ThreatConnect identifies typosquatting domains that were registered by a Chinese email address
We have developed TIPpers, which are incidents the ThreatConnect Research team flags for your awareness, so your organization can take decisive action.
TIPper: y1319999 Typosquatting Domains.
ThreatConnect identified typosquatting domains that were registered in the last few months by a Chinese email address.
Some of them have historic passive DNS extending back to 2010, but they all appear to be currently parked at a benign parking lot server at the time of writing. However, they may be resold or activated in the future for phishing attacks or other malicious activity.
ThreatConnect has shared the associated indicators including hosts and an e-mail address in Incident 20161014D: y1319999 Typosquatting Domains.
For additional details, current ThreatConnect users who have an organization account and have had a walkthrough can access this incident by selecting this LINK or by searching for incident “20161014D” in the ThreatConnect Platform.
If you do not have a ThreatConnect account, you can get access to this premium content by following these two steps: 1.) Sign up for a free Organization account. 2.) Get a walkthrough so that we can give you the best experience possible.
ThreatConnect’s Free Organization Edition allows you to establish a basic threat intelligence practice, collaborate with your internal team, protect your organization with open source threat data, bulk import cyberthreat indicators, contribute to the ThreatConnect Community, and receive support and validation from outside researchers and analysts also using the platform. The TIPper Community includes timely notification of threat incidents identified by the ThreatConnect Research team, an exclusive service offered at no additional charge to paying customers.