|
Fake news and disinformation have been significant issues for some time now, even urging the U.S. government to push back against proliferators who, some opine, do the malicious deed for political or financial gain. Amid this scenario, many have begun doubting what’s real and what’s not on the Web not just in the U.S. but worldwide.
In an effort to help U.S. law enforcement agencies out, WhoisXML API threat researcher Dancho Danchev compiled an exhaustive list of known and yet-unknown fake news and disinformation domains and other web properties.
We used several WHOIS, domain, DNS, and other threat intelligence tools in our deep dive, which uncovered:
As part of our ongoing effort to enable cybersecurity analysts and researchers to further their studies, we collated the pertinent data and made it available to anyone interested. You may download Danchev’s research and related threat research materials here.
We began our in-depth analysis of ongoing fake news and disinformation campaigns by collating 1,329 domains that were publicized as IoCs. Examples include:
A bulk WHOIS lookup for the domain IoCs provided us with 47 personal email addresses that were used to register them. A closer look at their WHOIS records revealed they were distributed across 105 registrars, topped by GoDaddy, LLC, NameCheap, Inc., and Network Solutions, LLC.
Using the email addresses as reverse WHOIS search terms, we obtained 30,564 possibly connected domains, including:
DNS lookups for the domain IoCs, meanwhile, led to the discovery of 2,247 IP address resolutions, 18 of which were dubbed “dangerous” by various malware engines, namely:
We then subjected the IP addresses to reverse IP lookups, which uncovered an additional 4,637 potentially connected domains. Examples include:
Of the possibly connected domains subjected to malware checks via the Threat Intelligence Platform (TIP), 191 were dubbed “malware hosts,” including:
Our in-depth analysis of the known fake news and disinformation campaign domains led to the discovery of more than 35,000 web properties that could be tied to the threat. Steering clear most especially of the malicious domains and IP addresses is recommended.
If you wish to perform a similar investigation, please don’t hesitate to contact us. We’re always on the lookout for potential research collaborations.
Sponsored byVerisign
Sponsored byDNIB.com
Sponsored byRadix
Sponsored byWhoisXML API
Sponsored byVerisign
Sponsored byCSC
Sponsored byIPv4.Global