Home / Industry

The Irony: Data Privacy Sites Bring Risks Instead of Protection

Many countries celebrate Data Privacy Awareness Week every last week of January. Each year, the National Cyber Security Alliance (NCSA) makes it a point to remind users about the importance of keeping their digital data safe from all kinds of threat actors. In fact, they commemorated this year’s Data Privacy Awareness Week with various events.

Sadly, while organizations the world over constantly hope to give every Internet user a fighting chance against attackers, threat actors still find ways to poison pages supposedly touting support for data privacy protection.

We collated a list of domains and subdomains hosting data privacy-related content that could pose risks to visitors instead of protection must-dos. Using various threat intelligence sources, we found:

  • More than 18,771 domains and subdomains containing the string combinations “data + privacy,” “data + protection,” and “protect + privacy,” 35 of which are deemed dangerous by various malware engines
  • 2,402 domains had retrievable WHOIS records but only 86 were unredacted
  • 1,949 unique IP address resolutions scattered across more than 50 countries, 61 of which were tagged “dangerous” by various malware engines
  • 6,236 domains that share IP hosts with our initial list of domain names, 23 of which were dubbed “dangerous” by various malware engines

As part of our ongoing effort to enable cybersecurity analysts and researchers to further their studies, we collated all pertinent data and made it available to anyone interested. You may download the related threat research materials here.

Dataset

We scoured the Web for domains and subdomains that contained three string combinations:

String CombinationNumber of DomainsNumber of Subdomains
data + privacy1,959786
data + protection3,87310,000+
protect + privacy1,1421,011
TOTAL6,97411,797+

Our dataset totaled 6,974 domains and more than 11,979 subdomains. That amounts to almost 19,000 web properties.

Web Property Ownership

A bulk WHOIS lookup for the 6,974 domains revealed that:

  • A total of 2,402 domains had current WHOIS records. Of these, only 86 had unredacted registrant email addresses.
  • A majority of the nearly 90 domains with ownership information were owned by IT companies, followed by consulting companies and law offices. These findings are consistent with the kinds of users who may want to know more about data privacy—organizations that operate on the Internet and may need legal guidance for compliance purposes.

IP Address Resolution

A bulk IP geolocation lookup for the nearly 7,000 domains showed that:

  • The domains resolved to 1,949 unique IP addresses.
  • The IP addresses were scattered across 51 countries led by the U.S., Germany, and Canada.
  • Reverse IP lookups, with results limited to five domains sharing each host, gave us a list of 6,236 connected domains. If any of them share a host with malicious web properties, avoiding them is recommended.

Malware Checks

A bulk malware check via the Threat Intelligence Platform (TIP) revealed:

  • 30 malicious domains from our initial dataset
  • Eight malicious subdomains from our initial dataset
  • 61 malicious IP address resolutions, including:
    64[.]190[.]62[.]111
    192[.]0[.]78[.]24
    99[.]83[.]153[.]108
    185[.]199[.]110[.]153
    209[.]99[.]40[.]222
  • 23 malicious connected domains (i.e., shared IP hosts with the initial set of domain names), including:
    03egrag[.]cn
    a2zkidsbooks[.]co[.]nz
    00i1[.]xyz
    0concordance952[.]ml
    0hoqrpq0agjr[.]ml

Ironically, almost 40 sites that hint to be created to spread data privacy awareness instead put visitors at risk of malware infection and data theft. Users would do well to avoid accessing them (listed in the table below).

The remaining domains are available in the downloadable spreadsheet.
Malicious DomainsMalicious Subdomains
privacydatarecovery[.]xyz
privacypreservingdata[.]in
datasecurityandprivacylawblog[.]com
365dataprotection[.]com
datahelpprotection[.]ga
data-protection-de[.]ml
cisodataprotection[.]com
vdataprotectionofficer[.]net
hs-data-protectiongroup[.]com
access-dataprotection-uk[.]com
privacydata-cancel[.]servehttp[.]com
privacypolicy-userdata[.]microsoftonline-protection[.]com
support[.]statement-data[.]privacy[.]tell-methetrue[.]com
www[.]support[.]statement-data[.]privacy[.]tell-methetrue[.]com
data-protection-system[.]yomine[.]shop
data-protection-operation[.]hongjitang[.]top
privacyprotect[.]blogspot[.]com
privacy-protection[.]qarchive[.]org

You can get the complete list of malicious IP addresses and connected domains from the downloadable spreadsheet as well.


It’s clear that just because a website claims to be good (e.g., espousing data privacy awareness and/or protection), it isn’t necessarily. The dangerous web properties featured in this post prove that. Take note of them and avoid accessing them.

If you wish to perform a similar investigation, please don’t hesitate to contact us. We’re always on the lookout for potential research collaborations.

By WhoisXML API, A Domain Research, Whois, DNS, and Threat Intelligence API and Data Provider

Whois API, Inc. (whoisxmlapi) is a big data and API company that provides domain research & monitoring, Whois, DNS, IP, and threat intelligence API, data and tools to a variety of industries.

Visit Page

Filed Under

CircleID Newsletter The Weekly Wrap

More and more professionals are choosing to publish critical posts on CircleID from all corners of the Internet industry. If you find it hard to keep up daily, consider subscribing to our weekly digest. We will provide you a convenient summary report once a week sent directly to your inbox. It's a quick and easy read.

I make a point of reading CircleID. There is no getting around the utility of knowing what thoughtful people are thinking and saying about our industry.

VINTON CERF
Co-designer of the TCP/IP Protocols & the Architecture of the Internet

Comments

Commenting is not available in this channel entry.

Related

Topics

Domain Names

Sponsored byVerisign

IPv4 Markets

Sponsored byIPXO

Cybersecurity

Sponsored byVerisign

Domain Management

Sponsored byMarkMonitor

Threat Intelligence

Sponsored byWhoisXML API