Malicious actors are constantly on the lookout for new ways to run different scams or promote harmful content. One such way is to purchase previously owned domains without a bad history. Once up for sale, these seemingly ‘safe’ domains are acquired and then used to pass themselves off as legitimate businesses (brand impersonation), to drive traffic to websites with illegal or harmful content (SEO manipulation), or to trick users into divulging personal information (phishing). Thus, they are a valuable commodity to cyber criminals and, at the same time, a challenge for cybersecurity products to detect.
Take, for instance, ‘crossoverscholarshipfund.org’: a website that supposedly grants scholarships to students in Oklahoma. However, things are not exactly as they appear to be. A closer inspection of the page’s source code reveals that it contains an outlink leading to ‘jasontknight.com’: another website whose domain ownership was transferred in 2022 and got redirected to a different IP address to be later used to host pornography and gambling content!
*Image info: Source code containing an outlink to a porn website
*Image info: Ownership transfer of the domain in question
That is how easily a once-safe domain can be compromised and put other websites containing outlinks to it in jeopardy. Outdated DNS security solutions and domain lookup tools often fail to make these subtle distinctions, as evident from the following pictures still classifying ‘jasontknight.com’ under the Personal Blogs category.
*Image info: Outdated classification of the said website by conventional tools
The constantly updated categorisation system of DNSSense has the ability to take a deep dive into a domain’s profile and identify instantly whether it has been compromised by threat actors. Cyber X-Ray, DNSSense’s powerful AI-driven database, accurately reports ‘jasontknight.com’ to have porn and gambling content.
*Image info: Cyber X-Ray classifying ‘jasontknight.com’ under the Malicious category
As a result, ‘crossoverscholarshipfund.org’ has received a low Security Score and been classified under the Malicious category.
*Image info: Cyber X-Ray classifying ‘crossoverscholarshipfund.org’ under the Malicious category
DNSSense has so far detected 5 million domains of such nature, ensuring its users that they can browse the internet safely without having to worry about these hidden vulnerabilities.
Get to know more about Cyber X-ray, world's most advanced dynamic threat intelligence!
Cyber X-Ray, developed by DNSSense, allows you to classify internet domains using artificial intelligence algorithms that analyse over 850 historical and relational data points in order to protect against malicious domains, generate contextual domain reports, and perform dynamic monitoring.
Try Cyber X-Ray at cyber-x-ray.com now and for free!
*HUB 53® is a dedicated team within the artificial intelligence and research team of DNSSense. It focuses on specific investigations, case studies, reports, and findings studies as a team.