Threat Research Report: Malicious Domain Activity During the Los Angeles Wildfires

Researchers identified a short-lived, large-scale phishing and fraud campaign exploiting the 2025 Los Angeles wildfires: 119 domains registered in a six-day window (8–13 Jan 2025) using disaster-related keywords and largely .com TLDs (58% registered via GoDaddy). The domains and associated content target emotional triggers and recovery themes (relief funds, insurance claims, cleanup services), enabling financial scams, PII harvesting, and fake GoFundMe pages using recycled images to deceive donors.