Orphaned domains like this are interesting, there was a defcon talk, I think, where the presenter bought a bunch of blacklisted orphaned domains just to see if anything would try and connect to them. They got hit with so many botnet clients trying to phone home.
Yeah those orphaned domains are a goldmine for security researchers, there was a similar talk at blackhat where they showed how expired domains from major companies still recieved auth tokens and sensitive data for months after expiry.
Orphaned IPs as well. If you have an IPv4 from your cloud provider and you want to retire it, you should thoroughly scrub your DNS and all other configs before doing so. Otherwise it’s trivial for someone else to spin up a machine on that IP address and abuse your domain.
Orphaned domains like this are interesting, there was a defcon talk, I think, where the presenter bought a bunch of blacklisted orphaned domains just to see if anything would try and connect to them. They got hit with so many botnet clients trying to phone home.
Please post a link if you’re able, that sounds like a very interesting watch.
Yeah those orphaned domains are a goldmine for security researchers, there was a similar talk at blackhat where they showed how expired domains from major companies still recieved auth tokens and sensitive data for months after expiry.
Orphaned IPs as well. If you have an IPv4 from your cloud provider and you want to retire it, you should thoroughly scrub your DNS and all other configs before doing so. Otherwise it’s trivial for someone else to spin up a machine on that IP address and abuse your domain.