Phish Impersonating DocuSign
195 domains registered and used for credential phishing
We spotted 195 domains registered and used for credential phishing pulled from a phish impersonating DocuSign using a click thru URL obfuscator.
The initial domain was qi6kd[.]com which showed a google workspace login, off a DocuSign-impersonating email with a link to a malicious site.
Related Content
CybercrimeDNSSpamThreat Intelligence
Cybersecurity Reading List - Week of 2025-01-27
Account TraffickingDisinformationFraud
Account Trafficking Websites in December 2024
C2Chinese MalwareFarfliGh0stRATLummaStealerRedLineRemKos RATSilverFoxValleyRATWindows OS