{"id":9652,"date":"2020-03-25T12:52:00","date_gmt":"2020-03-25T18:52:00","guid":{"rendered":"https:\/\/swimlane.com\/resource\/identify-malicious-domains-using-soar\/"},"modified":"2026-03-03T04:10:55","modified_gmt":"2026-03-03T11:10:55","slug":"identifique-dominios-maliciosos-usando-o-soar","status":"publish","type":"sw_resource","link":"https:\/\/swimlane.com\/pt\/blog\/identify-malicious-domains-using-soar\/","title":{"rendered":"Identificar dom\u00ednios maliciosos usando o SOAR"},"content":{"rendered":"\n\n\n<section class=\"bs-section bs-section-50ac0cc438dbf2f3b380783c05a3c736bb0670e7 bs-section---default bs-section--blog-inner-banner  \"><style>.bs-section.bs-section-50ac0cc438dbf2f3b380783c05a3c736bb0670e7{ background-color: #000743;} <\/style><div class=\"container\">\n<div class=\"bs-row row  flex-md-row-reverse bs-row---default\">\n<div class=\" bs-column col-sm-12 col-md-12 col-lg-6   bs-column-6770b3369b6c61539d3140cb52ed6bc5ec393625 bs-column---default bs-column--right d-flex flex-column justify-content-end    \"><figure class=\"wp-block-post-featured-image\"><img decoding=\"async\" src=\"https:\/\/swimlane.com\/wp-content\/uploads\/COVID-19-Identify-Malicious-Domains-using-SOAR.png\" class=\"attachment-post-thumbnail size-post-thumbnail wp-post-image\" alt=\"Smartphone screen displaying an official government coronavirus (COVID-19) information page with guidance on protecting yourself and others.\" style=\"object-fit:cover;\" srcset=\"https:\/\/swimlane.com\/wp-content\/uploads\/COVID-19-Identify-Malicious-Domains-using-SOAR.png 800w, https:\/\/swimlane.com\/wp-content\/uploads\/COVID-19-Identify-Malicious-Domains-using-SOAR-300x200.png 300w, https:\/\/swimlane.com\/wp-content\/uploads\/COVID-19-Identify-Malicious-Domains-using-SOAR-768x512.png 768w\" sizes=\"(max-width: 800px) 100vw, 800px\" \/><\/figure><\/div>\n\n\n\n<div class=\" bs-column col-sm-12  col-md-12 col-lg-6   bs-column-2ba18c9b6304620af4785b54fe900bf0ce0fc4d5 bs-column---default d-flex flex-column    \"><div class=\"wp-block-post-date\"><time datetime=\"2020-03-25T12:52:00-06:00\">Mar 25, 2020<\/time><\/div>\n\n<h1 class=\"wp-block-post-title has-text-color has-white-color\">Identify Malicious Domains using SOAR<\/h1>\n\n\n<div class=\"bs-div bs-div-44a15e4b99450b7aaf810333a0fbaa4ff5112133 bs-div---default\"><div class=\"bs-div__inner d-flex flex-wrap align-items-center    \">\n<a class=\"bs-post__author has-text-align-center\" href=\"https:\/\/swimlane.com\/pt\/author\/Nick_Tausek\/\">\n\t<div class=\"profile-desc\">\n\t\t<figure>\n\t\t\t<img decoding=\"async\" src=\"https:\/\/swimlane.com\/wp-content\/uploads\/author_Nick_Tausek.jpg\" alt=\"user-avatar\">\n\t\t<\/figure>\n\t\t<span class=\"prefix\"><\/span>\n\t\t<span class=\"name\">\n\t\t\tNick Tausek\t\t<\/span>\n\t<\/div>\n<\/a>\n\n\n\n<div class=\"reading-time\">\n    <span class=\"reading-time__time\">5 <\/span> Minute Read\n<\/div><\/div><\/div>\n<\/div>\n<\/div>\n<\/div><\/section>\n\n\n\n\n\n\n\n\n\n<section class=\"bs-section bs-section-205a03f93391472c82564395e3b5684e68c8ef7d bs-section---default bs-section--blog-inner-main-contents  \"><div class=\"container\">\n<div class=\"bs-row row justify-content-between  bs-row---default\">\n<div class=\" bs-column col-sm-12 col-md-1   bs-column-fa02c15a19a9c2952663733986e45d4eef708638 bs-column---default     \"><div class=\"heateor_sss_sharing_container heateor_sss_horizontal_sharing\" data-heateor-ss-offset=\"0\" data-heateor-sss-href='https:\/\/swimlane.com\/pt\/blog\/identify-malicious-domains-using-soar\/'><div class=\"heateor_sss_sharing_ul\"><a