Latest news of the domain name industry

Recent Posts

Over 660,000 “coronavirus” domains registered

Kevin Murphy, June 23, 2020, 12:49:15 (UTC), Domain Registrars

There have been hundreds of thousands of domains that appear to refer to coronavirus registered since the start of the outbreak, but the domain industry reckons only a tiny portion of them have been used maliciously.

Speaking on a recent webinar, ICANN security specialist Sion Lloyd said that up until the end of May, ICANN had found 662,111 domains that at first glance appeared to be related to the pandemic.

ICANN had cast a wide net, parsing the zone files for all of the gTLDs and a handful of ccTLDs for strings such as “covid”, “corona”, “mask”, “quarantine” and “lockdown” in multiple languages.

But it also searched for homoglyph variants, such as replacing the O in Covid with a 0, and this brought in hundreds of thousands of false positives.

The actual number of domains that appear to refer to the virus and its impact is more like 170,000, Lloyd said.

The word “mask” was more commonly found than “corona”, but less frequently than “covid”.

The research was done as part of ICANN’s attempt to provide registries and registrars with data they could use to mitigate abuse, such as the sale of fake vaccines, fraud or phishing attacks.

But ICANN said that after it ran thousands of daily registrations through various public threat lists, it found a few hundred per day were potentially suspicious. At the peak, roughly 10 per day were considered serious enough to refer to registrars. That’s now down to three or four a day, Lloyd said.

His research was backed up by similar studies, albeit using slightly different methodologies and different-sized nets, by registries and registrars.

Tucows’ Graeme Bunton showed data reflecting that the registrar was seeing about 300 coronavirus-related regs per day at its peak in March.

The company had its compliance team manually check each domain, and found that only 0.5% were being used for clearly malicious purposes. The large majority — around 70% — were parked or not resolving, he said.

Jim Galvin from Afilias said that at the March peak the registry was seeing almost 900 coronavirus domains across its 25 gTLDs every week. That had dropped to under 100 by the end of March.

Brian Cimbolic of Public Interest Registry said that there had been 14,700 total registrations by the end of May, with the early April peak seeing over 500 in a single day.

While all this work is an example of ICANN and the industry getting involved to some extent in content regulation, Tucows’ Bunton said that it was an “exceptional” circumstance that was unsustainable and of limited use.

More data and the webinar recording can be found here.

Tagged: ,

Comments (3)

  1. I predict a big future for asteroid domains.

  2. Riley says:

    Those registrations range from the misguided to the malicious.

    Well at least the registries pocketed all the registration fees from the coronavirus domain registrations

  3. Giselle says:

    When this pandemic will finish these domains will be unusable.

Leave a Reply to Riley