Forensic Investigation On CDN Hidden Hebsites
This article is not intended for rogue hackers or those who intend to cause damage, tarnish or steal information. It is intended for the genuine good use especially forensics or testing and verifying the safety and security of data and to unearth or unhide scrupulous dealers that hide behind content delivery networks (CDN). ProsnGurus is not responsible for any damage caused or any negative effects after the practice of these tips included in this article. You are advised to be safe and get legal permission prior to any penetration tests.
That being said, let us delve into more detail on the “Why” part. There are many website operators who hide their credentials using the “Hide my contact details” with the domain registrar. They also further protect their sites by placing their websites behind content delivery networks(CDN). CDNs can be very useful in delivering cached content faster to your visitors but reverse proxy can be abused.
In the case of abuse or any activity which might create curiosity to know the owners or unhide the hidden identity, you can employ the use of forensic tools to gather some helpful puzzle pieces which after being put together can give a clearer picture to ease your curiosity or report and eventually stop the illicit activities.
There are many on-line tools to use before going into the deeper end of the investigation. For simple quick lookup you can use Mxtoolbox.com, Dnswatch.info or Whois.net where you can harvest plenty information about a domain including the domain’s A records, CName records, MX records, and blacklist status of a domain.
In the case that a domain has been changing records in a long time, you can use Completedns.com , Whoisrequest.com, Dnshistory.org, Dnstrails.com and many others. To check for internet abuse Crimeflare is the best at this.
You can further build your own tools for investigation by using the following tools that run mainly on Linux.
Cloudhat, cFire, Cloudfail, Cloudfare enumerator, Dnsenum or a host of tools in Kali linux
There are many other tools which can be used to gather useful information about a domain in forensic investigations. The best thing is to try them and see which one you are comfortable with. In the case that the website operator removes the content in question and claims it never existed, you can use Internet Wayback Machine. This is a wonderful which saves and archives all websites. You can actually pull back a certain date in history and see the state of a website then.
Other tools like WPscan or the online version WPscan.com and WPseku for further investigation especially on WordPress websites can be used to get more information. For personal information, you can use people finder sites like Anywho.com or the like.
After finding out the much-needed information like the actual IP address, location, contact details and more you can then safely document it and taker further action be it gaining access or accessing further evidence for any legal action.
Detailed process(es) of investigation is beyond the scope of this article and may be covered in a later installment. Please remember to be safe and legal if ever you use any of these tools.