paint-brush
#BLM Triggers Thousands Of Domain Registrations : What This Means by@WhoisXMLAPI
898 reads
898 reads

#BLM Triggers Thousands Of Domain Registrations : What This Means

by WhoisXML APIJuly 14th, 2020
Read on Terminal Reader
Read this story w/o Javascript
tldt arrow

Too Long; Didn't Read

1,140 domain names related to George Floyd and Black Lives Matter were detected within 19 days of monitoring. 70% of new registered domains are malicious or suspicious, possibly figuring in phishing campaigns and malware attacks. Some of these domains belong to legitimate charitable foundations, but several could be operated by scammers. People looking to donate to the movement and Floyd’s family should exercise caution. A fake Black Lives Matters Facebook page claimed to be raising money for activists and obtained around US$100,000 in donations.

Company Mentioned

Mention Thumbnail
featured image - #BLM Triggers Thousands Of Domain Registrations : What This Means
WhoisXML API HackerNoon profile picture
Coronavirus-themed new registered domains showed how domain name registration behaviors can be linked back to the news. In an earlier analysis covering January to March 2020, we detected no less than 50,000 domain names with terms hinting a connection to the pandemic.The coronavirus caught everyone’s attention and resulted in a lot of information seeking. As a result, websites hosted on domains containing relevant pandemic search terms could make money by displaying ads on their pages. What made coronavirus-themed new registered domains ripe for phishing were achievable monetary gains, notably through the sale of personal protective equipment (PPE), refunds for canceled trips, lawsuits and settlements, and donations.Somewhat similarly, we started detecting 1,000+ this time related to the Black Lives Matter movement. As these events also gained a lot of public attention, this post considers possible malicious or misinformative angles that could be taken in the coming weeks using these domains.

Surge in “George Floyd” and “Black Lives Matter” New Registered Domains

Domains that contain the strings “eorge” and “loyd” appeared in the Domain Name System (DNS) recently. From 28 May to 15 June, some 356 variations of George Floyd’s name (most containing typos) were noticed. Below are a few examples:
  • georgefloyd[.]black
  • georgefloyd[.]info
  • georgepfloyd[.]com
  • georgefloyd[.]net
  • georgesfloyd[.]com
  • george-floyd[.]org
  • georgefloyde[.]com
  • georgefloyd[.]news
  • georgefloyd[.]website
  • georgefloyd[.]store
  • georgefloyd[.]help
  • george-floyd[.]net
  • georgefloyd[.]party
  • igeorgefloyd[.]com
We also tracked domain names that contain the following strings:
  • “lackliv” for Black Lives Matter
  • “loyd” for George Floyd
  • “allli” for All Lives Matter
In total, 1,140 domain names related to George Floyd and Black Lives Matter were detected within 19 days of monitoring. The registrations peaked on 1 June, around the time that the Black Lives Matter movement drew global attention.Studies show that of new registered domains are malicious or suspicious, possibly figuring in phishing campaigns and malware attacks. Some of the George Floyd and Black Lives Matter domain names’ end goals could be similar. A few possible repercussions of these domain name registrations include:

1. Scams That Bank on Emotional Responses

Scammers are good at triggering reactions. Domain names such as georgefloydcharity[.]com, georgefloydcharityfoundations[.]org, blacklivesmatterfund[.]com, blacklives[.]support, and their variations, for instance, could convince sympathizers to extend monetary donations.While some of these domains belong to legitimate charitable foundations, several could be operated by scammers. In fact, a fake Black Lives Matter claimed to be raising money for activists and obtained around US$100,000 in donations. People looking to donate to the Black Lives Matter movement and Floyd’s family should thus exercise caution.

2. Phishers Masquerading as Legitimate Organizations

The Black Lives Matter movement is not new. Blacklivesmatter[.]com has been up since 2013. A look into supports this claim as it allowed retrieving the domain’s WHOIS record from October 2013.
But anyone can use the words “Black Lives Matter” in their domain names.
Hundreds of new registered domains were found in our analysis using different top-level domain (TLD) extensions or containing typos, a subset of which include:
  • blacklivesmatter[.]site
  • blacklivesmstter[.]com
  • blacklives-matter[.]com
  • blacklives-matter[.]store
  • blacklivesmatter[.]miami
  • blacklivesmatter2[.]com
  • blacklivesmatter[.]top
  • blacklivesmatter[.]live
  • blacklivesmatter[.]life
  • blacklivesmatterco[.]com
  • blacklivesmatter[.]family
  • blacklivesmatter[.]today
  • blacklivesmatter2020[.]shop
  • blacklivesmatter2020[.]store
  • blacklivesmatter2020[.]org
  • blacklivematters[.]com
  • blacklivematter[.]org
  • blacklivesmatter[.]support
  • blacklivesmatterstore[.]us
Using a , we found that many of these domains are not hosting any consumable content—either because they are parked, have a site under construction, or are pending WHOIS verification. Some did host an e-commerce website, which may or may not be affiliated with official representatives of the BLM movement.

3. Disinformation Campaigns

Another way that these domains could be used is to spread disinformation about the Black Lives Matter advocacy in general. recently asked the National Intelligence Director to determine if foreign entities are using the Internet to take advantage of the country's social unrest by spreading disinformation. Based on historical behavior, some international actors have used the Black Lives Matter movement to spread discord via .
It may still be too early to say whether “Black Lives Matter” and related new registered domains will result in a subsequent wave of scams and disinformation campaigns. Monitoring telltale signs of phishing and fraud is nonetheless recommendable.
바카라사이트 바카라사이트 온라인바카라