NordVPN Promotion

Home / Industry

Facebook Is Now Meta, Will Threat Actors Ride the Wave?

Facebook CEO Mark Zuckerberg, on 28 October in Connect 2021, introduced Meta, which will be Facebook’s parent company, along with the organization’s various apps and technologies. According to Zuckerberg, “Meta’s focus will be to bring the metaverse to life and help people connect, find communities, and grow businesses.”

Given the change that is set to further change the social media landscape, are we bound to see threats taking advantage of the Facebook rebranding? We sought to find out by looking at the NRD scene.

Our deep dive brought these findings to light:

  • A total of 314 domains containing the string “meta” were registered on 25—31 October 2021.
  • 270 of the 314 newly registered domains (NRDs) were created on 25 October 2021.
  • Dynadot LLC is the registrar of a majority of the Meta NRDs.
  • 54 subdomains containing the string “facebook + meta” were registered between 28 October and 15 November 2021.
  • 5,555 NRDs containing the string “meta” were registered between 28 October and 3 November 2021, a week after the announcement was made.

The data we collated and analyzed to come up with the findings above is available for download here.

A Closer Look at Typosquatting Domains

We began our investigation by downloading the typosquatting data feeds for the week of 25—31 October 2021, which coincided with Zuckerberg’s announcement.

A total of 314 newly registered domains (NRDs) containing the string “meta” were registered during the period. A majority of these domains (270 to be exact) were registered on 25 October. Take a look at the chart below for the breakdown by registration date.

Chart 1: Bulk look-alike domain volume breakdown by registration date

Subjecting the 314 domains to a bulk WHOIS lookup showed that:

  • Only 122 had retrievable WHOIS records.
  • Dynadot LLC was the top registrar for the domains, accounting for 31 of them. The rest of the remaining NRDs were spread across 19 other registrars as shown in the following chart.
Chart 2: Bulk look-alike domain volume by registrar
  • Of the 122 domains, only one had an identifiable registrant email address. A possible reason for that could be that none of the domains are being used yet and so belong to domainers hoping to ride the Meta wave.
  • A bulk malware check of the 314 domains via Threat Intelligence Platform (TIP) showed that for now, none of them are tagged as malicious by any malware engine. Note, however, that some of them (those that contain “metaverse” or any of its possible iterations) could easily be adopted for phishing campaigns.

Should Users Be on the Lookout for Meta Subdomains as Well?

To date, typing the domain meta[.]com into your browser redirects to a facebook[.]com subdomain, specifically https[:]//about[.]facebook[.]com/meta. Should we then be monitoring subdomains containing the string “meta” as well for connections to ongoing threats? We sought to find out using Domains & Subdomains Discovery.

Using “facebook + meta” as a search string, we uncovered 54 subdomains, including:

  • www[.]facebooksmetaverse[.]bbfounders[.]com
  • feat-facebook-meta-ft4liga-kin6y4jfnzeva.eu-2[.]platformsh[.]site
  • www[.]mentos[.]bg[.]feat-facebook-meta-ft4liga-kin6y4jfnzeva[.]eu-2[.]platformsh[.]site
  • www[.]mentos[.]si[.]feat-facebook-meta-ft4liga-kin6y4jfnzeva[.]eu-2[.]platformsh[.]site
  • www[.]mentos[.]ng[.]feat-facebook-meta-ft4liga-kin6y4jfnzeva[.]eu-2[.]platformsh[.]site

None of these domains were owned by Meta (formerly Facebook) based on a WHOIS lookup. And while so far none of them are dubbed “dangerous” by malware engines, leaving similar subdomains insufficiently protected may make them ripe for subdomain takeover and end up being abused for malicious campaigns.

Is the Number of Meta Domains Showing a Rising Trend?

In the week following the Meta announcement, we looked at the registration volume of domains containing the string “meta.” We found a total of 5,555 NRDs, more than 1,000 domains each were registered on 29 October, 30 October, and 3 November 2021. Take a look at the breakdown shown in the chart below.

Chart 3: Registration volume trend for domains containing the string “meta”

It isn’t surprising to see that more than 1,000 domains each were registered on the first two days following the announcement, as domainers could be racing against competitors to have such domains ready for anyone, including Meta and its app and technology users, who may be interested in buying them. And should Meta decide to use the meta[.]com for its homepage (instead of redirecting to a subdomain under facebook[.]com), we may see an upward trend in “meta”-containing domain registrations, as the number for 3 November is hinting at.


As the days progress and as Meta broadens its portfolio, we may see more domains and subdomains (malicious or otherwise) registered. For now, users seem to be safe from related threats but only time will tell if that trend will continue.

Contact us if you wish to conduct a similar research on new company, product, or service announcements. We can provide assistance via our wide range of WHOIS, IP, and DNS data solutions.

NORDVPN DISCOUNT - CircleID x NordVPN
Get NordVPN  [74% +3 extra months, from $2.99/month]
By WhoisXML API, A Domain Research, Whois, DNS, and Threat Intelligence API and Data Provider

Whois API, Inc. (WhoisXML API) is a big data and API company that provides domain research & monitoring, Whois, DNS, IP, and threat intelligence API, data and tools to a variety of industries.

Visit Page

Filed Under

Comments

Commenting is not available in this channel entry.
CircleID Newsletter The Weekly Wrap

More and more professionals are choosing to publish critical posts on CircleID from all corners of the Internet industry. If you find it hard to keep up daily, consider subscribing to our weekly digest. We will provide you a convenient summary report once a week sent directly to your inbox. It's a quick and easy read.

Related

Topics

Domain Names

Sponsored byVerisign

Threat Intelligence

Sponsored byWhoisXML API

DNS

Sponsored byDNIB.com

Cybersecurity

Sponsored byVerisign

Brand Protection

Sponsored byCSC

New TLDs

Sponsored byRadix

IPv4 Markets

Sponsored byIPv4.Global

NordVPN Promotion