Summary

X-Force has identified a new squatting campaign used by threat actors to target the media sector. The campaign has a global scope assumingly luring users into giving away their login credentials.

Threat Type

Squatting Domain, Phishing Domain, Credential Theft

Overview

We observed 19 squatting domain registrations related to a victim in the media sector. The campaign was identified starting with the registration on 2022-07-27 04:48:11 up to the latest registration on 2022-08-03 12:39:27.

For all registered domains we could identify NameCheap, Inc. as the registrar based in Iceland. The email address used for registering the domains was anonymized.

In addition we were also able to resolve the following IPs as well as the ASNs to the registered domains:

Domain: 1-youtubee.xyz
Resolved IP: 66.29.137.14
ASN: AS22612
ASN country: United States

Domain: 11-youtubee.xyz
Resolved IP: 192.64.119.79
ASN: AS22612
ASN country: United States

Domain: 12-youtubee.xyz
Resolved IP: 192.64.119.221
ASN: AS22612
ASN country: United States

Domain: 13-youtubee.xyz
Resolved IP: 192.64.119.238
ASN: AS22612
ASN country: United States

Domain: 14-youtubee.xyz
Resolved IP: 162.255.119.81
ASN: AS22612
ASN country: United States

Domain: 15-youtubee.xyz
Resolved IP: 162.255.119.164
ASN: AS22612
ASN country: United States

Domain: 16-youtubee.xyz
Resolved IP: 162.255.119.140
ASN: AS22612
ASN country: United States

Domain: 17-youtubee.xyz
Resolved IP: 192.64.119.81
ASN: AS22612
ASN country: United States

Domain: 18-youtubee.xyz
Resolved IP: 162.255.119.115
ASN: AS22612
ASN country: United States

Domain: 19-youtubee.xyz
Resolved IP: 192.64.119.135
ASN: AS22612
ASN country: United States

Domain: 2-youtubee.xyz
Resolved IP: 162.255.119.12
ASN: AS22612
ASN country: United States

Domain: 20-youtubee.xyz
Resolved IP: 192.64.119.70
ASN: AS22612
ASN country: United States

Domain: 3-youtubee.xyz
Resolved IP: 192.64.119.217
ASN: AS22612
ASN country: United States

Domain: 4-youtubee.xyz
Resolved IP: 162.255.119.244
ASN: AS22612
ASN country: United States

Domain: 5-youtubee.xyz
Resolved IP: 192.64.119.11
ASN: AS22612
ASN country: United States

Domain: 6-youtubee.xyz
Resolved IP: 192.64.119.167
ASN: AS22612
ASN country: United States

Domain: 7-youtubee.xyz
Resolved IP: 162.255.119.247
ASN: AS22612
ASN country: United States

Domain: 8-youtubee.xyz
Resolved IP: 162.255.119.93
ASN: AS22612
ASN country: United States

Domain: 9-youtubee.xyz
Resolved IP: 192.64.119.125
ASN: AS22612
ASN country: United States

However the registrar NameCheap, Inc. covers a pool of 178.483.157 domains where at least 0.15% can be considered as potentially malicious.

The following list shows the nameserver that are configured as authoritative nameservers for the domain and their malicious score which is the percentage of malicious domains with the same nameserver.

Domain: 1-youtubee.xyz
Name server: dns1.namecheaphosting.com
Name server malicious score: 0.39%

Domain: 1-youtubee.xyz
Name server: dns2.namecheaphosting.com
Name server malicious score: 0.39%

Domain: 11-youtubee.xyz
Name server: dns1.namecheaphosting.com
Name server malicious score: 0.39%

Domain: 11-youtubee.xyz
Name server: dns2.namecheaphosting.com
Name server malicious score: 0.39%

Domain: 12-youtubee.xyz
Name server: dns1.namecheaphosting.com
Name server malicious score: 0.39%

Domain: 12-youtubee.xyz
Name server: dns2.namecheaphosting.com
Name server malicious score: 0.39%

Domain: 13-youtubee.xyz
Name server: dns1.namecheaphosting.com
Name server malicious score: 0.39%

Domain: 13-youtubee.xyz
Name server: dns2.namecheaphosting.com
Name server malicious score: 0.39%

Domain: 14-youtubee.xyz
Name server: dns1.namecheaphosting.com
Name server malicious score: 0.39%

