Home / Industry

Could the LGBTQ Community Be a Target of Internet Threat Actors?

Pride month is celebrated worldwide. While it’s meant to be a time of celebration for members of the LGBTQ community and their families and supporters, its popularity has also made it a possible target of cyber threats. In this post, we look at potentially dangerous Internet properties that have been registered both recently and over the years.

Pride Month-Related Domains and Subdomains

A recent asset discovery search for domains and subdomains containing the string “pride month” provided a list of:

  • 52 domains
  • 15 subdomains

A bulk WHOIS lookup for these revealed that only two of the domains were publicly attributable (i.e., their registrants’ names appeared on their WHOIS records). That amounts to only 3% of the total number of domains and subdomains. In addition, four of the domains were newly registered.

Based on screenshot lookups, only 13 of the domains and subdomains resolved to live websites (excluding those that are parked and currently up for sale). One of these (i.e., pridemonth[.]club), however, could be considered suspicious as instead of supporting the LGBTQ community, it seems to be a site for those who do not support it.

Fortunately for those who may be looking for reputable Pride Month-related websites, none of the domains and subdomains we subjected to Threat Intelligence Platform (TIP) malware database checks were flagged as “malicious.”

LGBTQ-Themed Domains and Subdomains

A domains and subdomains discovery search for domains and subdomains containing the string “lgbtq” provided a list of:

  • 6,633 domains
  • 1,566 subdomains

As the numbers show, there are far more websites whose names contain “lgbtq” compared with “pride month.”

A bulk WHOIS lookup for these revealed that only 308 (4%) had publicly identifiable registrants based on the email addresses in their WHOIS records. In addition, 22 of these were registered this year.

Screenshot lookups showed that it’s probably not a good idea to access at least three (i.e., lgbtq[.]ge, lgbtq[.]dk, and lgbtq[.]it) of the domains in public places or offices as they pointed to websites with adult content. Their owners may just be riding on the current popularity of the movement to get people to access their websites.

Malware database checks revealed that 45 of the domains and subdomains are dubbed “malicious” or “suspicious” on various threat intelligence sources, including Bambenek Consulting, VirusTotal, and Google Safe Browsing.

Reverse Domain Name System (DNS) checks for these malicious domains pointed to 25 unique connected IP addresses and 72 other unique connected domains and subdomains that may be worth blocking access to and from.

Pride Month and LGBTQ Domain Registration Trend

Looking at the domain registration volume for the strings “pride month” and “lgbtq” revealed an upward trend from 1992 to the present. (Note that 2021 is not yet over so the number of domains for this year remains a partial figure.) Given this continued uptick in registrations, we are likely to see more Pride Month and LGBTQ-related websites over time. Most are likely to be safe to access based on the analysis done for this post but more can also pose risks to visitors.

Pride Month and LGBTQ-related domain registration trend

Threat actors often ride on popular events and topics for their campaigns. Pride Month and the LGBTQ community are no exceptions, as evidenced by the presence of related malicious domains and subdomains. Any users interested in news and articles or joining connected organizations or donating to related causes must watch out for malicious web properties that can cause them to become victims of phishing or more sinister cyber attacks.

As the terms gain more popularity, so will the number of threats riding on them likely increase. Blocking access to the 45 confirmed domains and subdomains identified in this post with the help of domain and IP intelligence sources is the first step toward the right direction—protecting their personal or corporate data and network.

For more information on the intelligence gathered in this post or to run a joint security analysis, feel free to contact us.

BLACK FRIDAY DISCOUNT - CircleID x NordVPN
Get NordVPN  [74% +3 extra months, from $2.99/month]
By WhoisXML API, A Domain Research, Whois, DNS, and Threat Intelligence API and Data Provider

Whois API, Inc. (WhoisXML API) is a big data and API company that provides domain research & monitoring, Whois, DNS, IP, and threat intelligence API, data and tools to a variety of industries.

Visit Page

Filed Under

Comments

Commenting is not available in this channel entry.
CircleID Newsletter The Weekly Wrap

More and more professionals are choosing to publish critical posts on CircleID from all corners of the Internet industry. If you find it hard to keep up daily, consider subscribing to our weekly digest. We will provide you a convenient summary report once a week sent directly to your inbox. It's a quick and easy read.

Related

Topics

New TLDs

Sponsored byRadix

Threat Intelligence

Sponsored byWhoisXML API

Domain Names

Sponsored byVerisign

IPv4 Markets

Sponsored byIPv4.Global

DNS

Sponsored byDNIB.com

Brand Protection

Sponsored byCSC

Cybersecurity

Sponsored byVerisign