aria-label=\"Email\" class=\"heateor_sss_email\" href=\"https:\/\/swimlane.com\/pt\/blog\/identify-malicious-domains-using-soar\/\" onclick=\"event.preventDefault();window.open('mailto:?subject=' + decodeURIComponent('Identify%20Malicious%20Domains%20using%20SOAR').replace('&', '%26') + '&body=https%3A%2F%2Fswimlane.com%2Fpt%2Fblog%2Fidentify-malicious-domains-using-soar%2F', '_blank')\" title=\"Email\" rel=\"noopener\" style=\"font-size:32px!important;box-shadow:none;display:inline-block;vertical-align:middle\"><span class=\"heateor_sss_svg\" style=\"background-color:#649a3f;width:35px;height:35px;border-radius:999px;display:inline-block;opacity:1;float:left;font-size:32px;box-shadow:none;display:inline-block;font-size:16px;padding:0 4px;vertical-align:middle;background-repeat:repeat;overflow:hidden;padding:0;cursor:pointer;box-sizing:content-box\"><svg style=\"display:block;border-radius:999px;\" focusable=\"false\" aria-hidden=\"true\" xmlns=\"http:\/\/www.w3.org\/2000\/svg\" width=\"100%\" height=\"100%\" viewBox=\"-.75 -.5 36 36\"><path d=\"M 5.5 11 h 23 v 1 l -11 6 l -11 -6 v -1 m 0 2 l 11 6 l 11 -6 v 11 h -22 v -11\" stroke-width=\"1\" fill=\"#fff\"><\/path><\/svg><\/span><\/a><a aria-label=\"Twitter\" class=\"heateor_sss_button_twitter\" href=\"https:\/\/twitter.com\/intent\/tweet?text=Identify%20Malicious%20Domains%20using%20SOAR&url=https%3A%2F%2Fswimlane.com%2Fpt%2Fblog%2Fidentify-malicious-domains-using-soar%2F\" title=\"Twitter\" rel=\"nofollow noopener\" target=\"_blank\" style=\"font-size:32px!important;box-shadow:none;display:inline-block;vertical-align:middle\"><span class=\"heateor_sss_svg heateor_sss_s__default heateor_sss_s_twitter\" style=\"background-color:#55acee;width:35px;height:35px;border-radius:999px;display:inline-block;opacity:1;float:left;font-size:32px;box-shadow:none;display:inline-block;font-size:16px;padding:0 4px;vertical-align:middle;background-repeat:repeat;overflow:hidden;padding:0;cursor:pointer;box-sizing:content-box\"><svg style=\"display:block;border-radius:999px;\" focusable=\"false\" aria-hidden=\"true\" xmlns=\"http:\/\/www.w3.org\/2000\/svg\" width=\"100%\" height=\"100%\" viewBox=\"-4 -4 39 39\"><path d=\"M28 8.557a9.913 9.913 0 0 1-2.828.775 4.93 4.93 0 0 0 2.166-2.725 9.738 9.738 0 0 1-3.13 1.194 4.92 4.92 0 0 0-3.593-1.55 4.924 4.924 0 0 0-4.794 6.049c-4.09-.21-7.72-2.17-10.15-5.15a4.942 4.942 0 0 0-.665 2.477c0 1.71.87 3.214 2.19 4.1a4.968 4.968 0 0 1-2.23-.616v.06c0 2.39 1.7 4.38 3.952 4.83-.414.115-.85.174-1.297.174-.318 0-.626-.03-.928-.086a4.935 4.935 0 0 0 4.6 3.42 9.893 9.893 0 0 1-6.114 2.107c-.398 0-.79-.023-1.175-.068a13.953 13.953 0 0 0 7.55 2.213c9.056 0 14.01-7.507 14.01-14.013 0-.213-.005-.426-.015-.637.96-.695 1.795-1.56 2.455-2.55z\" fill=\"#fff\"><\/path><\/svg><\/span><\/a><a aria-label=\"Facebook\" class=\"heateor_sss_facebook\" href=\"https:\/\/www.facebook.com\/sharer\/sharer.php?u=https%3A%2F%2Fswimlane.com%2Fpt%2Fblog%2Fidentify-malicious-domains-using-soar%2F\" title=\"Facebook\" rel=\"nofollow noopener\" target=\"_blank\" style=\"font-size:32px!important;box-shadow:none;display:inline-block;vertical-align:middle\"><span class=\"heateor_sss_svg\" style=\"background-color:#0765FE;width:35px;height:35px;border-radius:999px;display:inline-block;opacity:1;float:left;font-size:32px;box-shadow:none;display:inline-block;font-size:16px;padding:0 4px;vertical-align:middle;background-repeat:repeat;overflow:hidden;padding:0;cursor:pointer;box-sizing:content-box\"><svg style=\"display:block;border-radius:999px;\" focusable=\"false\" aria-hidden=\"true\" xmlns=\"http:\/\/www.w3.org\/2000\/svg\" width=\"100%\" height=\"100%\" viewBox=\"0 0 32 32\"><path fill=\"#fff\" d=\"M28 16c0-6.627-5.373-12-12-12S4 9.373 4 16c0 5.628 3.875 10.35 9.101 11.647v-7.98h-2.474V16H13.1v-1.58c0-4.085 1.849-5.978 5.859-5.978.76 0 2.072.15 2.608.298v3.325c-.283-.03-.775-.045-1.386-.045-1.967 0-2.728.745-2.728 2.683V16h3.92l-.673 3.667h-3.247v8.245C23.395 