Skip to main content

Reputation Alerts

Suspicious Redirects

What is it?

A suspicious redirect is a redirect that has changed. Redirects are tracked with each scan, and if the redirect chain changes e.g. to a malicious website, or doesn't match the expected pattern a warning for suspicious behavior is thrown.

Where is it detected?

  • Website Security Monitor

Alert Levels

  • YELLOW: redirects may not be triggered on any visit, they might also be set on purpose by the web administrator.

Check if the redirect is leading to the correct target. If the target is known as malicious, remove the redirect if possible immediately.

 

DNS Takeover 

What is it?

A potential DNS takeover vulnerability was found. This means that an attacker may take control of a DNS server for resolving your hostname. The attacker can change the DNS record(s) to a server that he/she owns. 
This issue type results from a misconfigured server. Domain's DNS records are controlled by DNS servers that anyone can use, but no one within this service claims the domain. 

To perform a takeover, the name server has to be one of the currently known vulnerable DNS services that can be found here:
https://github.com/indianajson/can-i-take-over-dns?ref=blog.projectdiscovery.io

Where is it detected?

  • Website Security Monitor

Alert Levels

  • YELLOW: A potential DNS takeover vulnerability was found in the DNS configuration of your scanned website.
  • Delete the authoritative nameserver assigned to the domain
  • (Re-)Activate the unused website (nameserver entry)

For more information, please check the following article:
https://blog.projectdiscovery.io/guide-to-dns-takeovers/