Domain Squatting

Domain squatting Attacks¶

Get list of expired domains list of expired domains by top level domain
Find expired Domains

By setting up a simple catch-all email service, you can:
- receive email correspondence addressed to former staff; and
- receive password reset emails from online services.

Revealing Valid Passwords from Data Breaches
On Haveibeenpwned and SpyCloud, email and domain name owners can check if they have an account that has been compromised in a data breach. It usually means that passwords from online services have ended up on the internet for everyone to see.

https://medium.com/@gszathmari/hacking-law-firms-abandoned-domain-name-attack-560979e0b774

Domain Fronting Attacks¶

Search for Frontable Domains
https://github.com/vysec/DomainFrontingLists
https://www.mdsec.co.uk/2017/02/domain-fronting-via-cloudfront-alternate-domains