ProPrivacy Open Data Project on Coronavirus Domains | WhoisXML API
Products APIs Data Feeds Web Tools Domain Research & Monitoring Enterprise Packages
WHOIS / WHOIS History
WHOIS / WHOIS History

Provide current and historical ownership information on domains / IPs. Identify all connections between domains, registrants, registrars, and DNS servers.

DNS / DNS History
DNS / DNS History

Look into all current and historical DNS / IP connections between domains and A, MX, NS, and other records. Monitor suspicious changes to DNS records.

IP Geolocation / IP Netblocks
IP Geolocation / IP Netblocks

Get detailed context on an IP address, including its user’s geolocation, time zone, connected domains, connection type, IP range, ASN, and other network ownership details.

Domain Research Suite (DRS)
Domain Research Suite (DRS)

Access our web-based solution to dig into and monitor all domain events of interest.

Domain Research Suite (DRS)
Domain Research Suite (DRS)

Get access to a web-based enterprise-grade solution to search and monitor domain registrations and ownership details for branded terms, fuzzy matches, registrants of interest, and more.

Research
Monitoring
White-Label
Predictive Threat Intelligence Feeds
Predictive Threat Intelligence Feeds

Predictive threat intelligence is your best first line of defense. Subscribe to the feeds to strengthen your cybersecurity posture. Contact us today for more information.

WhoisXML API Internet Infrastructure
Internet Infrastructure

Unlock integrated intelligence on Internet properties and their ownership, infrastructure, and other attributes.

Enterprise API Packages
Enterprise API Packages

Our complete set of domain, IP, and DNS intelligence available via API calls as an annual subscription with predictable pricing.

Security Intelligence (SI) Suite
Security Intelligence (SI) Suite

Offers complete access to WHOIS, IP, DNS, and subdomain data for product enrichment, threat hunting and more.

Multi-Level API User Administration Now Available - Manage individual API keys for team members in your organization.

Learn More
×
Contact Us

Success Stories

See other success stories Download PDF

ProPrivacy Open Data Project: Mapping Malicious Coronavirus Domains Using WHOIS Data




The COVID-19 pandemic has driven many people to do almost everything within the confines of their homes. Nearly exclusive reliance on digital means to work, study, shop, and communicate amid uncertainty opened many avenues for cybercrime to take place—notably through the use of coronavirus-related domain names.

To demonstrate this trend, ProPrivacy has partnered with WhoisXML API and VirusTotal to investigate the extent to which cybercriminals are weaponizing the Domain Name System (DNS) in an open data project called “COVID-19 Malicious Domain Research Hub.”

The Open Data Project: Objectives

Domain names, especially newly registered ones, have long been used by cybercriminals in phishing campaigns, malware attacks, financial scams, and other nefarious activities. Even before the coronavirus pandemic, many newly registered domains (NRDs) were found to be malicious or suspicious, at the very least.

To gain a perspective on how many coronavirus-related domain names are being used maliciously, ProPrivacy started the open data project. The project has simple, interrelated objectives, enumerated below:

  • To obtain a continuously updated list of domain names related to the COVID-19 pandemic;
  • To determine whether or not these domains are used maliciously;
  • To share this information with the general public.

Partnering with WhoisXML API

By providing access to its extensive Whois Database via API calls, WhoisXML API has helped ProPrivacy monitor coronavirus-themed registrations among the hundreds of thousands of new registrations occurring daily.

Once a domain name has been tagged “malicious” by VirusTotal, ProPrivacy runs this domain via WhoisXML API’s domain intelligence to retrieve its complete WHOIS records. Such records include registration and expiration dates, registrant names, and email addresses. To ensure the robustness and accuracy of the dataset, ProPrivacy also used WhoisXML API’s historical WHOIS record-retrieving API.

The open data project further highlighted the fact that domain name registration behaviors are often closely related to news events. In particular, the team detected a 648% increase in coronavirus-inspired malicious domain names the same day the World Health Organization (WHO) named the disease COVID-19.

The Open Data Project: Findings

The ProPrivacy open project is ongoing and revealed the following findings so far:

  • ProPrivacy analyzed over 600,000 coronavirus-related domain names to date.
  • More than 125,000 of the domains analyzed were deemed malicious after cross-referencing data from WhoisXML API’s database and VirusTotal.

Check out the ProPrivacy COVID-19 Malicious Domain Research Hub here. The data can be accessed on their Github repository as well.

You can also learn more about WhoisXML API’s database offerings by visiting the following pages:

See other success stories
Try our WhoisXML API for free
Get started