To propagate cyberattacks, threat actors use domain generating algorithm (DGA) as an evasion tactic. This algorithm, executed through various subroutines, involves switching or dropping thousands of domains in seconds.
The relative ease with which cybercriminals can purchase domains in bulk makes it possible for them to accomplish DGA-enabled attacks. Dirt-cheap prices and lack of identity verification enable hackers to own domains while also staying anonymous.
In fact, registrars typically offer privacy protection services at a small cost or for free, which nefarious actors may take advantage of to conceal their location and details. Additionally, the introduction of the Temporary Specification for Generic Top-Level Domain (gTLD) data has led to masking or redacting WHOIS data, which, of course, benefits not just those who wish to protect their privacy, but also those with malicious intent.Continue reading
It can be said without a doubt that businesses of the 21st century are all geared towards the internet. With rapid advancements in digital technology and the exponential growth of the online ecosystem, it hardly comes as a surprise that businesses have to maintain a considerable presence on the web in order to cater to the needs of the online population. Apart from this, the rapid proliferation of the internet into even the most remote corners of the world has opened up new business avenues and markets that were previously difficult to access, or even altogether unavailable for business. This has naturally incentivized businesses to move online.
However, as with everything, there is a flipside to this as well. According to the latest statistics there are currently well over 1 billion websites on the internet, and this number is growing every second. This creates an environment where much of the business interactions are carried out on digital platforms. As a result, the requirement for trust establishment becomes a vital factor in the scheme of things. When you are dealing with an online entity it helps to know the person behind the (web) page.
Bulk Whois API is our latest endeavour to help you do exactly that, and more.Continue reading
Threat hunting involves proactively looking for signs of attack within your network, by means of a set of indicators of compromise (IoCs). These IoCs are compared with network access logs to pinpoint if any of the users are unauthorized. More specifically, threat hunters can use Domain Name System (DNS) and firewall logs to list all IP addresses and domains connected or trying to gain access to the network.
This is relevant because many attackers typically hide malicious traffic within legitimate traffic to successfully infiltrate a target network. Once that is done, they can easily carry out the rest of the steps in their carefully orchestrated attack. Attackers will generally wish to gain command and control (C&C) of a system to gain entry into connected systems and devices. When that’s done, they can move laterally throughout the network and exfiltrate data to their own remote servers. Since they are using compromised systems, the C&C traffic typically goes undetected.
However, anomalies such as when a system that is not designed to upload data to servers but does so anyway can be indicative of an ongoing attack that threat hunters should look into.Continue reading
In this series of blogs, we investigate the background of individual spam mail cases. By using tools provided by WhoisXML API: the domain reputation, WHOIS, and e-mail verification APIs, we unfold the background of these messages. This approach also reveals interesting details about the behavior and habits of spammers and cybercriminals using e-mail, typically for phishing.Continue reading
In spite of all the effort e-mail providers put in worldwide, every user receives a tremendous amount of unwanted and malicious mail to any e-mail account. It is indeed annoying, but let's look on the bright side: we can use these examples to demonstrate how useful the APIs by WhoisXML API can be in the battle against unwanted spam e-mails. In today's example we'll be using the e-mail verification API, the domain reputation API and the WHOIS API to analyze a spam email message which was not caught by a well-configured open-source spam filtering system.Continue reading
We work hard to improve our services for you. As part of that, we welcome your feedback, questions and suggestions. Please let us know your thoughts and feelings, and any way in which you think we can improve our product.
For a quick response, please select the request type that best suits your needs. For more info regarding the request types, see the Contact us page.