Threat Intelligence

DIY Web Attacks Might Still Live on via WebAttacker

Age is rarely an issue when it comes to malware campaigns, and that's certainly true for WebAttacker. WebAttacker is a do-it-yourself (DIY) malware creation kit that became popular back in 2006. It was the first exploit kit made available to cybercriminals in the Russian underground market for as little as US$20. more

Exposing a Currently Active Ashiyane Digital Security Domain Infrastructure

The infamous gray hat security company Ashiyane Digital Security Team has gone back online in 2021. At that time, WhoisXML API threat researcher Dancho Danchev exposed more than 100 domains belonging to the group. This analysis was recently expanded to further explore the Iran-based threat group's Internet-connected infrastructure. more

What Is the Current State of Malicious PPI Businesses and Affiliate Networks?

Pay-per-install (PPI) businesses and affiliate networks made for a booming cybercriminal underground market from 2008 to 2013. Buoyed by the proliferation of fake antivirus (FakeAV) peddlers, operators made staggering profits from the sale of rogue security software.
 more

From Counterfeiting to Phishing: Cybersquatting Properties Target Network Device Makers

Early last July 2022, news broke out about the arrest of a CEO who allegedly sold fake Cisco networking devices. While he used e-commerce sites as sales channels, the idea that counterfeit products are also peddled through cybersquatting domains is not too far-fetched. more

Q2 2022 Domain Registration Trends Report

We tracked the digital spillovers of the Russia-Ukraine war two weeks after it began and saw how the news was reflected in domain registrations. We also noticed that even this year’s Oscars slapping incident drove relevant domain registrations. more

Is Monkeypox Following COVID-19’s (Digital) Footsteps?

The public attention COVID -- 19 got was truly reflected in the Domain Name System (DNS). And Monkeypox seems to be following the trail the pandemic blazed, though to a smaller extent, as threat actors seem to be using it as the latest phishing lure. How has this new virus been affecting domain registration? more

WhoisXML API Expands DNS Database Coverage and Adds New Record Type

AAAA and PTR records were added to WhoisXML API's DNS Database Download's existing pool of six DNS record types (i.e., A, MX, NS, TXT, CNAME, and SOA records). All these records are now updated daily, making the database more up-to-date and relevant in supporting security processes. more

Have You Seen These Roaming Mantis Connected Artifacts Wandering into Your Phone?

A financially motivated threat group called "Roaming Mantis" was seen targeting Android and iOS device users through malicious SMS communications. The messages sent Android phone users to download pages while iOS users were redirected to credential-stealing login pages. more

Profiling the Threat Actor Known as “Hagga” and His Work

Agent Tesla, an infamous data stealer, has been plaguing Internet users since 2014. Much has been revealed about the malware, but the world didn't come to know about one of its more adept campaign perpetrators -- Hagga -- until last year. more

Beauty and the Beast: Are These Domains Possible Vehicles for Cosmetic Product Counterfeiting?

Months after TikTok launched its marketplace in September 2021, several users have raised concerns about the authenticity of the products they purchased. The complaints mainly pertain to beauty products, such as sunscreens, lip glosses, and makeup brushes. Aside from being ripped off, consumers may be exposed to more danger. more