Whois

Going DNS Deep Diving Into GhostCall and GhostHire

A DNS investigation into GhostCall and GhostHire uncovers how BlueNoroff targeted tech leaders and Web3 developers, exposing extensive data theft and a wide malicious infrastructure that included suspicious domains, weaponized IP addresses, and typosquatted assets.

COLDRIVER’s MAYBEROBOT in the DNS Spotlight

Russia-linked threat actor COLDRIVER has revamped its malware into a new backdoor called MAYBEROBOT, targeting NGOs and dissidents. Early DNS signals and IP resolutions reveal a methodically evolving cyber-espionage campaign.

Burrowing Into the Beamglea Campaign DNS Infrastructure

A threat campaign known as Beamglea exploited npm packages to target over 135 companies globally. Researchers uncovered 175 malicious packages, 344 related domains, and dozens of IP-linked artifacts through DNS and WHOIS analysis.

Chasing After RacoonO365 IoCs Using DNS and Domain Intelligence

A coordinated crackdown on RaccoonO365 reveals the scale of phishing-as-a-service operations, as domain and DNS data expose hundreds of linked artifacts and offer a window into the infrastructure of low-skill cybercrime.

Spelunking Into SVG Phishing: Amatera Stealer and PureMiner DNS Deep Dive

Cybercriminals are swapping standard image formats for SVG files to smuggle malware into systems. A detailed investigation uncovered a sprawling network of suspicious domains, IP addresses, and email-linked infrastructure used for espionage and cryptojacking.

Global Domain Activity Trends Seen in Q3 2025

WhoisXML API's Q3 2025 analysis found global new domain registrations dipped 1.2% from Q2, with gTLDs rising and ccTLDs falling sharply. The .cc ccTLD remained an anomaly, and .com led malicious domain activity.

Scouring the DNS for Traces of the Hiddengh0st and Winos SEO Poisoning Campaign

A Chinese-language SEO poisoning campaign has been uncovered, leading users to fake software sites. Investigators linked the scheme to malware variants and uncovered thousands of malicious domains, subdomains, and IP addresses through DNS and WHOIS analysis.

False Positive Rate Reduced to 1.66% on WhoisXML API’s First Watch Malicious Domains Data Feed

WhoisXML API has halved the false positive rate of its malicious domain feed, enhancing detection precision. The update refines machine learning models, promising leaner cybersecurity operations and fewer interruptions from erroneous threat alerts.

Thumbing through the DNS Trail of the TAOTH Campaign

A cyber campaign targeting East Asian elites leveraged fake web services. DNS forensics uncovered suspicious domains, IP links, and signs of future infrastructure repurposing.

Deep Dive: 3 Lazarus RATs Caught in Our DNS Trap

Researchers tracked three Lazarus-linked RATs to a vast DNS network, uncovering dormant domains, geolocated IPs, and artifacts tied to financial and cryptocurrency sector intrusions.