jira-projects/ADBLK#3: Adcash Domains

Issue Information

Issue Type: issue
Status: closed
Reported By: btasker
Assigned To: btasker

Created: 10-Jun-22 18:32



Description

There have been a number of adcash domains added in the last few days - it looks like they've got a new campaign running using a bunch of domains registered in the last month or so.

Figure it's probably worth profiling them to see whether we can identify more



Toggle State Changes

Activity


10-Jun-22 18:32

assigned to @btasker


10-Jun-22 18:36

Today I've added dwirow.com which has contact details for adcash in the whois. A domain I added the other day (vibuin.com) has the same details.

So, I think if we want to try and identify domains we want to look for

  • Registrar is NAMECHEAP INC
  • Registration email redacted
  • Nameserver dawn.ns.cloudflare.com and will.ns.cloudflare.com
  • Tech Country: EE

10-Jun-22 18:56
verified

mentioned in commit e841c107f66655493a2ec2393778187f0b5f22fc

Commit: e841c107f66655493a2ec2393778187f0b5f22fc 
Author: B Tasker                            
                            
Date: 2022-06-10T19:56:04.000+01:00

Message

Add a full list of adcash domains for jira-projects/ADBLK#3

+191 -22 (213 lines changed)

10-Jun-22 19:08

I've been able to identify about another 39 domains through that method.


10-Jun-22 19:16

The list is clearly incomplete though - neither soluth.com or exchak.com currently appears in it, and they're known examples.

It was a bug in my utility, I've fixed it

$ find_domains_by_email.py $email $key > adcash2.txt
$ wc -l adcash2.txt 
709 adcash2.txt

10-Jun-22 19:17
verified

mentioned in commit a58855ed82f7db4498ba82a3c17fd570b43eb62f

Commit: a58855ed82f7db4498ba82a3c17fd570b43eb62f 
Author: B Tasker                            
                            
Date: 2022-06-10T20:17:10.000+01:00

Message

Update the list of adcash domains for jira-projects/ADBLK#3

+2237 -2 (2239 lines changed)

10-Jun-22 19:19

Ahh, soluth.com was only registered yesterday so probably won't appear in the domain list yet, exchak.com is only about a week old too.

I'll add those manually


10-Jun-22 19:20
verified

mentioned in commit 3ca14681c09eb5f95610d4cc253925a509ef08da

Commit: 3ca14681c09eb5f95610d4cc253925a509ef08da 
Author: B Tasker                            
                            
Date: 2022-06-10T20:20:24.000+01:00

Message

Manually add newer adcash domains for jira-projects/ADBLK#3

+12 -2 (14 lines changed)

10-Jun-22 19:24

I'm not getting any more new domains showing up at the moment, I'll close this as done for now.