Skip to main content
SpringerLink
Log in

A First Look at COVID-19 Domain Names: Origin and Implications

  • Conference paper
  • First Online:
Passive and Active Measurement (PAM 2021)

Part of the book series: Lecture Notes in Computer Science ((LNCCN,volume 12671))

Included in the following conference series:

Abstract

This work takes a first look at domain names related to COVID-19 (Cov19doms in short), using a large-scale registered Internet domain name database, which accounts for 260 M of distinct domain names registered for 1.6 K of distinct top-level domains. We extracted 167 K of Cov19doms that have been registered between the end of December 2019 and the end of September 2020. We attempt to answer the following research questions through our measurement study: RQ1: Is the number of Cov19doms registrations correlated with the COVID-19 outbreaks?, RQ2: For what purpose do people register Cov19doms? Our chief findings are as follows: (1) Similar to the global COVID-19 pandemic observed around April 2020, the number of Cov19doms registrations also experienced the drastic growth, which, interestingly, pre-ceded the COVID-19 pandemic by about a month, (2) 70% of active Cov19doms websites with visible content provided useful information such as health, tools, or product sales related to COVID-19, and (3) non-negligible number of registered Cov19doms was used for malicious purposes. These findings imply that it has become more challenging to distinguish domain names registered for legitimate purposes from others and that it is crucial to pay close attention to how Cov19doms will be used/misused in the future.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 79.99
Price excludes VAT (USA)
  • Available as EPUB and PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 99.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Notes

  1. 1.

    We used the version of 81.0.4044.129.

References

  1. VirusTotal. https://www.virustotal.com/

  2. Boettger, T., Ibrahim, G., Vallis, B.: How the Internet reacted to COVID-19. In: Proceedings of the Internet Measurement Conference 2020 (Nov 2020)

    Google Scholar 

  3. Buchner, J.: imagehash - A Python Perceptual Image Hashing Module. https://github.com/JohannesBuchner/imagehash (2020)

  4. Candela, M., Luconi, V., Vecchio, A.: Impact of the COVID-19 pandemic on the internet latency: a large-scale study. Comput. Networks 182, 107495 (2020)

    Article  Google Scholar 

  5. Coull, S.E., White, A.M., Yen, T.F., Monrose, F., Reiter, M.K.: Understanding domain registration abuses. In: Rannenberg, K., Varadharajan, V., Weber, C. (eds.) Security and Privacy - Silver Linings in the Cloud, pp. 68–79. Springer, Berlin, Heidelberg (2010)

    Chapter  Google Scholar 

  6. Cyber Threat Coalition: 2020–05-26 Weekly Threat Advisory (2020). https://www.cyberthreatcoalition.org/advisories/2020-05-26-weekly-threat-advisory

  7. DOMAINLISTS.IO: Lists of all domains updated daily. https://domainlists.io/ (2020)

  8. Favale, T., Soro, F., Trevisan, M., Drago, I., Mellia, M.: Campus traffic and e-learning during covid-19 pandemic. Comput. Networks 176, 107290 (2020). https://doi.org/10.1016/j.comnet.2020.107290

    Article  Google Scholar 

  9. Feldmann, A., et al.: The lockdown effect: implications of the COVID-19 pandemic on internet traffic. In: Proceedings of the Internet Measurement Conference 2020 (Nov 2020)

    Google Scholar 

  10. Hao, S., Feamster, N., Pandrangi, R.: Monitoring the initial DNS behavior of malicious domains. In: Proceedings of the 2011 ACM SIGCOMM Conference on Internet Measurement Conference IMC 2011, pp. 269–278, Association for Computing Machinery, New York, NY, USA (2011). https://doi.org/10.1145/2068816.2068842

  11. Ispahany, J., Islam, R.: Detecting malicious URLs of COVID-19 pandemic using ML technologies (2020)

    Google Scholar 

  12. Korczynski, M., Wullink, M., Tajalizadehkhoob, S., Moura, G.C.M., Noroozian, A., Bagley, D., Hesselman, C.: Cybercrime after the sunrise: a statistical analysis of DNS abuse in new gTLDs. In: Proceedings of the 2018 on Asia Conference on Computer and Communications Security (ASIACCS 2018), pp. 609–623, Association for Computing Machinery, New York, NY, USA (2018). https://doi.org/10.1145/3196494.3196548

