|
Cyber attacks can come from practically any angle, and more often than not, it’s hard to see them coming without knowing all there is to know about a domain’s WHOIS history and connected domain entities. Several aspects come into play in this scenario, one of which is old and forgotten pages on a website.
While many website owners believe these are harmless, that may not be the case, and we’ll show why in this post with the help of WhoisXML API‘s WHOIS history and other tools.
The older a website is, the more content cyber attackers can take advantage of. Why? Simply because over time, it’s only natural for site administrators to come and go and let’s face it, the more pages there are on a website, the more likely several of them don’t get adequately documented. Take a site like cnn[.]com, for instance. It has been online since 1993.
Given its nature, cnn[.]com gets updated multiple times a day or even an hour, especially when there are breaking news stories. With an operation that comprises two dozen branded networks and 1,000 affiliates worldwide, including digital channels, CNN naturally has a massive web infrastructure. Tracking all of its web properties is a huge responsibility, and some pages may fall into the cracks undetected.
We looked at just how big an infrastructure using WHOIS history and subdomains lookup tools and here’s what we found:
To date, cnn[.]com has 19 historical records, 4 domain registrants, and undergone 376 domain-related changes.
The domain uses these details in its latest WHOIS record dated 22 August 2020:
We used the registrant details obtained via Reverse WHOIS Search’s advanced tool to get a list of all domains that share them. That would give us an idea of how significant CNN’s web presence is. We limited our search terms to those that could be clearly identified as owned by the company (i.e., domain name, registrant organization, and email and street addresses) and chose to include all historical records.
We got a list of 777 domains containing all of the search terms we entered. It’s safe to say CNN owns all of these. Note that some of them have misspellings and used a different top-level domain (TLD) such as ccnnews[.]net, ccnn[.]net, and ccnnewsstand[.]com. CNN most likely registered these domains as part of its anti-typosquatting domain strategy.
Now that we have an extensive list of CNN’s existing domains, we can move on to determining how many subdomains or pages it maintains. We ran cnn[.]com, for example, on Subdomains Lookup and ended up with a list of 326 subdomains.
Taking a closer look, the subdomain salute[.]blogs[.]cnn[.]com was last updated on 21 October 2019. Visiting the subdomain would result in an “unknown domain error” by Fastly, a content delivery network that CNN may have used in the past.
Such occurrence can be problematic since according to DNS Lookup, salute[.]blogs[.]cnn[.]com points to hlntv[.]com, CNN’s cable news channel. The domain redirects to https[:]//edition[.]cnn[.]com/specials/videos/hln.
Since it appears that salute[.]blogs[.]cnn[.]com is no longer in use, CNN may be safer if the subdomain is removed, along with other subdomains that are no longer in service.
Global brands have a responsibility to their employees, consumers, and stakeholders. That extends to keeping the personally identifiable information (PII) of its employees and visitors, not to mention its reputation, safe from the repercussions of a cyber attack.
A thorough WHOIS history check combined with a subdomains lookup can help with that, as it gives organizations a starting point to establish its entire digital footprint. Any of its domains and subdomains, if left insufficiently protected, can serve as an entry point for an attacker.
Sponsored byRadix
Sponsored byVerisign
Sponsored byIPv4.Global
Sponsored byVerisign
Sponsored byCSC
Sponsored byDNIB.com
Sponsored byWhoisXML API