It is not uncommon to see reports that blame piracy or leaks before the release of the films’ low revenue share. We’ve seen this happen over time with movies like “X-Men: Origins Wolverine”, “Star Wars: Episode III: Revenge of the Sith” and “The Expendables 3”. All of them fell victim to digital hackers, which caused financial losses to their producers, not only through lost ticket sales, but also legal battles with those responsible for the leaks.
Could domain and subdomain monitoring help detect Internet properties that might portend illegitimate versions? After all, movie pirates need websites or pages to distribute their stolen goods. Movie-related squat properties could also be particularly effective phishing lures, as avid fans may be eager to download any file made available to them in the hope that it actually contains the content they want. .
We set out to explore these scenarios by checking out the domain and subdomain registration trends for the Most Anticipated Movies over the next several months.
Most Anticipated Fall 2021 Movie Domains and Subdomains
The long wait for the next blockbusters is finally over with the reopening of cinemas. Crowd favorites in the Marvel Cinematic Universe, sequel to popular classics, and the latest work from hottest Hollywood stars are some of the movies we’ve been tracking domain and subdomain registration trends for.
We checked the Domain Name System (DNS) for the volume of records containing these search strings:
- “Shang-chi + film” for the Marvel film “Shang-Chi and the legend of the ten rings”
- “Eternals + film” for the Marvel film “Eternals”
- “Ghostbusters + afterlife” for the next Ghostbusters sequel “Ghostbusters: Afterlife”
- “Red + notice + movie” for Dwayne’s upcoming action flick “The Rock” Johnson, Gal Gadot and Ryan Reynolds “Red Notice”
- “Top + gun + maverick” for the next Top Gun sequel “Top Gun: Maverick”
Searches for the channels mentioned above on Domains & Subdomains Discovery gave us the following results:
|Fall movie||Search strings used||Number of domains||Number of subdomains|
|Shang-Chi and the legend of the ten rings||shang-chi + film||3||1|
|Eternals||eternal + film||42||4|
|Ghostbusters: the afterlife||ghost hunters + afterlife||7|
|Red Notice||red + instructions + film||3|
|Top Gun: Maverick||spinning top + gun + sniper||51||13|
A bulk WHOIS search for all 106 domains revealed the following results:
- Only 11 of the total number of domains are publicly attributable to legitimate movie owners based on their owner email addresses. The table below shows the details.
The domains that are publicly attributable to the production teams may have been registered for promotional purposes or to reserve spaces for the five films when they are released to public. Examples of these would be shang-chithemovie[.]com, eternal movie[.]at, and rednoticemovie[.]com.
Shang-chithemovie[.]com, according to a screenshot search, appeared to be online but under maintenance since September 13, 2021. Nonetheless, it may soon allow visitors to learn more about “Shang-Chi and the Legend of the Ten Rings”, as its WHOIS record shows Disney as its holder.
Eternal movie[.]at, meanwhile, is parked and probably awaiting the official launch of “Eternals”. On November 5, 2021, the Disney-owned site could tell visitors where to watch the film.
Finally, rednoticefilm[.]com seems to redirect to netflix[.]com as of this writing. As of November 12, 2021, the page may allow people to stream “Red Notice” after logging into their Netflix accounts, of course, since the domain is owned by Netflix.
- On average, the oldest domains related to the expected fall films were registered about five years before their official release date in the United States, which could coincide with the length of their development. For example:
- The oldest domain linked to “Shang-Chi and the legend of the ten rings” (shang-chithemovie[.]com) was recorded approximately 16 years before September 3, 2021 (specifically May 27, 2005), its official release date in the United States. The film entered development in 2001, which could be the reason why the domains belonging to it were registered as early as 2005.
- The oldest domain linked to “Eternals” (eternalsalvationmovie[.]com) was recorded approximately three years before November 5, 2021 (specifically February 25, 2019), its official release date in the United States. The film entered development in 2018, a possible explanation for when the first domain was created.
- The oldest domain linked to “Ghostbusters: Afterlife” (marudai-ghostbusters-afterlife-cp[.]jp) was recorded approximately nine months before November 11, 2021 (specifically February 21, 2021), its official release date in the United States.
- The oldest domain linked to “Red Notice” (rednoticethemovie[.]com) was recorded approximately four years before November 12, 2021 (specifically March 29, 2018), its official release date in the United States. The estate’s creation date coincides with the start of development of the film.
- While none of the domains and subdomains are flagged as “malicious” when subjected to mass malware checking on the Threat Intelligence platform, some are suspect, namely:
- topgunmaverick2020full movie[.]com
“Ghostbusters: Afterlife,” “Red Notice,” and “Top Gun: Maverick” have yet to be officially released, but domain names suggest they may already be available for viewing. If criminals control these domains, they could arm them with malicious files that could be downloaded to visitors’ computers when accessing URLs.
As we get closer to the movie release dates, we may see more domains and subdomains with strings related to the five featured movies appearing on the DNS. And if the trend we’ve seen so far continues, a significant portion of it is unlikely to be publicly attributable to the rightful owners of the films. Any number of them could lead to malware infection or worse.
Interested in conducting a similar study? You can contact us for a collaboration or to get a copy of the full list of domains and subdomains related to the films expected in fall 2021.