DNS Investigation: Is xDedic Truly Done for After Its Takedown? | WhoisXML API

Threat Reports

DNS Investigation: Is xDedic Truly Done for After Its Takedown?

At the height of xDedic’s popularity in 2016, it was said to have provided cybercriminals access to 85,000 hacked web servers.1 In early 2019, however, law enforcement agents from all over the world teamed up and took the cybercrime-as-a-service (CaaS) marketplace down. Are all of its traces gone from the DNS?

WhoisXML API sought to find out by expanding a list of 19 xDedic indicators of compromise (IoCs). Our in-depth analysis led to the discovery of:

  • 15 email-connected domains, one of which turned out to be malicious
  • 126 IP-connected domains, one of which turned out to be malicious
  • Nine string-connected domains

Download a sample of the threat research materials now or contact us to access the complete set of research materials.

  • [1] https://www.zdnet.com/article/authorities-shut-down-xdedic-marketplace-for-buying-hacked-servers/
Try our WhoisXML API for free
Get started