A while ago I asked ChatGPT how hackers know about new domain name releases. ChatGPT gave some vague information but no real feed address.
What led to this was a hacker started attacking my just registered .COM site. It had only been registered on the internet about two hours and published, when I noticed some dubious activity from OVH IP address in the log file.
I started producing information on the home page to show what the hacker was attacking, and pretty soon Google marked me as a suspect site.
I then quickly installed Google Analytics to see if I can track the hacker this way.
Interestingly Google Analytics didn’t pick anything up, and I then asked ChatGPT if hiding your ass on GA is possible. Indeed it is.
Long story short, I’ve now discovered at least one service which produces newly released .COM domains for hackers to attack. This site is:
https://com.all-url.info/
My domain was here:
https://com.all-url.info/23/93/
So basically how this works:
- Hackers have automatic feeds when new domains are released. They use 3rd party services such as the above URL, or indeed, the above URL is already owned by hackers.
- When the domain is released, they start their penetration attack. New websites and prototype websites are at times much more insecure than mature websites.
- Once they have gained access, they decide on their next move.
What is the point of this story? The point of this story is be careful.
What I had to do to get the phishing warning off was link up Google Search Console, which clearly takes the benefit of the doubt if it’s never heard of a URL. Thankfully an appeal in Google Search Console remove the warning on my newly minted domain.
Another day, another attack thwarted.