← Back to Pulse Feed
PULSE DETAIL
PULSE NAME
Cybersquatting: Attackers Mimicking Domains of Major Brands Including Facebook, Apple, Amazon and Netflix to Scam Consumers
Users on the internet rely on domain names to find brands, services, professionals and personal websites. Cybercriminals take advantage of the essential role that domain names play on the internet by registering names that appear related to existing domains or brands, with the intent of profiting from user mistakes. This is known as cybersquatting.
The Palo Alto Networks squatting detector system discovered that 13,857 squatting domains were registered in December 2019, an average of 450 per day. We found that 2,595 (18.59%) squatted domain names are malicious, often distributing malware or conducting phishing attacks, and 5,104 (36.57%) squatting domains we studied present a high risk to users visiting them, meaning they have evidence of association with malicious URLs within the domain or are utilizing bulletproof hosting.
MITRE ATT&CK & Malware Families
Indicators of Compromise (37)
| TYPE | INDICATOR | DESCRIPTION | CREATED | |
|---|---|---|---|---|
| JA3 | 4192c0a946c5bd9b544b4656d9f624a4 | Server JA3 | 2020-09-01 | |
| JA3 | 6312930a139fa3ed22b87abb75c16afa | Client JA3 | 2020-09-01 | |
| FileHash-SHA256 | e7fb436bf7d8784da092315bce1d3511a6055da41fe67362bad7a4c5d3f0294e | — | 2020-09-01 | |
| FileHash-SHA256 | fa28b59eb0ccd21d3994b0778946679497399b72c2e256ebf2434553cb7bf373 | — | 2020-09-01 | |
| FileHash-SHA256 | 5acd6d9ac235104f90f9a39c11807c37cdfb103d6c151cc1a2e4e38bf3dbe41f | — | 2020-09-01 | |
| FileHash-MD5 | 24b077bcdcb230d111ee91d6312aecfb | MD5 of fa28b59eb0ccd21d3994b0778946679497399b72c2e256ebf2434553cb7bf373 | 2020-09-01 | |
| FileHash-MD5 | 5d32cdb59a949cbda3e474659a722b21 | MD5 of 5acd6d9ac235104f90f9a39c11807c37cdfb103d6c151cc1a2e4e38bf3dbe41f | 2020-09-01 | |
| FileHash-MD5 | adfe64ac126a95c4c4d74bc59f662119 | MD5 of e7fb436bf7d8784da092315bce1d3511a6055da41fe67362bad7a4c5d3f0294e | 2020-09-01 | |
| FileHash-SHA1 | 4f8ebc994970efa7f9367e7424986f53bc22824a | SHA1 of fa28b59eb0ccd21d3994b0778946679497399b72c2e256ebf2434553cb7bf373 | 2020-09-01 | |
| FileHash-SHA1 | ac6afb65b285b6b91683e28a69e2bb4e51242742 | SHA1 of e7fb436bf7d8784da092315bce1d3511a6055da41fe67362bad7a4c5d3f0294e | 2020-09-01 | |
| FileHash-SHA1 | e232806a225e659b391801c4799c7229b80cd064 | SHA1 of 5acd6d9ac235104f90f9a39c11807c37cdfb103d6c151cc1a2e4e38bf3dbe41f | 2020-09-01 | |
| domain | samsungeblyaiphone.com | — | 2020-09-01 | |
| domain | 4ever21.com | — | 2020-09-01 | |
| domain | whatsalpp.com | — | 2020-09-01 | |
| domain | com-finder-me.info | — | 2020-09-01 | |
| domain | rbyroyalbank.com | — | 2020-09-01 | |
| domain | amazon-india.online | — | 2020-09-01 | |
| domain | microsoft-alert.club | — | 2020-09-01 | |
| domain | micposoft.com | — | 2020-09-01 | |
| domain | microsoft-sback-server.com | — | 2020-09-01 | |
| domain | netflix-payments.com | — | 2020-09-01 | |
| domain | netflixbrazilcovid.com | — | 2020-09-01 | |
| domain | walrmart44.com | — | 2020-09-01 | |
| domain | xn--microsof-wyb.com | — | 2020-09-01 | |
| domain | microsoft-store-drm-server.com | — | 2020-09-01 | |
| domain | store-in-box.com | — | 2020-09-01 | |
| domain | facebookwinners2020.com | — | 2020-09-01 | |
| domain | secure-wellsfargo.org | — | 2020-09-01 | |
| domain | stt-box.com | — | 2020-09-01 | |
| domain | samsungpr0mo.online | — | 2020-09-01 | |
| URL | http://samsungeblyaiphone.com/dolce.exe | — | 2020-09-01 | |
| URL | http://samsungeblyaiphone.com/index.php | — | 2020-09-01 | |
| hostname | www.icloud.com-secure-login.info | — | 2020-09-01 | |
| hostname | icloud.com-iphone.support | — | 2020-09-01 | |
| hostname | apple.com.recover.support | — | 2020-09-01 | |
| hostname | facebook.com-account-login-manage.yourfiresale.com | — | 2020-09-01 | |
| hostname | safety.microsoft.com.mdmfmztwjj.l6kan7uf04p102xmpq.bid | — | 2020-09-01 |
References (1)