Forwarding Criminals, a registrar/reseller KYC nightmare

Posted on 24 July 2024

What is going on?

Since 2020, criminal groups from Vietnam have re-registered domain names and set up forwarding services for such domains to obtain social media credentials and more.

What is the size?

Our conservative estimate is that these criminals re-register around 50.000 domain names each week since 2020. 

Why is it a problem?

They mostly use stolen credit cards to pay for these domain names, but we have witnessed other forms of payment fraud. 

What is the impact on a reseller or registrar?

We have seen registrars and resellers incur massive financial losses.
Sometimes, we see resellers or registars …

ScamAdviser helps us fight malicious fake web shops

Posted on 4 October 2022

Recently we added the ScamAdviser feed to our DNS Abuse Monitoring system. Based on the input and experience from our customers, I thought it would be helpful to cover a few items.
ScamAdviser is a reputation-based feed that differs from the Google Safety Browsing feed. If Google marks a domain name as malicious, it is no longer accessible as many browsers will now warn internet users not to visit the website.

Scamadvisor

ScamAdviser will inform you if the reputation of the domain name is poor. Of course, a lousy score depends on many factors, and ScamAdviser uses plenty. But a poor …

Security Threat Monitoring Beta

Posted on 2 November 2020

In this article/faq, I will explain the security threat dashboarding/monitoring. 

What is it?

In the first beta phase, we will make the threat intelligence we download from Pulsedive available to our customers in the domain manager. 

If you are a customer of Realtime Register you can join the beta program. 

Please contact our support team for information.

As a customer, you will be able to see the active security threats. 

Security threats could be phishing domain names or malware domain names. 

The Abuse Dashboarding provides you with information that usually does not get reported to Registrars. 

As a result, you …

Putting DNS Abuse into context.

Posted on 19 September 2020

We are currently working on a project to provide abuse monitoring information to our customers.
Giving our customers just the raw data is not helpful, so our goal is to contextualize the data.
We still have long ways to go, but the basics are there.

So what do I see right now on our platform?

 

  • Malware (67%)
  • Phishing (23%)
  • The rest falls into somewhat general buckets like BEC fraud, DGA, botnets, dark lists, crypto mining, etc. Very low incidental percentages.

The above-mentioned data is from two years of monitoring.

On the left is displayed the overall abuse percentage since …

Using Spiderfoot to combat domain name abuse/security threats

Posted on 21 October 2019

“Behavior reflects personality. The best indicator of future violence is past violence. To understand the “artist,” you must study his “art.” The crime must be evaluated in its totality. There is no substitute for experience, and if you want to understand the criminal mind, you must go directly to the source and learn to decipher what he tells you. And, above all: Why + How = Who.”
― John E. Douglas, Mindhunter: Inside the FBI’s Elite Serial Crime Unit

The above quote is also applicable when you deal with cybercrime investigations. Though registrars usually do not deal with serial killers, …

Back

Realtimeregister.com tracks users anonymously using Google Analytics cookies. Please view our Privacy Statement for more information.