Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

[Analyzer] abuse_whois integration #2308

Open
drego85 opened this issue May 13, 2024 · 3 comments
Open

[Analyzer] abuse_whois integration #2308

drego85 opened this issue May 13, 2024 · 3 comments

Comments

@drego85
Copy link

drego85 commented May 13, 2024

Name

After the recent integration of Abusix to identify IP address abuse teams, it may be interesting to integrate @ninoseki's abuse_whois project to obtain abuse references for domain names as well.

Link

https://github.com/ninoseki/abuse_whois

Why should we use it

To improve interactions with abuse teams.

@mlodic
Copy link
Member

mlodic commented May 13, 2024

why not?

And recently we went even further. With the last release (6.0.2) we added a new TakeDown_Request Playbook which automates everything: in this way the user needs only to submit the domain they want to take down and IntelOwl would do all the rest.... and it would send the email to the abuse contact provider too :) You could give it a try :)

We'll show this use case at the next Honeynet Workshop, then we'll share slides and content here

@ninoseki
Copy link

FYI sending email approach does not work well in many cases. Especially if you send an email to a domain registrar.
I often get automatic reply says “please submit it via our form”. And in most cases a form has a captcha. So it’s difficult to automate the whole process.

@mlodic
Copy link
Member

mlodic commented May 13, 2024

Thanks for sharing :) Right now our playbook sends the email only to hosting providers and not domain registrars. I have no actual extensive experience on that so what you shared is nice to know. I'll update this post if we get more interesting findings about.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Projects
None yet
Development

No branches or pull requests

3 participants