It’s likely an attempt to steal usernames and passwords for privilege escalation. I had a large corporate client who faced a very similar issue. In their case, the scammer not only registered similar domains but also created Google Ads campaigns targeting those domains. It’s worth investigating further and taking preventative measures to protect your brand and users.

Check this: https://github.com/kgretzky/evilginx2