Whois

Are There More Properties Connected to the Pareto Botnet?

The Pareto botnet, known for using almost a million infected Android devices to spoof people seemingly watching ads on smart TVs, was reportedly taken down recently through the collaboration of industry players, notably Roku and Google.

A Look Back at the 2016 U.S. Elections-Related Attacks

The 2016 U.S. elections sparked a lot of controversies, as several law enforcement agents and security researchers believed countries like Russia may have greatly influenced its turnout. We sought to find out more about it via an OSINT analysis using various domain and IP intelligence tools.

WhoisXML API Enriches Its DNS Database Download Capabilities

WhoisXML API's repository of historical Domain Name System (DNS) lookup records continues to grow in volume and coverage. The DNS database download service has recently been expanded to now include six types of DNS databases.

A Glimpse of Big Telcos’ Domains and Subdomains Footprints

Telecommunications companies are a favored cyberattack target. After all, telcos build, control, and operate critical infrastructure that almost everyone uses to communicate. They also store large amounts of sensitive data that could easily be exploited when falling into the wrong hands.

Emotet Botnet Reconnaissance: What’s the Latest?

Emotet traces its origin as far back as 2014, when its simplest form as a banking Trojan first made the headlines. Over the years, its creators have constantly improved the malware, a popular malware-as-a-service (MaaS) offering in cybercriminal underground fora.

Top Music Streaming Services: What’s Their Potential Domains & Subdomains Attack Surface?

Content streaming services are no stranger to cyberattacks, and the recent Spotify squatting campaign reported by IBM X-Force Exchange is proof of that. Spotify, however, is not alone on the boat, as many other streaming services have fallen prey to attacks over the years.

More from DarkSide? We Ran an Analysis of Additional Identified Artifacts

On 14 May 2021, Analyst1 security researchers released a detailed report on the DarkSide cybercriminal gang, which is believed to be responsible for ransomware attacks targeting the Colonial Pipeline. Part of the report was several indicators of compromise (IoCs), specifically 41 malware hashes, two domains, and three IP addresses.

ZeuS, Still Alive and Kicking in the Form of Jabber ZeuS?

ZeuS malware traces its origin as far back as 2006, when it was used to steal victims' online banking credentials. In 2011, its source code was leaked on a file-sharing site and quickly spread throughout various underground fora.

Using IP Geolocation Data to Support Regulatory Compliance

Complying with strict data privacy regulations like the General Data Protection Regulation (GDPR) is a must do. Violators can get penalized as much as €10 million or 2% of their annual turnover. This reality makes it critical for organizations, therefore, to employ strict employee, customer, and stakeholder data management policies.

Why Are Seemingly Intranet Pages Exposed on the Internet?

Intranets are by definition meant for internal use only -- employee communication, content management, and the like. They are part of the Deep Web where search engines can't index sites, and unauthorized people shouldn't be able to access them.