  13. Landis, J.R., Koch, G.G.: The measurement of observer agreement for categorical data. Biometrics, pp. 159–174 (1977)

    Google Scholar 

  14. Lee, Y.: Generating domain names relevant to current events. US Patent 20100146119A1, Dec 2008

    Google Scholar 

  15. Lutu, A., Perino, D., Bagnulo, M., Frías-Martínez, E., Khangosstar, J.: A characterization of the COVID-19 pandemic impact on a mobile network operator traffic. In: Proceedings of the Internet Measurement Conference 2020 (Nov 2020)

    Google Scholar 

  16. Peng, P., Yang, L., Song, L., Wang, G.: Opening the blackbox of virustotal: analyzing online phishing scan engines. In: Proceedings of the Internet Measurement Conference (IMC 2019), pp. 478–485, Association for Computing Machinery, New York, NY, USA (2019). https://doi.org/10.1145/3355369.3355585

  17. RIPE NCC: RIPE Atlas (2020). https://atlas.ripe.net/

  18. Selenium: Selenium - A browser automation framework and ecosystem (2020). https://github.com/SeleniumHQ/selenium

  19. Szurdi, J., Christin, N.: Domain registration policy strategies and the fight against online crime. In: Proceedings (online) of the Fourteenth Workshop on the Economics of Information Security (WEIS). Innsbruck, Austria (Jun 2018)

    Google Scholar 

  20. Tian, K., Jan, S.T.K., Hu, H., Yao, D., Wang, G.: Needle in a haystack: Tracking down elite phishing domains in the wild. In: Proceedings of the Internet Measurement Conference 2018 (IMC 2018), pp. 429–442, Association for Computing Machinery, New York, NY, USA (2018). https://doi.org/10.1145/3278532.3278569

  21. Tombs, N., Fournier-Tombs, E.: Ambiguity in authenticity of top-level coronavirus-related domains. In: Special Issue on COVID-19 and Misinformation 1 the Harvard Kennedy School (HKS) Misinformation Review (2020). https://doi.org/10.37016/mr-2020-036

  22. World Health Organization (WHO): WHO Coronavirus Disease (COVID-19) Dashboard (2020). https://covid19.who.int/

  23. Zauner, C.: Implementation and benchmarking of perceptual image hash functions (2010). https://www.phash.org/

Download references

Author information

Authors and Affiliations

  1. Waseda University, Tokyo, Japan

    Ryo Kawaoka

  2. NTT Secure Platform Laboratories, Musashino, Japan

    Daiki Chiba, Takuya Watanabe & Mitsuaki Akiyama

  3. Waseda University/NICT/RIKEN AIP, Tokyo, Japan

    Tatsuya Mori

Authors
  1. Ryo Kawaoka
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Daiki Chiba
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Takuya Watanabe
    View author publications

    You can also search for this author in PubMed Google Scholar

  4. Mitsuaki Akiyama
    View author publications

    You can also search for this author in PubMed Google Scholar

  5. Tatsuya Mori
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Tatsuya Mori .

Editor information

Editors and Affiliations

  1. Brandenburg University of Technology (BTU), Cottbus, Germany

    Oliver Hohlfeld

  2. Telefonica Research, Barcelona, Spain

    Andra Lutu

  3. Iribe Center, University of Maryland, College Park, MD, USA

    Dave Levin

Rights and permissions

Reprints and permissions

Copyright information

© 2021 Springer Nature Switzerland AG

About this paper

Check for updates. Verify currency and authenticity via CrossMark

Cite this paper

Kawaoka, R., Chiba, D., Watanabe, T., Akiyama, M., Mori, T. (2021). A First Look at COVID-19 Domain Names: Origin and Implications. In: Hohlfeld, O., Lutu, A., Levin, D. (eds) Passive and Active Measurement. PAM 2021. Lecture Notes in Computer Science(), vol 12671. Springer, Cham. https://doi.org/10.1007/978-3-030-72582-2_3

Download citation

  • DOI: https://doi.org/10.1007/978-3-030-72582-2_3

  • Published:

  • Publisher Name: Springer, Cham

  • Print ISBN: 978-3-030-72581-5

  • Online ISBN: 978-3-030-72582-2

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation