Newly-Registered Domains for Phishing Pages Mimicking Deepseek

    Date: 01/30/2025

    Severity: Critical 

    Summary

    Following the release of DeepSeek's LLM, several newly registered domains (NRDs) linked to phishing sites have emerged. Domains such as deepseeklogin[.]com are designed to imitate the official DeepSeek homepage, featuring fake login pages that prompt victims to enter their credentials.

    Indicators of Compromise (IOC) List

    Domains\Urls :

    deepseeklogin.com

    Gurucul Threat Detection and Incident Response (TDIR) Queries for Detection

    Domains\Urls :

    userdomainname like "deepseeklogin.com" or url like "deepseeklogin.com"

    Reference:

    https://github.com/PaloAltoNetworks/Unit42-timely-threat-intel/blob/main/2025-01-29-IOCs-for-DeepSeek-themed-phishing-domains.txt


    Tags

    MalwarePhishingDeepSeek

    « Previous ArticleNext Article »

    Comments

    No records to display

    Looking for Something?
    Threat Research Categories:
    Tags