Firewall integrations

Fortinet

Elevate the power of your Fortinet Fortigate Firewall using by adding our Intelligence.

Palo Alto

Palo Alto Firewalls can be hardened with our threat intelligence as well.

Sophos XGS

Enhance the Sophos XGS Firewall with our threat intelligence.

OPNsense

Enhance your OPNsense Firewall with our threat intelligence using the native plugin.

SIEM integrations

Splunk

Splunk is a great platform, but without the right Threat Intelligence it's just a log server. Try our threat intelligence today. 

Microsoft Sentinel

One of the most used SIEM solutions should be enriched with the right Intelligence. At Q-Feeds you're at the right place!

Other

Luckily there are many other SIEM vendors whom support 3rd party threat intelligence.

Threat Intelligence Portal

Darkweb Monitoring

Darkweb monitoring is one of our services, not only for threat intelligence but also for you most important assets.

Threat Lookup

With Threat Lookup you get full insights in our IOC database, including full MITRE ATT&K mapping.

External Attack Surface Management

A toolset to check your external facing assets exposed on the internet

Vulnerability Scanner

A comprehensive vulnerability scanner which can scan your infrastructure and web applications

Brand Protection

Protect your brand for look-a-likes and potential phishing attempts

Services

TAXII Feeds & Server Software

TAXII/STIX2.1 standard. Both in form of feeds and server software available

Implementation

Need help with implementations? No worries, we have a strong network of partners who are able to help you.

Solutions

Enrich my SIEM

Elevate the power of your SIEM solution using by adding our Intelligence.

Enrich my Firewall

Firewalls can be hardened with our threat intelligence as well.

Prevent phishing

Enhance your protection against phishing

Achieve compliancy

Achieve compliancy by correlating the best threat intelligence to your logs

Futuristic eye design with circuits and geometric shapes.

Company

About

Read here all about Q-Feeds

News and Updates

Cybersecurity news and updates about us

Publications

All of our media coverage in one place

Become a reseller

Strengthen your portfolio with our comprehensive reseller program

Partner locator

Find our certified partners here

Contact

For all your questions or inquiries

Neural network representation of a human brain

Support

My Account

Access your account and manage your licenses

Downloads & Manuals

On this page you find white papers and manuals

Knowledge base

Our knowledge base full of implementation instructions

Start for free

Start your cyber security intelligence journey here

Abstract geometric wireframe human head

Unmasking phantom squatting: The threat of AI-hallucinated domains in software supply chain attacks

Jul 1, 2026 | Threat Intelligence Research

Phantom Squatting: New Threat in AI-Driven Software Supply Chains

TL;DR

Research by Unit 42 highlights a new attack vector termed “phantom squatting,” where adversaries register non-existent web domains generated by large language models, leading to significant risks for software supply chains. The study reveals thousands of hallucinated domains that remain unregistered, giving attackers opportunities to exploit these vulnerabilities.

Main Analysis

Unit 42’s research indicates that large language models frequently produce fictitious web domains for legitimate brands, which adversaries can weaponize by registering these domains to intercept AI-generated traffic. This form of attack extends beyond historical vulnerabilities associated with software supply chains and illustrates a new, significant risk. The methodology employed by Unit 42 involved monitoring the registration of high-priority hallucinated domains and revealed that real-world detections occurred across multiple sectors, with a predictive window of 18 to 51 days before adversary registration.

The research explored the “phantom squatting” attack lifecycle, which includes four phases: discovering hallucinations, acting by registering phantom domains, using LLMs for luring victims, and bypassing traditional defenses through zero-reputation status. This lifecycle demonstrates that existing supply chain defenses are unprepared for such threats, as they operate under the assumption that malicious domains have a detectable reputation. Phantom domains exploit this gap by having no prior malicious activity, making them undetectable by conventional threat intelligence methodologies.

Defensive Context

Organizations that utilize AI coding assistants in their development workflows should be particularly vigilant. This includes sectors heavily reliant on automated systems, like technology, finance, and e-commerce. Teams managing independent workflows may not need to prioritize this threat if they do not leverage LLM outputs for critical tasks, but those that do must understand the implications of AI-generated outputs that could lead to inadvertent exposure to these phantom domains.

Why This Matters

Phantom squatting represents a genuine risk due to the rapid evolution of AI in software development processes. Developers could unknowingly integrate AI-generated malicious links into production environments, therefore exposing organizations to credential theft, data loss, or system exploitation. The potential for automatic exfiltration of sensitive information by autonomous agents complicates the threat, as these processes may occur without human oversight, introducing significant risks.

Defender Considerations

Organizations can enhance their defenses by proactively monitoring for hallucinated domains through dedicated detection pipelines like the one developed by Unit 42. Although traditional URL filtering may fail against these newly registered phantom domains, continuous observation of registration patterns can provide actionable insights and lead to preemptive measures before domain weaponization occurs.

Indicators of Compromise (IOCs)

  • Confirmed malicious URLs: 13,229 identified
  • Estimated unregistered hallucinations: Approximately 250,000 potential phantom domains

In summary, phantom squatting highlights a critical vulnerability in AI-powered software supply chains, necessitating a shift in defensive strategies that account for AI security risks.

Click here for the full article

Try our Intelligence today!

Streamline your security operations with a free Q-Feeds trial and see the difference.

Other articles