Oscars 2022 Suspicious Sites You Should Avoid | WhoisXML API

Threat Reports

The Oscars and Suspicious Web Activity: What's the Link?

Hollywood’s popularity extends beyond providing entertainment. Like last year1, threat actors seemingly used sites dedicated to this year’s Oscar nominees2 as malware hosts. We looked at thousands of domains and subdomains containing the best picture titles and best actor/actress names to identify how many of them are actually malicious.

Our analysis allowed us to build detailed threat research materials that revealed:

  • 5% of the web properties containing the best picture contenders’ titles and best actor and actress nominees’ names were dubbed “dangerous” by various malware engines.
  • The malicious domains and subdomains resolved to one malicious IP address that users should monitor at the very least by those who don’t employ IP-level blocking.
  • IoC and artifact expansion is critical for those who wish to employ utmost security since at least two of the IP hosts shared by malicious web properties (currently not tagged “dangerous”) host malicious domains.

Download the threat research materials now to access the complete list of identified artifacts used to conduct additional enrichment and threat analysis as well as trend identification.


  • [1] https://threatpost.com/oscar-bait-hackers-nominated-phishing-malware/165583/
  • [2] https://variety.com/feature/2022-oscars-best-picture-predictions-1234965329/
Try our WhoisXML API for free
Get started