Suspicious web traffic after creating a certificate

Expose · August 17, 2023, 9:27am

Passive DNS.

Passive DNS databases/services are provided my a number of companies like VirusTotal (Google) and Palo Alto Networks. PDNS is often used in malware analysis.

bruncsak · August 17, 2023, 9:42am

When you do nslookup just check what DNS resolver you are querying. With multiple trials with different names you may be able to differentiate which one is leaking the domain information.

rg305 · August 17, 2023, 2:43pm

Like:
nslookup using-1s-for-this-test.example.com 1.1.1.1
nslookup using-8s-for-this-test.example.com 8.8.8.8
nslookup using-9s-for-this-test.example.com 9.9.9.9

[you can get creative!]

system · September 16, 2023, 2:43pm

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
Bot scan (not from letsencrypt) immediately after cert issue Site Feedback	25	3783	February 13, 2021
Increased DNS traffic after certificate request Help	10	334	July 20, 2024
Certificate Transparency Search Resources Issuance Tech	9	2327	September 13, 2023
Public certificate hostnames Help	3	1103	April 2, 2020
Monitoring certificate issuance Praise	4	2148	September 4, 2016

Suspicious web traffic after creating a certificate

Related topics