OSINT for Incident Response

I like DNS Dumpster for this next step because it’s quick, easy to use, and easy to interpret. I’m most interested in “ISP-allocated” IP blocks, e.g. “COMCAST-1234” or “LOCALISP-AS-01,” as opposed to CLOUDFLARENET, MICROSOFT-CORP, etc. Not that I’ll ignore the latter, but self-hosted/on-prem infrastructure seems to be the likelier devil’s playgroun

BHIS • OSINT for Incident Response