Case Study: ProPrivacy Maps Malicious Coronavirus Domains with WhoisXML API

ProPrivacy Open Data Project Mapping Malicious Coronavirus Domains Using WHOIS Data

ProPrivacy launched the COVID-19 Malicious Domain Research Hub to study how cybercriminals were exploiting coronavirus-related domain names during the pandemic. To investigate this trend at scale, ProPrivacy partnered with WhoisXML API and VirusTotal to identify and track suspicious newly registered domains and understand how many were being used maliciously.

Using WhoisXML API’s Whois Database API and historical WHOIS records, ProPrivacy enriched VirusTotal-flagged domains with registration details and built a continuously updated open data project. The effort analyzed more than 600,000 coronavirus-related domains and found over 125,000 malicious domains, including a 648% spike in coronavirus-inspired malicious registrations on the day the WHO named COVID-19.

ProPrivacy