Threat Monitoring Newly Created Ukraine-Related Domain Names
As the conflict in Ukraine continues, we at DomainTools have noticed an increase in the number of Ukraine-related domain registrations in the last week. For example, the term “ukraine” showed a sudden jump in the number of domains that included that word starting just as the conflict began.
As covered in our @SecuritySnacks Twitter account, we have also seen an increase in domains related to Ukraine soliciting donations (often for unnamed recipients), including some domains that are outright forgeries of existing charities, as bad actors look to capitalize on this global event.
In order to help organizations monitor these threats, DomainTools is releasing a new, free feed of newly observed or registered Ukraine-related domain names. This feed will be updated daily, and will contain domains observed either through the DomainTools domain name discovery process or Farsight’s passive DNS data feeds which match on a limited number of Ukraine-related terms. The specific terms we are filtering on are:
- ‘ukraine’
- ‘ukrainian’
We may add other terms to this list in the future. If we do, we will announce those publicly. The README file available on the feed website will also contain the full list of terms we used to generate the lists.
Caveats
This feed will be released for a limited period of time. It is important for users of these lists to note that we are doing no analysis to determine if these domains are malicious or benign, and no risk scores are being provided — we are just providing a list of domains.
While we are excited to share this data with the community, this information is provided for free with no warranties or guarantees. Use at your own risk. You may reuse it as you like with attribution back to DomainTools (released under a CC-BY license https://creativecommons.org/licenses/by/4.0/ ).
Update October 16, 2024
Due to the changes in the threat landscape, this feed has been retired. If you have any questions or concerns, please feel free to get in touch with us.
