Digging Up Zombie Domains: 3,800 Phishing Hosts>
Cybercrime Magazine – Jonathan Zhang
Historical WHOIS information can uncover investigative breadcrumbs that are otherwise hidden Researchers at WhoisXML API performed a digital footprinting analysis of more than 3,800 verified phishing hosts using historical WHOIS data. The key findings of our downloadable white paper âDigging Up Zombie Domains: What WHOIS History Reveals about 3,800+ Verified Phishing Hostsâ include the following: Phishing hosts can be both new and old domains, though our data shows that around 51 percent of them were more than a year old when they were reported on PhishTank. A quarter of them were created more than a decade ago. Available domains may have a malicious past. About 46 percent of the phishing hosts are available for registration despite having been used by threat actors between March 1 and May 31, 2020. The breadcrumbs the phishing domains left found through WHOIS history checks led us to more than 5,000 additional potentially risky or suspicious domains. All TLDs, regardless of registry and registrar, are prone to abuse. The phishing hosts in our study mostly fell under .com, .net, .co, .ru, and .org. Of the 3,870 unique phishing hosts PhishTank verified in June 2020, WHOIS history checks uncovered 1,421 unique registrant email addresses used when the domains were first created. More than half of them were unredacted, possibly since they were registered prior to the implementation and global repercussions of the General Data Protection Regulation (GDPR).
Link: https://cybersecurityventures.com/digging-up-zombie-domains-3800-phishing-hosts/