Tracing Connections to Rogue Software Spread through Google Search Ads | WhoisXML API

Threat Reports

Tracing Connections to Rogue Software Spread through Google Search Ads

Bleeping Computer’s analysis of a recent malicious campaign targeting users looking for open-source software download sites publicized 68 domains as indicators of compromise (IoCs).1

WhoisXML API researchers expanded that list aided by WHOIS and DNS intelligence and uncovered 800+ more artifacts, including 36 malicious web properties. These are:

  • Two unredacted registrant email addresses from the IoCs’ current WHOIS records that led to 18 email-connected domains
  • Two IP addresses to which the IoCs’ resolved, both of which were found malicious
  • 329 IP-connected domains, five of which turned out to be malicious
  • 84 string-connected domains, two of which were malicious
  • 387 domains that contained the 11 software brands the attackers targeted, 27 of which were confirmed malware hosts

Download a sample of the threat research materials now or contact us to access the complete set of research materials.

  • [1] https://www.bleepingcomputer.com/news/security/hackers-push-malware-via-google-search-ads-for-vlc-7-zip-ccleaner/
Try our WhoisXML API for free
Get started