Rogue Bulletproof Hosts Still Alive and Kicking as DNS Intel Shows | WhoisXML API

Threat Reports

Rogue Bulletproof Hosts May Still Be Alive and Kicking as DNS Intel Shows

Today’s more advanced cybersecurity solutions and measures have pushed cybercriminals and other threat actors to go deeper underground. Hence the rise in their use of bulletproof hosting services.1

WhoisXML API threat researcher Dancho Danchev recently amassed 308 domains that could belong to rogue bulletproof hosting service providers. Our research team sought to uncover unidentified potentially connected artifacts in an effort to make the Internet safer and more transparent aided by our comprehensive DNS intelligence.

Our in-depth analysis found:

  • 808 email addresses in the domains’ historical WHOIS records, 138 of which were public
  • 1,103 email-connected domains, 10 of which turned out to be malicious based on a bulk malware check
  • 517 private IP addresses that hosted the domains identified as indicators of compromise (IoCs), 14 of which were classified as malicious based on malware checks
  • 4,028 IP-connected domains, seven of which were tagged as malicious based on a bulk malware check

Download a sample of the threat research materials now or contact us to access the complete set of research materials.

  • [1] https://www.trendmicro.com/vinfo/us/security/news/cybercrime-and-digital-threats/inside-the-bulletproof-hosting-business-cybercrime-methods-opsec
Try our WhoisXML API for free
Get started