DomainTools 101: Blocking and Tackling Bad Domains
ID: 575404e8-c633-55ed-9c5a-f48d5e89e350
STIX ID: report--575404e8-c633-55ed-9c5a-f48d5e89e350
Feed Name: DomainTools
Threat Score
This DomainTools investigation describes uncovering a malvertising campaign where an attacker reused an expired brand domain to distribute malware; using reverse-IP pivoting and a reputation/risk score engine the analyst identified additional domains and infrastructure (including an IP hosting multiple malicious domains) and recommends blocking the discovered domains, searching internal logs for indicators, and enabling monitoring of registrants, name servers, and IPs to detect and prevent further activity.
Your team is not currently subscribed to this feed. You must subscribe to it in order to see this post.