NSO Group Spyware Pegasus in Focus | WhoisXML API

Threat Reports

Through the Spyglass: NSO Group Spyware Pegasus in Focus

The NSO Group gained infamy for its proprietary spyware Pegasus. In 2021, in fact, Apple sued the company for its alleged ties to threats targeting its service and device users.1

Pegasus has been known to target dissident journalists, bloggers, and researchers. If you belong to this category and wish to steer clear of all possible indicators of compromise (IoCs) and artifacts, our detailed threat research materials may be able to help.

Building on research conducted by WhoisXML API DNS Threat Researcher Dancho Danchev, our deep dive into the threat revealed:

  • A number of personal email addresses used to register the domains identified as IoCs in publicly accessible threat intelligence sources that led to the discovery of 10,000+ other domain names
  • Close to 100 IP addresses the domain IoCs resolved to, which led to the discovery of another 300+ possibly connected domain names
  • Several malicious web properties from among those we uncovered in our analysis

Download Danchev’s OSINT analysis and associated threat research materials to access a sample of the complete list of identified artifacts used to conduct additional enrichment and threat analysis. For full data access and enterprise commercial enquiries, please contact us.


  • [1] https://www.apple.com/newsroom/2021/11/apple-sues-nso-group-to-curb-the-abuse-of-state-sponsored-spyware/
Try our WhoisXML API for free
Get started