27.195 28 22.135 28 16Z\"><\/path><\/svg><\/span><\/a><a aria-label=\"Linkedin\" class=\"heateor_sss_button_linkedin\" href=\"https:\/\/www.linkedin.com\/sharing\/share-offsite\/?url=https%3A%2F%2Fswimlane.com%2Fpt%2Fblog%2Fidentify-malicious-domains-using-soar%2F\" title=\"Linkedin\" rel=\"nofollow noopener\" target=\"_blank\" style=\"font-size:32px!important;box-shadow:none;display:inline-block;vertical-align:middle\"><span class=\"heateor_sss_svg heateor_sss_s__default heateor_sss_s_linkedin\" style=\"background-color:#0077b5;width:35px;height:35px;border-radius:999px;display:inline-block;opacity:1;float:left;font-size:32px;box-shadow:none;display:inline-block;font-size:16px;padding:0 4px;vertical-align:middle;background-repeat:repeat;overflow:hidden;padding:0;cursor:pointer;box-sizing:content-box\"><svg style=\"display:block;border-radius:999px;\" focusable=\"false\" aria-hidden=\"true\" xmlns=\"http:\/\/www.w3.org\/2000\/svg\" width=\"100%\" height=\"100%\" viewBox=\"0 0 32 32\"><path d=\"M6.227 12.61h4.19v13.48h-4.19V12.61zm2.095-6.7a2.43 2.43 0 0 1 0 4.86c-1.344 0-2.428-1.09-2.428-2.43s1.084-2.43 2.428-2.43m4.72 6.7h4.02v1.84h.058c.56-1.058 1.927-2.176 3.965-2.176 4.238 0 5.02 2.792 5.02 6.42v7.395h-4.183v-6.56c0-1.564-.03-3.574-2.178-3.574-2.18 0-2.514 1.7-2.514 3.46v6.668h-4.187V12.61z\" fill=\"#fff\"><\/path><\/svg><\/span><\/a><\/div><div class=\"heateorSssClear\"><\/div><\/div>\n<\/div>\n\n\n\n<div class=\" bs-column col-sm-12  col-lg-8 col-md-11   bs-column-0d83d6d9863f92131cc95492d42e5b50c72f00bb bs-column---default bs-column--contents     \">\n<h2 class=\"wp-block-heading\">Swimlane Deep Dive team uncovers malicious domains related to COVID-19<\/h2>\n\n\n\n<p>Domain Squatting, typosquatting and IDN homograph attacks are commonplace when it comes to phishing and other forms of social engineering. Attackers use domain squatting and typosquatting of domains to trick users into providing their credentials, distribute malware, harm an organization\u2019s reputation, or otherwise maliciously impersonate a legitimate domain. We&#8217;ve discussed this topic before and have developed a <a href=\"https:\/\/swimlane.com\/blog\/domain-squatting-typosquatting-and-homograph-detection-with-swimlane-1\/\">unique use case<\/a> with Swimlane to detect this malicious activity automatically.<\/p>\n\n\n\n<p>Recently, we began to monitor domains related to coronavirus (COVID-19), knowing there would be an increase in traffic to research the outbreak, which could be exploited by bad actors. Even though not all of these domains are necessarily malicious or focused on spoofing (or typosquatting) techniques, we decided to use this use case to identify any registered domains related to \u201ccorona\u201d and \u201ccovid.\u201d Over the last 2 weeks, we have seen 5054 corona-related domains being registered.<\/p>\n\n\n\n<p>Many of the 5,054 domains identified using Swimlane&#8217;s <a href=\"https:\/\/swimlane.com\/solutions\/security-automation-and-orchestration\/\">security orchestration, automation and response (SOAR)<\/a> solution are focused on selling vaccines, test kits, supplies, resources, or otherwise attempting to take advantage of unsuspecting people for financial gain.<\/p>\n\n\n\n<p>Given this information, I urge you to use extreme caution when interacting with any COVID-19-related domain and to be suspicious of anything you might receive via email, SMS, social media, etc.<\/p>\n\n\n\n<figure class=\"wp-block-image\"><img decoding=\"async\" src=\"https:\/\/swimlane.com\/assets\/uploads\/images\/COVID-19-malicious-domains_1.png\" alt=\"Swimlane UX shows list.\"\/><\/figure>\n\n\n\n<h3 class=\"wp-block-heading\">Techniques<\/h3>\n\n\n\n<p>Even though these newly registered \u201ccorona\u201d domains are not considered to be in the typical domain squatting categories (more below), I wanted to provide you with a general overview of the different \u201csquatting\u201d attacks. These various attacks\u2014which will be referred to collectively as \u201csquatting\u201d in this article\u2014are a family of attacks wherein a user is fooled into interacting with a legitimate-looking website with a legitimate-looking domain\/URL. Any legitimate domain can be \u201csquatted\u201d with its clone disguised as a legitimate domain in several ways, including:<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li><strong>Domain squatting:<\/strong> An actor simply registers a target\u2019s predicted domain name before the target organization has a chance and holds onto it for a monetary or nefarious purpose.<\/li>\n\n\n\n<li><strong>Typosquatting:<\/strong> An attacker registers a domain similar to the target domain in appearance, keyboard typo likelihood, or tweaked TLD, and skims traffic that people accidentally direct that way.<\/li>\n\n\n\n<li><strong>IDN homograph attacks:<\/strong> Attackers register a domain that is visually similar or identical to a registered target domain through the International Domain Name (IDN) protocol, which allows for the display of Chinese, Arabic, Korean, Amharic, etc. characters in domain names. Some characters, like the Russian \u201c\u0430,\u201d appear identical to certain English letters, meaning \u201capple.com\u201d (English \u201ca\u201d) and \u201c\u0430pple.com\u201d (Russian \u201c\u0430\u201d) can resolve to entirely different servers, with end users none the wiser.<\/li>\n<\/ul>\n\n\n\n<p>The domains we will be looking at are specifically categorized as \u201cscam\u201d or \u201cprofiteering\u201d domains. The fact that 5,054+ domains have been registered in recent weeks indicates that these domains are not official resources and should be considered, for the most part, untrustworthy.<\/p>\n\n\n\n<figure class=\"wp-block-image c-figure--inline\"><img loading=\"lazy\" decoding=\"async\" width=\"300\" height=\"164\" src=\"https:\/\/swimlane.com\/wp-content\/uploads\/COVID-19-malicious-domains_2-300x164.png\" alt=\"Swimlane UX shows alert for pernicious site.\" class=\"wp-image-10285\" srcset=\"https:\/\/swimlane.com\/wp-content\/uploads\/COVID-19-malicious-domains_2-300x164.png 300w, https:\/\/swimlane.com\/wp-content\/uploads\/COVID-19-malicious-domains_2-1024x560.png 1024w, https:\/\/swimlane.com\/wp-content\/uploads\/COVID-19-malicious-domains_2-768x420.png 768w, https:\/\/swimlane.com\/wp-content\/uploads\/COVID-19-malicious-domains_2-1536x840.png 1536w, https:\/\/swimlane.com\/wp-content\/uploads\/COVID-19-malicious-domains_2.png 1600w\" sizes=\"auto, (max-width: 300px) 100vw, 300px\" \/><figcaption class=\"wp-element-caption\">Do not visit this website since it is obvious that it is malicious.<\/figcaption><\/figure>\n\n\n\n<h3 class=\"wp-block-heading\">Impact<\/h3>\n\n\n\n<p>The impact of the domains overall is unknown, but there have been multiple incidents of individuals receiving phishing attacks related to COVID-19 in the past week. These phishing incidents range from traditional URL to maldoc (malicious document) to SMS attacks. The <a href=\"https:\/\/www.ncsc.gov.uk\/news\/cyber-experts-step-criminals-exploit-coronavirus\" target=\"_blank\" rel=\"noopener\">National Cyber Security Centre<\/a> stated they have \u201cseen an increase in the registration of web pages relating to the Coronavirus suggesting that cyber criminals are likely to be taking advantage of the outbreak,\u201d which aligns with our findings as well.<\/p>\n\n\n\n<p>On February 16, 2020, the <a href=\"https:\/\/www.who.int\/about\/cybersecurity\" target=\"_blank\" rel=\"noreferrer noopener\">World Health Organization (WHO) announced<\/a> they were seeing criminals disguising as the WHO to attempt to steal money and\/or sensitive information.