Skip to content

Suspicious scam COVID-19 domains added as an abuse category in Abuse Monitor

 

Screen Shot 2020-03-23 at 12.13.16 PM

We have just added a new “COVID-19” domain abuse Category and Abuse Source feed to production for our Standard Abuse Monitor subscribers.  If no COVID-19 category cases are reported for a particular TLD then no data will appear. Otherwise users can set filters in their dashboard to view all domains reported in this Category, or by the Abuse Source, which is Malware Patrol.

 

covid19 abuse dashboard example

Our Registry Operator and Registrar subscribers can then manage each case according to their own policies and protocol, or they can be managed by RegistryOffice if using our managed services.

covid 19 case report

It is important to note that the abuse category of “COVID-19” is not domain abuse as defined by ICANN spec 11.3.b. While some new registrations may be legitimate and still point to parking pages, our testing has found that many are likely being used for malicious purposes such as leading to malware and phishing activity.  We intend to add a cross-reference feed that will then add other reports that may come in from other abuse sources reporting the same domain as being abused as defined by spec 11.3.b.

Just today it was reported that the U.S. Department of Justice is cracking down on fraud related to the coronavirus outbreak, and issued a temporary restraining order against the operators of coronavirusmedicalkit.com and required the registrar to immediately block it from public access.

We believe our clients will benefit from having this information and determine how best to act to protect their interests, and ultimately the public. This feed has added at no extra cost to our Standard Abuse Monitor clients.

Posted 23 March 2020 by Pinky Brand

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

%d bloggers like this: