ICANN held a webinar on the registration of coronavirus-related domains during the pandemic. ICANN security specialist Sion Lloyd presented the results of the corporation’s large-scale research: ICANN experts examined the zone files for all of the gTLDs and a handful of ccTLDs for strings such as “covid,” “corona,” “mask,” “quarantine” and “lockdown” in multiple languages. They also searched for homoglyph variants, where a letter in the key word was replaced with a digit or letter from another language (for example, C0VID instead of COVID).
From the beginning of the pandemic until the end of March, a total of 662,111 domains that could be related to COVID-19 were registered. However, according to Lloyd, the real number is much lower. He believes that the actual number of pandemic-related domains is about 170,000. Most importantly, only a tiny portion of the names were registered for malicious purposes, such as carrying out phishing attacks, spreading fake news, or selling fake vaccines. When the pandemic was at its peak, ICANN specialists considered that roughly 10 registrations per day were potentially suspicious, but now the number is down to three or four per day.
This information could be confirmed by statistics provided by registries and registrars, according to Domain Incite. For example, Tucows’ Graeme Bunton noted that the registrar was seeing about 300 coronavirus-related registrations per day at its peak in March. The company checked every such domain, and found that only 0.5 percent were being used for clearly malicious purposes. Bunton also noted that about 70 percent were parked or not resolving.
