Suspicious scam COVID-19 domains added as an abuse category in Abuse Monitor

We have just added a new “COVID-19” domain abuse Category and Abuse Source feed to production for our Standard Abuse Monitor subscribers.  If no COVID-19 category cases are reported for a particular TLD then no data will appear. Otherwise users can set filters in their dashboard to view all domains reported in this Category, or by the Abuse Source, which is Malware Patrol.

Our Registry Operator and Registrar subscribers can then manage each case according to their own policies and protocol, or they can be managed by RegistryOffice if using our managed services.

It is important to note that the abuse category of “COVID-19” is not domain abuse as defined by ICANN spec 11.3.b. While some new registrations may be legitimate and still point to parking pages, our testing has found that many are likely being used for malicious purposes such as leading to malware and phishing activity.  We intend to add a cross-reference feed that will then add other reports that may come in from other abuse sources reporting the same domain as being abused as defined by spec 11.3.b.

Just today it was reported that the U.S. Department of Justice is cracking down on fraud related to the coronavirus outbreak, and issued a temporary restraining order against the operators of coronavirusmedicalkit.com and required the registrar to immediately block it from public access.

We believe our clients will benefit from having this information and determine how best to act to protect their interests, and ultimately the public. This feed has added at no extra cost to our Standard Abuse Monitor clients.

Posted 23 March 2020 by Pinky Brand