treatmentResearchers from Telethon Kids Institute discovered a previously unknown mechanism used by bacteria to resist antibiotic treatment.
Read more »
How to find your Spotify WrappedDiscover your listening habits with Spotify Wrapped.
Read more »
Scientists Discover a Unique Gut Bacteria That May Cause ArthritisA bacterium has been identified by the CU Division of Rheumatology that may trigger rheumatoid arthritis in those who are already at risk. Researchers at the University of Colorado School of Medicine have found that a unique bacteria found in the gut may be responsible for causing rheumatoid arthri
Read more »
New telescope seeks to discover if we are alone in universe | Digital TrendsThe world's largest radiotelescope – currently under construction in Australia – could potentially track down alien life in the universe.
Read more »