The tax season is not only for taxpayers. Threat actors also flock to the Internet, baiting individuals and entities through different types of tax frauds.1 WhoisXML API trailed their sights on possible vehicles for malicious activities this tax season by uncovering domains and subdomains that contain tax-related terms.
Our findings include:
- 1,600+ domains and subdomains containing combinations of relevant text strings, such as “tax,” “refund,” “return,” “payment,” “filing,” and “irs”
- 780+ tax-related domains and root domains of tax-related subdomains with current WHOIS records
- 1,600+ IP resolutions of the properties pointing to 590+ unique IP addresses
- 190+ malicious domains and subdomains detected by various malware engines
- IP addresses with the most domain resolutions and the domains resolving to them
Download the threat research materials containing the tax-related data and other relevant data points now.
-  https://www.tripwire.com/state-of-security/security-data-protection/scams-making-the-rounds-this-tax-season/