Forum Discussion
Communication with suspicious random domain name (Preview)
Hi All So we are seeing multiple alerts via Azure Security Centre for the following Communication with suspicious random domain name (Preview) The alerts show that various assets connecte...
Hey ragnar667
FYI, the SOA (start of authority) on the DNS record for zbrjtstrclnm.com points to zoneadmin.tonic.com.
Tonic.com is a pay-per-click style advertising company and the domain is likely related to their traffic.
Thanks
To continue this journey, I concur with Tun33elrt as I got a similar result, but used a different process.
1. My random site is 6867bb.shcxjdwfblvm.com
2. Wheregoes.com shows a 307 temporary redirection to unsold-cars-93562.com
3. I tried the mxToolbox SOA tool, but it doesn't show zoneadmin.tonic.com
4. Entering "unsold-cars-93562.com" at bgp.he.net, I eventually got the zoneadmin.tonic.com mname record
Hope this helps
1. My random site is 6867bb.shcxjdwfblvm.com
2. Wheregoes.com shows a 307 temporary redirection to unsold-cars-93562.com
3. I tried the mxToolbox SOA tool, but it doesn't show zoneadmin.tonic.com
4. Entering "unsold-cars-93562.com" at bgp.he.net, I eventually got the zoneadmin.tonic.com mname record
Hope this helps