Skip to main content

Expired Domains

Expired Domains

Finding expired domains

By using expired domains we can mimic a legit website and forge other information to make our malicious domain seem legit.

There are several websites that can be used to find expired domains. There are also a few open source tools that allow you to locate expired domains.

I will be searching for domains that have the word church in their name. Hiding behind innocent domains that act as churches, medical help, education, or other related things can help cover a malicious domain.


We can see the domain “hope-community-church.com”

Domain Price

We need to check the price of the domain before we go further. We can do this with a number of sites.


Looks like it will cost $10.98 to purchase this domain.

Cover Page

We need to find a legit cover page for our domain. We can do this using the “way back machine” (archive.org). This websites takes snapshots of websites overtime. So we should be able to look at an old version of this domain before it expired.


We can download this page source and use it as our cover page. This will help make our domain look legit.

Domain Background Info

Now we need to do a little bit of research about this domain and its previous owner. I like to find out who previously owned it and if they have a new website set up. This information can be useful to create a better cover story.

Using this information I am able to find the website this organization is currently using “traXXXXXXXXXX.org”.


Fake WHOIS

We have plenty of information to make fake whois information that looks legit. I could use the name “TaXXXX XXay”  with the address “15XX 11th st alXXXna, XX XXX01” to buy the domain.

Before I decide to do that I check their new websites “traXXXXXXorg” whois information. It looks like they forgot to use whois privacy so we can see all their information.


It would be better to use this information to buy the domain since it will make our page look that much more legit. Our fake whois information should match their real whois information.

Conclusion

By purchasing an expired domain and dressing it up to look like how it did before it expired and  using fake whois information is a really stealthy way to trick investigators. If you saw a domain that has been active for 10 years and matches up with previous versions of that website and the whois information is legit then you might believe that this website is owned by someone else when in fact it isn't. Everything in our website is legit and it could be very hard to tell that it is fake.

Comments

Popular posts from this blog

Hacking Books

Best Hacking Books List Slack Group Before we get started I have started a new slack group dedicated to hacking. We welcome everyone from beginner to advanced to join. I will be on everyday answer questions, doing CTFs, and talking about cool hacks. If you enjoy hacking and are looking for like minded people join below: NEW Hacking Group Slack Channel If you want to get really good at something its best to have some sort of mentor. Reading the words that smart people have written down can be just has good as talking to them one on one. I have create a list of some of the best hacking books I know of which can be bought on amazon by following the provided links. If you were to read all of the listed books you would with out a doubt become a PRO. Beginner The Basics of Hacking and Penetration Testing: Ethical Hacking and Penetration Testing Made Easy Basic Security Testing with Kali Linux 2 Hash Crack: Password Cracking Manual (v2.0) Nmap Network Scanning: The Official ...

Hacking IOT: Google Chromcast

Hacking Google Chromcast Slack Group Before we get started I have started a new slack group dedicated to hacking. We welcome everyone from beginner to advanced to join. I will be on everyday answer questions, doing CTFs, and talking about cool hacks. If you enjoy hacking and are looking for like minded people join below: NEW Hacking Group Slack Channel Introduction Its January 2nd, 2019 and like I always do I was checking my news feed and noticed an article about how some malicious hacker attacking chromcast which resulted in their TV being forced to render unwanted content ( News Article ). Message hacker left on TVs This peaked my interest so I set out discover how the hacker accomplished this. Technical Details  Recon According to the internet the definition of chromcast is a streaming media adapter from Google that allows users to play online content such as videos and music on a digital television .   At the time of writing this po...

Mass Hacking Android Phones

Hacking Android Phones Slack Group Before we get started I have started a new slack group dedicated to hacking. We welcome everyone from beginner to advanced to join. I will be on everyday answer questions, doing CTFs, and talking about cool hacks. If you enjoy hacking and are looking for like minded people join below: NEW Hacking Group Slack Channel Notice ALL TESTS WERE PERFORMED ON MY OWN DEVICES I HAVE NOT AND WILL NOT USE THIS KNOWLEDGE TO HACK OTHER PEOPLES DEVICES Introduction Its January 13th, 2019 and for some reason im thinking about mass hacking phones, so naturally I turn to the internet to see what I can discover. I noticed one particular article that talked about how a worm is exploiting Android Debug Bridge  to hack thousands of Android phones( Android Hacking Article ). Iv never heard of the  Android Debug Bridge but apparently certain phone manufactures like to enable it and expose peoples devices to the world.  Technical Detai...