|
Many countries celebrate Data Privacy Awareness Week every last week of January. Each year, the National Cyber Security Alliance (NCSA) makes it a point to remind users about the importance of keeping their digital data safe from all kinds of threat actors. In fact, they commemorated this year’s Data Privacy Awareness Week with various events.
Sadly, while organizations the world over constantly hope to give every Internet user a fighting chance against attackers, threat actors still find ways to poison pages supposedly touting support for data privacy protection.
We collated a list of domains and subdomains hosting data privacy-related content that could pose risks to visitors instead of protection must-dos. Using various threat intelligence sources, we found:
As part of our ongoing effort to enable cybersecurity analysts and researchers to further their studies, we collated all pertinent data and made it available to anyone interested. You may download the related threat research materials here.
We scoured the Web for domains and subdomains that contained three string combinations:
String Combination | Number of Domains | Number of Subdomains |
---|---|---|
data + privacy | 1,959 | 786 |
data + protection | 3,873 | 10,000+ |
protect + privacy | 1,142 | 1,011 |
TOTAL | 6,974 | 11,797+ |
Our dataset totaled 6,974 domains and more than 11,979 subdomains. That amounts to almost 19,000 web properties.
A bulk WHOIS lookup for the 6,974 domains revealed that:
A bulk IP geolocation lookup for the nearly 7,000 domains showed that:
A bulk malware check via the Threat Intelligence Platform (TIP) revealed:
64[.]190[.]62[.]111 192[.]0[.]78[.]24 99[.]83[.]153[.]108 185[.]199[.]110[.]153 209[.]99[.]40[.]222
03egrag[.]cn a2zkidsbooks[.]co[.]nz 00i1[.]xyz 0concordance952[.]ml 0hoqrpq0agjr[.]ml
Ironically, almost 40 sites that hint to be created to spread data privacy awareness instead put visitors at risk of malware infection and data theft. Users would do well to avoid accessing them (listed in the table below).
Malicious Domains | Malicious Subdomains |
---|---|
privacydatarecovery[.]xyz privacypreservingdata[.]in datasecurityandprivacylawblog[.]com 365dataprotection[.]com datahelpprotection[.]ga data-protection-de[.]ml cisodataprotection[.]com vdataprotectionofficer[.]net hs-data-protectiongroup[.]com access-dataprotection-uk[.]com | privacydata-cancel[.]servehttp[.]com privacypolicy-userdata[.]microsoftonline-protection[.]com support[.]statement-data[.]privacy[.]tell-methetrue[.]com www[.]support[.]statement-data[.]privacy[.]tell-methetrue[.]com data-protection-system[.]yomine[.]shop data-protection-operation[.]hongjitang[.]top privacyprotect[.]blogspot[.]com privacy-protection[.]qarchive[.]org |
You can get the complete list of malicious IP addresses and connected domains from the downloadable spreadsheet as well.
It’s clear that just because a website claims to be good (e.g., espousing data privacy awareness and/or protection), it isn’t necessarily. The dangerous web properties featured in this post prove that. Take note of them and avoid accessing them.
If you wish to perform a similar investigation, please don’t hesitate to contact us. We’re always on the lookout for potential research collaborations.
Sponsored byIPv4.Global
Sponsored byDNIB.com
Sponsored byRadix
Sponsored byWhoisXML API
Sponsored byCSC
Sponsored byVerisign
Sponsored byVerisign