Cr whois7/27/2023 This proved that .za domain – was hacked. However, upon visiting hxxp://it redirected to a completely different site and numerous ads started to crowd the screen immediately. On visiting the WHOIS server site – hxxp://whoisco.za, it promptly redirected to the legitimate website, –. The fetched results paved the way to further narrow down on the real problem! Scanning The Registry Website So, performing a root cause analysis by installing Brew with an updated version of WHOIS 5.2.12 caused a different result where the client information had been redacted. You guessed it: the results indicated that the domain name had something to do with the issue. Researchers immediately ran a query to dig deeper on "whois .za whois: za.:". Even though all the spam emails looked similar, there was a strong clue at the end of each email redirecting users to another site - "Why would queries go to .za instead of ?" Investigating the WHOIS Server The WHOIS changelog demonstrated a new set of spam links that were included in all outgoing email notifications. WHOIS Server Showed Records of Spam Content But, the changes made in the WHOIS server contained details of what was changed and this was where things got really interesting. A search to locate the official WHOIS server for the client (CNAME .) came back with nothing wrong. co.za is used for a top-level domain official in South Africa. They then included arbitrary and unauthorized ads in this newly purchased old South African WHOIS server records. Research revealed that hackers had taken advantage of customers' domain expiration by purchasing a previously legitimate WHOIS server. Recently, a WHOIS service user got upset about the changes in his records, as well as email notifications he received that were carrying spam content. Yet if website owner is interested in safeguarding their personal information, they are required to purchase the WHOIS server protection service. Simply put, these records are available to everyone to create trust online through the visibility of the website owner's name, address, and phone number. “WHOIS” is a protocol that is used to verify who owns a unique domain name. Yet, shedding light on a black hat tactic used to infiltrate WHOIS results for a domain name is complex and unique, as it is not a common occurrence. SEO spam attacks on compromised websites may be common, as we cover them quite frequently.
0 Comments
Leave a Reply. |