<\/p>\n\n\n\n<figure class=\"wp-block-image c-figure--inline\"><img loading=\"lazy\" decoding=\"async\" width=\"300\" height=\"184\" src=\"https:\/\/swimlane.com\/wp-content\/uploads\/COVID-19-malicious-domains_3-300x184.png\" alt=\"\" class=\"wp-image-10287\" srcset=\"https:\/\/swimlane.com\/wp-content\/uploads\/COVID-19-malicious-domains_3-300x184.png 300w, https:\/\/swimlane.com\/wp-content\/uploads\/COVID-19-malicious-domains_3-1024x628.png 1024w, https:\/\/swimlane.com\/wp-content\/uploads\/COVID-19-malicious-domains_3-768x471.png 768w, https:\/\/swimlane.com\/wp-content\/uploads\/COVID-19-malicious-domains_3.png 1065w\" sizes=\"auto, (max-width: 300px) 100vw, 300px\" \/><figcaption class=\"wp-element-caption\">The figure above shows the progression of domains being registered from February 26 to March 15 for \u201ccorona\u201d and \u201ccovid\u201d terms.<\/figcaption><\/figure>\n\n\n\n<h3 class=\"wp-block-heading\">Additional Research<\/h3>\n\n\n\n<p>Again, the impact of these domains is still unknown, but it is likely that many of these domains are planned or will be used for malicious intent. Part of our <a href=\"https:\/\/swimlane.com\/blog\/domain-squatting-typosquatting-and-homograph-detection-with-swimlane-1\/\">domain squatting use case application<\/a> is the ability to send automated take-down notifications to registrars and hosting providers alike. As we continually monitor activity we will be reporting any malicious domains to their respective registrars.<\/p>\n\n\n\n<p>To also help with the detection and investigation of potential COVID-19-related domains, we are providing a GitHub repository that contains registered domains from all (most) gTLDs (domain name extensions). Additionally, we are providing another dataset in the form of two JSON files. These files are specific to the following terms and will be updated as needed:<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li>corona<\/li>\n\n\n\n<li>covid<\/li>\n\n\n\n<li>pandemi<\/li>\n<\/ul>\n\n\n\n<p>We are providing two JSON files for each of these terms (and their confusables) that contain the same data but are structured in different ways. For example, we are providing the following data structures:<\/p>\n\n\n\n<ol class=\"wp-block-list\">\n<li><strong>domains_by_ip.json<\/strong>: These json files are organized by key value of the domain name and the value is the domain\u2019s registered IP addresses.<\/li>\n\n\n\n<li><strong>ips_by_doman.json<\/strong>: These json files are organized by key value of IPs and the values are a list of domains associated with that IP address.<\/li>\n\n\n\n<li><strong>master_blacklist.txt<\/strong>: This file contains a blacklist of all terms and their identified domains, except for domains ending in .gov. More than likely you should blacklist all of these domains but use at your own discretion.<\/li>\n<\/ol>\n\n\n\n<p>You can find this dataset, which will be updated &amp; archived daily on the following GitHub repository: <a href=\"https:\/\/github.com\/swimlane\/deepdive-domain-data\" target=\"_blank\" rel=\"noopener\">https:\/\/github.com\/swimlane\/deepdive-domain-data<\/a>.<\/p>\n\n\n\n<figure class=\"wp-block-image c-figure--inline\"><img loading=\"lazy\" decoding=\"async\" width=\"300\" height=\"164\" src=\"https:\/\/swimlane.com\/wp-content\/uploads\/COVID-19-malicious-domains_4-300x164.png\" alt=\"\" class=\"wp-image-10289\" srcset=\"https:\/\/swimlane.com\/wp-content\/uploads\/COVID-19-malicious-domains_4-300x164.png 300w, https:\/\/swimlane.com\/wp-content\/uploads\/COVID-19-malicious-domains_4-1024x559.png 1024w, https:\/\/swimlane.com\/wp-content\/uploads\/COVID-19-malicious-domains_4-768x419.png 768w, https:\/\/swimlane.com\/wp-content\/uploads\/COVID-19-malicious-domains_4-1536x838.png 1536w, https:\/\/swimlane.com\/wp-content\/uploads\/COVID-19-malicious-domains_4.png 1600w\" sizes=\"auto, (max-width: 300px) 100vw, 300px\" \/><figcaption class=\"wp-element-caption\">Since our determination is that it is malicious, we automatically sent a take-down notification which can be configured to be automated or manually triggered.