Is this website legit? 👉 https://www.macaissedepargnehautsdefrancemerepond.fr/

At first glance, the domain name looks suspicious. But when we checked Passive DNS data, it turns out the domain has existed for over two years and has been seen before. Was it taken over, or has it always been active?

Interestingly, there’s no login form on the page, which might suggest it’s not part of a phishing campaign.

So… could it actually be legit? Again PassiveDNS helps a lot but sometime creativity in domain creation makes everything uncertain.

🔗 LookyLoo https://lookyloo.circl.lu/tree/79f3d4f0-3e98-426b-a5df-e4b79398200a

#phishing #passivedns #threatintel #cybersecurity

draft-ietf-dnsop-please-stop-overloading-the-PDNS-acronym

#PowerDNS #PassiveDNS #ProtectiveDNS

#Quad9 published their latest cyber threat report for the second half of 2024. Great and concise write-up. A nice illustration on what threats you can derive purely based on #passiveDNS insights:

Trends H2 2024

#DNS #threatintel #infosec

#infosec people, how would an old internal DNS name from my network be something an external host is querying for? i.e. an AWS IP is apparently querying for unifi.int.mydomain.example.org

Updates: yes, leaked a lot via Certificate Transparency, still one internal domain I don't have much of an idea of. Have emailed SecurityTrails, if I'm lucky they'll tell me.

#DNS #PassiveDNS

Recently I was digging in the outliers of DNS resolving from the certificate transparency and there is a hostname which is often hardcoded test.microsoftpki.net but which is giving a NXDOMAIN. Checking the Passive DNS, the domain itself exists and seems to be registered on Microsoft infrastructure

Any clue of the software or service at Microsoft generating certificate with an invalid domain for testing?

#passivedns #dns #certificatetransparency

With OpenAI temporarily halting ChatGPT Plus Subscriptions, we foresee threat actors creating an influx of phishing websites with typo-squatting domain names.

Here are a few from our historical passive dns dataset,

#openai #chatgpt #threatintelligence #passivedns

A new version of the @circl_lu Passive DNS service has been released. The API is backward compatible and version 2.0 includes new functionalities. It has been activated today with new sources.

https://www.circl.lu/services/passive-dns/

#passivedns #ThreatIntelligence #threatintel

I finally updated the old @circl Passive DNS API to version 2.0. The idea is to have a backward compatible API with the standard Common Output Format which was designed years ago. The switch will take over next month in November. If you have an existing access, nothing will change (beside new features and fresher intelligence).

The key features of the new API include support for pagination, making it suitable for handling large data sets, and the ability to filter data based on DNS RR types. This ensures that legacy tools can continue to function seamlessly, while new ones can take advantage of pagination to access larger sets of passive DNS data.

Notably, the back-end infrastructure has also undergone significant changes, providing users with enhanced insights.

The streaming API for contributors will be available at a later stage via CocktailParty.

#passivedns #infosec #stream #threatintel #threatintelligence

Thanks to @gallypette for the collaboration and contribution in the new back-end infrastructure.

Feedback and ideas are more than welcome.

🔗 Draft documentation for version 2.0

Coucou le fédiverse,

J'aimerais savoir quels ont été les adresses IP utilisées par la messagerie d'une ville pour savoir quels fournisseurs de service mail ils ont utilisé.

J'ai entendu parler des services d'historique DNS #passivedns seulement il faut montrer "pattes blanches" dixit @bortzmeyer

Vu que je suis un vilain pirate qui n'a pas vocation à renouveler cette d'analyse, peut-être auriez vous les historiques pour :

MX ville-tours.fr
A smtp.tours-metropole.fr

https://www.bortzmeyer.org/passivedns-cn.html