Detecting ChatGPT Phishing on Social Media with DNS Intelligence | WhoisXML API

Threat Reports

Detecting ChatGPT Phishing on Social Media with the Help of DNS Intelligence

With a 100 million-strong and growing user base,1 ChatGPT was bound to attract the attention of phishers and other cybercriminals.

Cyble researchers, in fact, recently published their in-depth analysis of campaigns seen since December 2022, barely a month after ChatGPT’s launch. 2

We used the four domains identified as indicators of compromise (IoCs) in the report as jump-off points for an expansion analysis that led to the discovery of:

  • Five IP addresses the IoCs resolved to
  • 300+ domains that shared the IoCs’ IP hosts, one of which turned out to be malicious
  • 1,100+ domains that started with the strings openai., chatgpt., and rebrand. akin to two of the IoCs, 11 of which were confirmed malware hosts
  • 2,600+ subdomains that contained the string chatgpt, five of which may have already figured in malicious campaigns

Download a sample of the threat research materials now or contact us to access the complete set of research materials.

  • [1]
Try our WhoisXML API for free
Get started