Look Up DNS Records
Query DNS records for any domain to inspect A, AAAA, MX, CNAME, TXT, and NS configurations.
Phishing Infrastructure Analysis
Investigate suspected phishing domains through registration analysis, DNS inspection, geolocation, and evidence capture.
Phishing attacks rely on infrastructure that mimics legitimate brands through lookalike domains, cloned websites, and convincing email setups. Quickly investigating and documenting phishing infrastructure is critical for takedown requests, abuse reports, and protecting users from ongoing campaigns.
This workflow provides a structured investigation approach: analyzing domain registration for attribution clues, examining DNS configuration to map the full phishing infrastructure, geolocating hosting providers for targeted takedown requests, and capturing visual evidence for abuse reports and legal proceedings. Speed is essential as phishing sites are often short-lived.
Steps
1
Investigate Domain Registration
Look up the suspected phishing domain registration to identify the registrant, creation date, and registrar for attribution.
Input: Suspected phishing domain to investigate.
Output: Registration details including registrant information, creation date, and registrar identity.
2
Analyze DNS Configuration
Examine the DNS setup of the suspected phishing domain to identify hosting infrastructure and related domains.
Input: Phishing domain to analyze DNS records for.
Output: DNS records revealing hosting infrastructure, mail servers, and related service providers.
3
Geolocate Phishing Infrastructure
Identify the geographic location and hosting provider of the phishing infrastructure for takedown requests.
Input: IP addresses associated with the phishing domain.
Output: Hosting provider, geographic location, and ASN details for takedown reporting.
4
Capture Phishing Evidence
Take screenshots of the phishing site for evidence preservation and abuse reporting to registrars and hosting providers.
Input: URL of the suspected phishing site.
Output: Timestamped screenshots of the phishing site for legal evidence and abuse reports.
Benefits
- Rapid domain attribution through WHOIS/RDAP investigation
- Map the full phishing infrastructure through DNS analysis
- Identify hosting providers for efficient takedown requests
- Preserve timestamped evidence for abuse reports and legal action
Related Use Cases
Check DNS Propagation Status
Verify whether recent DNS changes have propagated and the new records are live.
Look Up Domain Registration Details
Query WHOIS and RDAP databases to get complete registration information for any domain.
Check Domain Expiration Dates
Monitor when domains expire to prevent accidental lapses or plan acquisition of expiring domains.
Geolocate Website Visitors
Determine the geographic location of website visitors from their IP addresses for analytics and personalization.
Detect Suspicious Login Locations
Flag logins from unexpected geographic locations by comparing IP geolocation against known user patterns.
Capture Full-Page Screenshots
Take full-page screenshots of any website, capturing everything from the header to the footer in one image.
Monitor Visual Changes
Capture periodic screenshots to detect and track visual changes on websites over time.