Domain: 14-youtubee.xyz
Name server: dns2.namecheaphosting.com
Name server malicious score: 0.39%

Domain: 15-youtubee.xyz
Name server: dns1.namecheaphosting.com
Name server malicious score: 0.39%

Domain: 15-youtubee.xyz
Name server: dns2.namecheaphosting.com
Name server malicious score: 0.39%

Domain: 16-youtubee.xyz
Name server: dns1.namecheaphosting.com
Name server malicious score: 0.39%

Domain: 16-youtubee.xyz
Name server: dns2.namecheaphosting.com
Name server malicious score: 0.39%

Domain: 17-youtubee.xyz
Name server: dns1.namecheaphosting.com
Name server malicious score: 0.39%

Domain: 17-youtubee.xyz
Name server: dns2.namecheaphosting.com
Name server malicious score: 0.39%

Domain: 18-youtubee.xyz
Name server: dns1.namecheaphosting.com
Name server malicious score: 0.39%

Domain: 18-youtubee.xyz
Name server: dns2.namecheaphosting.com
Name server malicious score: 0.39%

Domain: 19-youtubee.xyz
Name server: dns1.namecheaphosting.com
Name server malicious score: 0.39%

Domain: 19-youtubee.xyz
Name server: dns2.namecheaphosting.com
Name server malicious score: 0.39%

Domain: 2-youtubee.xyz
Name server: dns1.namecheaphosting.com
Name server malicious score: 0.39%

Domain: 2-youtubee.xyz
Name server: dns2.namecheaphosting.com
Name server malicious score: 0.39%

Domain: 20-youtubee.xyz
Name server: dns1.namecheaphosting.com
Name server malicious score: 0.39%

Domain: 20-youtubee.xyz
Name server: dns2.namecheaphosting.com
Name server malicious score: 0.39%

Domain: 3-youtubee.xyz
Name server: dns1.namecheaphosting.com
Name server malicious score: 0.39%

Domain: 3-youtubee.xyz
Name server: dns2.namecheaphosting.com
Name server malicious score: 0.39%

Domain: 4-youtubee.xyz
Name server: dns1.namecheaphosting.com
Name server malicious score: 0.39%

Domain: 4-youtubee.xyz
Name server: dns2.namecheaphosting.com
Name server malicious score: 0.39%

Domain: 5-youtubee.xyz
Name server: dns1.namecheaphosting.com
Name server malicious score: 0.39%

Domain: 5-youtubee.xyz
Name server: dns2.namecheaphosting.com
Name server malicious score: 0.39%

Domain: 6-youtubee.xyz
Name server: dns1.namecheaphosting.com
Name server malicious score: 0.39%

Domain: 6-youtubee.xyz
Name server: dns2.namecheaphosting.com
Name server malicious score: 0.39%

Domain: 7-youtubee.xyz
Name server: dns1.namecheaphosting.com
Name server malicious score: 0.39%

Domain: 7-youtubee.xyz
Name server: dns2.namecheaphosting.com
Name server malicious score: 0.39%

Domain: 8-youtubee.xyz
Name server: dns1.namecheaphosting.com
Name server malicious score: 0.39%

Domain: 8-youtubee.xyz
Name server: dns2.namecheaphosting.com
Name server malicious score: 0.39%

Domain: 9-youtubee.xyz
Name server: dns1.namecheaphosting.com
Name server malicious score: 0.39%

Domain: 9-youtubee.xyz
Name server: dns2.namecheaphosting.com
Name server malicious score: 0.39%

Not forgetting to mention the WhoIs Server: X-Force was able to retrieve the WhoIs server information where we were also able to determine the number of domains each WhoIs server manages and as well adding the malicious rating of the domains in the pool.

