Behind the Bylines of Fake News and Disinformation Pages | WhoisXML API

Threat reports

Read other reports

Behind the Bylines of Fake News and Disinformation Pages

Download PDF

Fake news and disinformation campaigns pose real risks to nations worldwide as evidenced by research done by Statista.1 Their peddlers’ motivation? Political and financial gain, according to some opinions.2

In an effort to provide U.S. law enforcement agencies with actionable intelligence, WhoisXML API threat researcher Dancho Danchev scoured the Web for as many potentially connected digital properties as possible.

Our deep dive into the threat revealed:

  • 1,329 domains that have been publicized as indicators of compromise (IoCs) that led to the discovery of close to 50 personal email addresses that were used to register them
  • Nearly 35,000 domains that could potentially be tied to ongoing fake news and disinformation campaigns given that they share registrant email addresses or IP addresses with the domain IoCs, hundreds of which were dubbed “malware hosts”
  • More than 2,000 unique IP addresses to which the domain IoCs resolved, almost 20 of which were found malicious

Download the threat research materials now to access Danchev’s research and the complete list of identified artifacts used to conduct additional enrichment and threat analysis.

  • [1] https://www.statista.com/chart/18343/share-concerned-about-what-is-real-and-fake-on-the-internet/
  • [2] https://www.nytimes.com/2022/03/07/opinion/cheap-speech-fake-news-democracy.html
Download PDF Read other reports
Try our WhoisXML API for free
Get started