Examining WoofLocker under the DNS Lens | WhoisXML API

Threat Reports

Examining WoofLocker under the DNS Lens

As far as scams go, WoofLocker has probably proven that staying in the game is possible with continuous improvement. The latest trick up its sleeve? The addition of traffic direction to ongoing schemes.1

AlienVault OTX compiled 784 indicators of compromise (IoCs) over the course of WoofLocker’s eight years of operation.2 Apart from identifying unreported connected artifacts, we at WhoisXML API also sought to determine if the threat actors employed various providers, maintained a well-dispersed infrastructure, and compromised sites other than those hosting adult content.

Our WoofLocker DNS deep dive found:

  • 17 unreported IP addresses to which some domains identified as IoCs resolved
  • 1,194 unpublished domains that shared some of the IoCs’ dedicated IP hosts
  • 18 malicious IP-connected domains based on a bulk malware check

Want to know the answers to the questions we posed? Read the report now.

Download a sample of the threat research materials now or contact us to access the complete set of research materials.

  • [1] https://cyware.com/news/behind-wooflocker-long-running-traffic-diversion-scheme-3efe7ca0
  • [2] https://otx.alienvault.com/pulse/64dfd29554e9c5d8f20d71d2
Try our WhoisXML API for free
Get started