Sunday, November 15, 2020

IOC for various trending squatting on popular domains:

Squatting campaigns are basically a form of phishing attack by luring the victims to believe that they are visiting the legitimate website but in reality, they visiting the suspicious domains, and the domain names are squatted with spelling mistakes and the letters look-alike the legitimate websites.

For example, amazon.com is a legitimate service and used by millions of people for online shopping. A typical squatting campaign for amazon will be looking like "accounts1-apmazon[.]com". We collected various squatting domains targeting popular domains from the exchange threat intelligence (IBM). We shared the list with reference details:


Amazon Squatting Campaign

Domain

accounts1-apmazon[.]com

amazon-verify-login[.]com

amazonverifylogina[.]com

sign-in-costumer-amazon[.]com

sign-in-secure-support-amazon[.]com

sign-in-services-amazon[.]com

accounts1-apmazon[.]com

accounts1-apmazon[.]com

amazon-verify-login[.]com

amazon-verify-login[.]com

amazonverifylogina[.]com

amazonverifylogina[.]com

sign-in-costumer-amazon[.]com

sign-in-costumer-amazon[.]com

sign-in-secure-support-amazon[.]com

sign-in-secure-support-amazon[.]com

sign-in-services-amazon[.]com

sign-in-services-amazon[.]com

accounts1-apmazon[.]com

amazon-verify-login[.]com

amazonverifylogina[.]com

sign-in-costumer-amazon[.]com

sign-in-secure-support-amazon[.]com

sign-in-services-amazon[.]com

Reference link: https://exchange.xforce.ibmcloud.com/collection/10d93e265dafd73bcea7e686f4649f5e


PayPal Squatting Campaign

Domain

paypal-help72[.]com

paypal-help72[.]com

paypal-help72[.]com

paypal-help72[.]com

paypal-remove24[.]com

paypal-remove24[.]com

paypal-remove24[.]com

paypal-remove24[.]com

paypal-remove48[.]com

paypal-remove48[.]com

paypal-remove48[.]com

paypal-remove48[.]com

paypal-remove72[.]com

paypal-remove72[.]com

paypal-remove72[.]com

paypal-remove72[.]com

paypal-resolve24[.]com

paypal-resolve24[.]com

paypal-resolve24[.]com

paypal-resolve24[.]com

paypal-resolve48[.]com

paypal-resolve48[.]com

paypal-resolve48[.]com

paypal-resolve48[.]com

paypal-update72[.]com

paypal-update72[.]com

paypal-update72[.]com

paypal-update72[.]com

paypal-help72[.]com

paypal-remove24[.]com

paypal-remove48[.]com

paypal-remove72[.]com

paypal-resolve24[.]com

paypal-resolve48[.]com

paypal-update72[.]com

Reference link: https://exchange.xforce.ibmcloud.com/collection/7caa5538c72068a45f355e2edd9a0cf3


Apple Squatting Campaign

Domain

officialapple-la[.]com

officialapple-la[.]com

officialapple-ld[.]com

officialapple-ld[.]com

officialapple-us[.]com

officialapple-us[.]com

officialapple-la[.]com

officialapple-ld[.]com

officialapple-us[.]com

Reference link: https://exchange.xforce.ibmcloud.com/collection/8a41f69e3486df9f81d9e2e695e7b5c1


Netflix Squatting Campaign

Domain

netfllix-update[.]net

netfllix-update[.]net

www-netflix-updateid[.]com

www-netflix-updateid[.]com

www-netfllix[.]com

www-netfllix[.]com

netfllix-update[.]net

www-netflix-updateid[.]com

www-netfllix[.]com

Reference link: https://exchange.xforce.ibmcloud.com/collection/e6558cf2d0c7bb9620bbf086eade4bc4


Post by

newWorld


No comments:

Operating system - Part 1:

 In our blog, we published several articles on OS concepts which mostly on the perspective for malware analysis/security research. In few in...