Latest news of the domain name industry

Recent Posts

As it releases free download, DomainTools says 68,000 dangerous coronavirus domains have been registered

Kevin Murphy, March 26, 2020, 08:39:13 (UTC), Domain Services

More than 68,000 coronavirus-related domain names have been registered so far in 2020, according to data released by DomainTools today.

The domain intelligence services company has started publishing a list of these domains, updated daily, for free on its web site. You have to submit your email address to get it.

The download comprises a CSV file with three columns: domain, reg date, and Domain Risk Score.

This final field is based on DomainTools’ in-house algorithms that estimate how likely domains are likely to be used in nefarious activities, based on criteria including the domain’s connection to other, known-bad domains.

Only domains with a score of 70 or above out of 100 — indicating they will likely be used for activities such as phishing, malware or spam — will be included on the list, the company said.

The list will be updated daily at 0000 UTC.

You can find out more and obtain today’s list here.

Tagged: , , , , ,

Comments (5)

  1. Theo Geurts says:

    I would suggest people in the domain name industry join the Covid-19 Cyber Threat Coalition.

    https://join.slack.com/t/covid19cybert-qvl7792/shared_invite/zt-cyt9l8z9-wojJ6lHvlLKbWU0GnoUfXQ

    Currently, we have 1100 members, mostly cybersecurity researchers, and we are actively discussing how to combat the issue.

    While domain lists are important for possible mitigation, the biggest issue is actionable intelligence.
    Classifying domain names as dangerous because it contains Covid or Corona is not accurate.
    When there is malware, or it is tied with an APT crew who are attacking hospitals, that is dangerous.

    Currently, members of the Cyber Threat Coalition are creating whitelists of legit domain names that are tied to Covid or Corona.
    Hopefully, this helps to avoid people from blocking legit services and trackers that are essential when dealing with this crisis. If we start overreacting, there might be even more damage done.

  2. Mike says:

    Theo the majority of the domain name industry is to intelligent to register such domains, as they know they have no market purpose.

    Anyone can register any name, it’s not hard to do, these are just regular people trying to profit, most domain name
    Investors know profits cannot be made from such names, and know better not to touch them.

  3. Theo Geurts says:

    Mike, filtering out the domains that are up for sale is no issue as they are usually parked on known platforms.

  4. Theo Geurts says:

    I just parsed a few thousand domain names of the DT list and I notice that several parking providers like Efty.com are not excluded. That risk score of 99 seems rather high to me for such parked domain names?

  5. Theo – I focussed on the .ie domain names and found three categories in their list:
    1 – domains that aren’t pointing anywhere useful so registrar parking or coming soon type stuff
    2 – domains on parking / sale platforms
    3 – legit ones
    None of the .ie domains are being used for anything nefarious and the ones that were have already been pulled by the .ie registry after notice from the government authorities.
    So what I am really worried about is people or providers taking this list from DT and assuming that it’s *the* list to block which will result in in legitimate sites and services being blocked in firewalls etc

    Michele

Add Your Comment