The TIP research team recently discovered a phishing operation that could be amassing .com domains for phishing attacks. We sought to find as many potentially connected artifacts to a single indicator of compromise (IoC)—an email address—via a DNS intel deep dive.
Our in-depth analysis led to the discovery of:
- 507 domains registered using the email address identified as an IoC in the past decade or so, 60 of which turned out to be malicious based on a bulk malware check
- 99 IP addresses to which the email-connected domains resolved, 40 of which turned out to be malicious based on malware checks
- 1,721 domains that shared the possibly dedicated hosts of the email-connected domains, 19 of which turned out to be malicious based on a bulk malware check
Download a sample of the threat research materials now or contact us to access the complete set of research materials.