<\/figcaption><\/figure>\n\n\n\n<h3 class=\"wp-block-heading\">Challenge: Detection<\/h3>\n\n\n\n<p>The first step in monitoring these potential domains is pretty straightforward in the sense that we need to find domains with the word \u201ccorona\u201d or \u201ccovid\u201d. The challenge then becomes finding domains that are using IDN homograph domain names, or just simply replacing 0 for O plus all the other combinations. This is where the real challenge is, and our use case contains this logic out of the box.<\/p>\n\n\n\n<h3 class=\"wp-block-heading\">Challenge: Time<\/h3>\n\n\n\n<p>Many of the domains we have identified are not active, but the domain name has been purchased and assigned via a registrar (ICANN). The problem is, over time, these domains will become older, but any one of them could be hosting malicious code today, tomorrow, or 5 months from now. So, being proactive and checking these domains on a regular basis is critical when trying to prevent malicious attacks.<\/p>\n\n\n\n<h3 class=\"wp-block-heading\">Automation to the rescue!<\/h3>\n\n\n\n<p>Swimlane can ingest the list of newly registered domains on a daily basis and compare them against a list of domains you wish to monitor. Three comparisons are made between each newly registered domain and each of the domains you wish to monitor. The comparisons are:<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li><strong>CONTAINED_IN<\/strong>: The newly registered domain CONTAINS the monitored domain (i.e. \u201ccoronaid.net\u201d CONTAINS \u201ccorona\u201d from \u201ccoronaid.net&#8221;).<\/li>\n\n\n\n<li><strong>CONFUSABLE<\/strong>: The newly registered domain resembles the monitored domain via IDN Homograph Attack or via \u201cconfusable\u201d characters, such as lowercase \u201cL\u201d for capital \u201ci\u201d or zeroes for Os.<\/li>\n\n\n\n<li><strong>LEVENSHTEIN DISTANCE<\/strong>: The newly registered domain is very similar to the monitored domain, save that the text is transformed slightly. The Levenshtein Distance is how many changes must be made to one string of characters to transform it into a second string of characters. If the strings are similar enough, Swimlane will register a hit.<\/li>\n<\/ul>\n\n\n\n<p>Once Swimlane has identified potential squatting domains, it begins attempting to take snapshots of those domains. Once a day Swimlane will retrieve the following information:<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li>SSL certificates<\/li>\n\n\n\n<li>server information<\/li>\n\n\n\n<li>WHOIS information<\/li>\n\n\n\n<li>Screenshot and contents of the website<\/li>\n<\/ul>\n\n\n\n<h4 class=\"wp-block-heading\">A note about the screenshot and contents of the website.<\/h4>\n\n\n\n<p>If the page is sufficiently similar, no additional action is needed. But if a web hosting domain parking page suddenly turns into a full webpage, or the page changes substantially in any other way, your analysts will be alerted to investigate for similarity to the monitored domain.<\/p>\n\n\n\n<p>Hoping this helps. Stay safe, friends!