Hi,
I need a real quick help.
Long time I observed one domain “Ib.adnxs(.)com”, this seems it does redirection to multiple malicious malware related domains. I wanted to get information on all redirection domain happened through it.
Drilled with host alias there were lot many hits found. Can anyone please help me, what kind of informer report or custom drill will give me redirection domain information?
Couple of ideas:
I tend to apply the last method. tshark + regular expressions can be very powerful and with the REST-API you can very easily automate the process.