Domain: 1-youtubee.xyz
Whois server: whois.namecheap.com
Whois server malicious score: 0.15%

Domain: 11-youtubee.xyz
Whois server: whois.namecheap.com
Whois server malicious score: 0.15%

Domain: 12-youtubee.xyz
Whois server: whois.namecheap.com
Whois server malicious score: 0.15%

Domain: 13-youtubee.xyz
Whois server: whois.namecheap.com
Whois server malicious score: 0.15%

Domain: 14-youtubee.xyz
Whois server: whois.namecheap.com
Whois server malicious score: 0.15%

Domain: 15-youtubee.xyz
Whois server: whois.namecheap.com
Whois server malicious score: 0.15%

Domain: 16-youtubee.xyz
Whois server: whois.namecheap.com
Whois server malicious score: 0.15%

Domain: 17-youtubee.xyz
Whois server: whois.namecheap.com
Whois server malicious score: 0.15%

Domain: 18-youtubee.xyz
Whois server: whois.namecheap.com
Whois server malicious score: 0.15%

Domain: 19-youtubee.xyz
Whois server: whois.namecheap.com
Whois server malicious score: 0.15%

Domain: 2-youtubee.xyz
Whois server: whois.namecheap.com
Whois server malicious score: 0.15%

Domain: 20-youtubee.xyz
Whois server: whois.namecheap.com
Whois server malicious score: 0.15%

Domain: 3-youtubee.xyz
Whois server: whois.namecheap.com
Whois server malicious score: 0.15%

Domain: 4-youtubee.xyz
Whois server: whois.namecheap.com
Whois server malicious score: 0.15%

Domain: 5-youtubee.xyz
Whois server: whois.namecheap.com
Whois server malicious score: 0.15%

Domain: 6-youtubee.xyz
Whois server: whois.namecheap.com
Whois server malicious score: 0.15%

Domain: 7-youtubee.xyz
Whois server: whois.namecheap.com
Whois server malicious score: 0.15%

Domain: 8-youtubee.xyz
Whois server: whois.namecheap.com
Whois server malicious score: 0.15%

Domain: 9-youtubee.xyz
Whois server: whois.namecheap.com
Whois server malicious score: 0.15%

Recommendations

  • Do not click or open links in mails directly, instead type in the main URL in your browser or search the brand/company via your preferred search engine.
  • Ensure anti-virus software and associated files are up to date.
  • Search for existing signs of the indicated IOCs in your environment.
  • Block all URL and IP based IOCs at the firewall, IDS, web gateways, routers or other perimeter-based devices, a course of action, resources or applications to remediate this threat.
  • Keep applications and operating systems running at the current released patch level.

Reference

Proprietary IBM X-Force Threat Intelligence

Similar Posts

Al Qaeda needs a new leader after Zawahiri’s killing. Its bench is thinner than it once was

ByBriefing Team @intelligence-i1

Ayman al-Zawahiri’s death at the hands of a US drone strike has raised questions about who will replace him as the leader of al Qaeda. While the terrorist group is not short of contenders, its ranks are sparser and more geographically dispersed than 10 or 20 years ago. Here’s what we know about who could be…

President of Armenia-backed Artsakh signs decree ordering partial military mobilization amid rising tensions with Azerbaijan in Nagorno-Karabakh

ByBriefing Team @intelligence-i1

Decree on declaring a partial military mobilization On August 3, the President of the Republic of Artsakh, Arayik Harutyunyan, signed a decree, according to which a partial military mobilization was announced in the republic from August 3, 2022. Main Information Department of the Office of the President of the Republic of Azerbaijan Telegram

Chinese fighter jets fly close to Taiwan Strait as military activity increases ahead of Nancy Pelosi visit

ByBriefing Team @intelligence-i1

China has increased military activity around Taiwan as tensions run high ahead of a potential visit by US House Speaker Nancy Pelosi, who is expected to arrive in the capital Taipei today. China has repeatedly warned against Ms Pelosi going to Taiwan, which it claims as its own, warning of repercussions and saying that its…

Myanmar junta extends state of emergency

ByBriefing Team @intelligence-i1

Myanmar’s military government has extended a state of emergency by 6 months, state media said Monday, with the junta chief saying elections could only take place when the conflict-wracked country was “stable and peaceful”. Min Aung Hlaing, who led last year’s coup, requested the military government to “allow him to serve for an additional 6…

FBI: Al-Qaida Determined to Strike at US Despite Leader’s Killing

ByBriefing Team @intelligence-i1

FBI Director Christopher Wray said on Thursday that he remains worried about the potential for a large-scale attack planned or inspired by al-Qaida despite the killing of its top leader in a U.S. drone strike in Afghanistan last weekend. Both al-Qaida and the Islamic State as well as their affiliates “intend to carry out or…