Suspicious Domains Targeting Meta’s App Users | WhoisXML API

Threat Reports

A Look into Cybersquatting and Phishing Domains Targeting Facebook, Instagram, and WhatsApp

Meta’s infringement and cybersquatting case against Namecheap was dismissed1 last 25 April 2022 following a settlement2. While the details of the settlement were private, the registrar ended up transferring 61 domains to Meta. 

In line with this, WhoisXML API researchers decided to monitor the cybersquatting activity related to three Meta applications covered in the dismissed case—Facebook, Instagram, and WhatsApp. Our findings include:

  • 1,100+ typosquatting domains targeting the three Meta applications added since the case was dismissed on 25 April 2022
  • 760+ domains currently resolved to 530+ unique IP addresses
  • Close to 10% of these domains are already being flagged as malicious as of 25 May 2022
  • Some domains hosted suspicious login pages that could be fronts for credential theft
  • 2,400+ domains bearing similar string combinations as some of the malicious domains

Download a sample of the threat research materials now or contact us for accessing the complete research materials.


  • [1]
  • [2]
Try our WhoisXML API for free
Get started