<\/p>\n<\/div>\n\n\n\n<div class=\" bs-column col-sm-12  col-md-12 col-lg-3   bs-column-0ad64702520e52820989c3b8a4a5574abd826112 bs-column---default     \">\n<div class=\"bs-div bs-div-f0851be86a4542da358c10ec17ccebffa17efe07 bs-div---default bs-div--tags\"><div class=\"bs-div__inner     \">\n<h2 class=\"wp-block-heading\" id=\"h-tags\">Tags<\/h2>\n\n\n<div class=\"post-tag-wrapper\">\n    <p><\/p><\/div>\n<\/div><\/div>\n\n\n\n<div class=\"bs-div bs-div-5e7267355d8caf36f5b5e0c86eef387b664b848d bs-div---default bs-div--related-posts\"><div class=\"bs-div__inner     \">\n<h2 class=\"wp-block-heading\" id=\"h-related-posts\">Related Posts<\/h2>\n\n\n\n<div class=\"bs-related-posts bs-related-posts-block---default\"><div class=\"bs-related-posts__container\"><div class=\"bs-related-posts__items\">\n<div class=\" bs-column col-sm-4   bs-column-b619eb984092e720779a969a873521d2ec1a85a5 bs-column---default     \">\t\t\t\t\t<div class=\"bs-post bs-post-69e53231c2eb9 bs-single-post---default enable\" >\n\t\t\t<a class=\"bs-post__trigger\" href='https:\/\/swimlane.com\/pt\/blog\/state-of-soar-2019\/' target='_self'>\t\t\t<div class=\"bs-post__inner\">\n\t\t\t\t<div class=\"bs-post__details\">    <div class=\"bs-post__date\">\n        <span>Dez 10, 2019<\/span>\n    <\/div>\n    <div class=\"bs-post__title\">\n        <h5>The State of SOAR 2019: How using SOAR tools makes life easier<\/h5>\n    <\/div>\n<div class=\"bs-post__learn-more\">\n    <span class='btn learn-more-text bs-post__learn-more-text'>Read More<\/span><\/div>\n<\/div>\t\t\t<\/div>\n\t\t\t<\/a>\t\t<\/div>\n\t<\/div>\n\n\n\n<div class=\" bs-column col-sm-4   bs-column-b619eb984092e720779a969a873521d2ec1a85a5 bs-column---default     \">\t\t\t\t\t<div class=\"bs-post bs-post-69e53231c42ed bs-single-post---default enable\" >\n\t\t\t<a class=\"bs-post__trigger\" href='https:\/\/swimlane.com\/pt\/blog\/threat-intelligence-tools\/' target='_self'>\t\t\t<div class=\"bs-post__inner\">\n\t\t\t\t<div class=\"bs-post__details\">    <div class=\"bs-post__date\">\n        <span>Set 13, 2017<\/span>\n    <\/div>\n    <div class=\"bs-post__title\">\n        <h5>Threat intelligence tools: Identify, prioritize and act<\/h5>\n    <\/div>\n<div class=\"bs-post__learn-more\">\n    <span class='btn learn-more-text bs-post__learn-more-text'>Read More<\/span><\/div>\n<\/div>\t\t\t<\/div>\n\t\t\t<\/a>\t\t<\/div>\n\t<\/div>\n\n\n\n<div class=\" bs-column col-sm-4   bs-column-b619eb984092e720779a969a873521d2ec1a85a5 bs-column---default     \">\t\t\t\t\t<div class=\"bs-post bs-post-69e53231c51ed bs-single-post---default enable\" >\n\t\t\t<a class=\"bs-post__trigger\" href='https:\/\/swimlane.com\/pt\/blog\/how-long-does-it-take-you-to-identify-phishing-emails\/' target='_self'>\t\t\t<div class=\"bs-post__inner\">\n\t\t\t\t<div class=\"bs-post__details\">    <div class=\"bs-post__date\">\n        <span>Set 27, 2024<\/span>\n    <\/div>\n    <div class=\"bs-post__title\">\n        <h5>How Long Does it Take You to Successfully Identify Phishing Emails?<\/h5>\n    <\/div>\n<div class=\"bs-post__learn-more\">\n    <span class='btn learn-more-text bs-post__learn-more-text'>Read More<\/span><\/div>\n<\/div>\t\t\t<\/div>\n\t\t\t<\/a>\t\t<\/div>\n\t<\/div>\n<\/div><\/div><\/div>\n<\/div><\/div>\n\n\n<\/div>\n<\/div>\n<\/div><\/section>\n\n\n\n<section class=\"bs-section bs-section-2a4a600ae9ab197b6a4ccafe05152bf1a2fde1d1 bs-section---default bs-section--newsletter bs-section--common-marketo-form bs-section--common-marketo-form-two-columns  \"><style>.bs-section.bs-section-2a4a600ae9ab197b6a4ccafe05152bf1a2fde1d1{ background-color: #000743;} <\/style><div class=\"container-fluid\">\n<div class=\"bs-row row   bs-row---default\">\n<div class=\" bs-column col-sm-0 col-md-0 col-lg-6   bs-column-df5e10bef85c15055718b4d93887855962017939 bs-column---default     \">\n<h2 class=\"wp-block-heading has-white-color has-text-color\" id=\"requestor\">Request a Live Demo<\/h2>\n<\/div>\n\n\n\n<div class=\" bs-column col-sm-0 col-md-0 