|
Trending news and global events impact domain registration behaviors. We observed a slew of coronavirus-themed domain name registrations, for example, as early as January. George Floyd’s death, which sparked several Black Lives Matter movements, is no different.
Three days after George Floyd died, our data feed started detecting George Floyd-themed domain names. On 28 May, these included:
Black Lives Matter is a global movement and is not new. However, in less than two weeks, there has been a trend in registered domain names inspired by George Floyd and Black Lives Matter. We retrieved all domain names that contain the strings “eorge,” and “lackliv” from 28 May to 7 June and found 402.
Examples of domain names that contain the string “lackliv” are:
We wanted to see the domain infrastructure of the domains. So we ran a bulk analysis of the 402 domain names. Here is what we found:
Country | Number of Domain Name Registrations |
---|---|
United States | 232 |
Canada | 56 |
Panama | 34 |
Netherlands | 11 |
China | 5 |
Australia | 3 |
Redacted for Privacy | 3 |
Spain | 2 |
Turkey | 2 |
Ukraine | 2 |
Algeria | 1 |
Brazil | 1 |
Cayman Islands | 1 |
Italy | 1 |
Lithuania | 1 |
Poland | 1 |
Singapore | 1 |
Switzerland | 1 |
The themed domain name registration peaked on 5 June (so far) for the word strings above when a total of 69 new domains were seen. On the same day, Michael Jordan announced that he and the Jordan Brand were donating US$100 million to organizations dedicated to upholding racial equality.
It could be a coincidence, but it’s a known fact that typosquatting domains can be used in business email compromise (BEC) scams and phishing campaigns. Therefore, the following scenarios are not farfetched:
We ran some of these “George Floyd” and “Black Lives Matter” domains on a screenshot lookup tool. That way, we could see their contents without actually visiting them. Here are our findings:
Some domains redirect to other sites: An example is georgefloyd20[.]org, which redirects to The Gambia Times.
While some domains inspired by George Floyd and the Black Lives Matter movement are certainly used legitimately, we can’t discount the possibility that several could be used to take advantage of the situation. As such, these domains deserve our attention from a cybersecurity standpoint.
Sponsored byVerisign
Sponsored byCSC
Sponsored byIPv4.Global
Sponsored byRadix
Sponsored byVerisign
Sponsored byDNIB.com
Sponsored byWhoisXML API