Retiring the COVID-19 Threat List
As the nature of the pandemic has changed—fortunately, in most areas, decreasing in severity—the nature of COVID-themed malicious online activity has also changed, and lessened. From before the pandemic declaration in March of 2020, but especially as the lockdowns started, we observed malicious actors registering vast numbers of domains with pandemic-related themes. In the interest of applying our research to help make the Internet safer for everyone, we worked with an outstanding group called the COVID-19 Cyber Threat Coalition to share information and to gain a better understanding of how domains were being used in harmful ways related to the pandemic.
As we illustrated in this year’s edition of the DomainTools Report, the registration and operation of domains tied to a particular event (or related cluster of events) often occurs in identifiable patterns, which we have named Domain Spikes and Domain Blooms. In both cases, after a peak, the number of domains tied to that theme settles down to a baseline. The bloom of COVID-themed domains has done exactly that, and because the activity has dropped off so much from its peak, we have decided to retire the COVID-19 Threat List, effective June 30, 2021.
If you still are interested in identifying illegitimate domains related to the pandemic, we recommend the free blocklist maintained by the aforementioned Coalition. They continue to do excellent work in this area. Meantime, if you are a DomainTools customer, most of our offerings provide various ways to continue to identify COVID-themed domains; for example, in DomainTools Iris, a search for domains beginning with, or containing, the string COVID, will surface domains that match; you can then easily scope down the set by Risk Score, create date, or other criteria. Likewise, PhishEye can help you spot new domains with the term “COVID” or close variations of it.
We would like to thank the DomainTools researchers and engineers who worked on the COVID-19 Threat List, as well as our partners at the COVID-19 Cyber Threat Coalition, for their efforts on this project.