col-lg-6   bs-column-df5e10bef85c15055718b4d93887855962017939 bs-column---default     \"><div class='media-elements bs-media-element---default enable'>    <div class='bs-common-image'>\n                            <figure class='figure justify-content-start d-flex'>\n                            <picture>\n                            \n                            <img src='https:\/\/swimlane.com\/wp-content\/uploads\/liitp.svg' class='img-fluid'   alt='' title=''  \/>\n                            <\/picture>\n                                \n                            <\/figure>\n                        <\/div><\/div>\n\n<script src=\"\/\/pages.swimlane.com\/js\/forms2\/js\/forms2.min.js\"><\/script>\n<form id=\"mktoForm_1017\"><\/form>\n<script>\n    var embeddedFormId = '05a6905d0187a23e165b2fd995e965fe15cb94f6';\n    var marketoBaseUrl = '\/\/pages.swimlane.com';\n    var munchkinId = '978-QCM-390';\n    var formId = '1017';\n    var responseType = 'redirect';\n    var responseMessage = 'Thank you!';\n    var redirectURL = '';\n    var downloadFileURL = '';\n    var linkOpenType = '_self';\n    var popupVideo = 'url';\n    var popupVideoURL = '';\n    var popupVideoUploadURL = '';\n    MktoForms2.loadForm(marketoBaseUrl, munchkinId, formId, function(form) {\n        form.onSuccess(function(values, followUpUrl) {\n            document.getElementById(\"int_mktoForm_\" + formId).innerHTML = responseMessage;\n                    });\n    });\n<\/script>\n<div class=\"form-submit-note\" id=\"int_mktoForm_1017\"><\/div>\n<!-- Incluing form response options -->\n\n\n\n<script>\n    (function() {\n        \/\/ Please include the email domains you would like to block in this list\n        var invalidDomains = [\"@gmail.\", \"@yahoo.\", \"@hotmail.\", \"@live.\", \"@icloud.\",\"@aol.\", \"@outlook.\", \"@proton.\", \"@mailinator.\"];\n\n\n        MktoForms2.whenReady(function(form) {\n            form.onValidate(function() {\n                var email = form.vals().Email;\n                if (email) {\n                    if (!isEmailGood(email)) {\n                        form.submitable(false);\n                        var emailElem = form.getFormElem().find(\"#Email\");\n                        form.showErrorMessage(\"Must be Business email.\", emailElem);\n                    } else {\n                        form.submitable(true);\n                    }\n                }\n            });\n        });\n\n        function isEmailGood(email) {\n            for (var i = 0; i < invalidDomains.length; i++) {\n                var domain = invalidDomains[i];\n                if (email.indexOf(domain) != -1) {\n                    return false;\n                }\n            }\n            return true;\n        }\n\n\n    })(); \n<\/script>\n<\/div>\n<\/div>\n<\/div><\/section>\n","protected":false},"excerpt":{"rendered":"<p>A equipe Swimlane Deep Dive descobre dom\u00ednios maliciosos relacionados \u00e0 COVID-19.<\/p>","protected":false},"author":22,"featured_media":9653,"template":"","meta":{"_acf_changed":false,"show_custom_date":false,"custom_date":"","featured":false,"featured_image":0,"learn_more_label":"","image_alt_text":"","learn_more_type":"","learn_more_link":[],"show_popup":false,"disable_iframe":false,"enable_lazy_loading":false,"learn_more_link_file":0,"event_date":false,"event_start_date":"","event_end_date":"","featured_page_list":[],"_relevanssi_hide_post":"","_relevanssi_hide_content":"","_relevanssi_pin_for_all":"","_relevanssi_pin_keywords":"","_relevanssi_unpin_keywords":"","_relevanssi_related_keywords":"","_relevanssi_related_include_ids":"","_relevanssi_related_exclude_ids":"","_relevanssi_related_no_append":"","_relevanssi_related_not_related":"","_relevanssi_related_posts":"","_relevanssi_noindex_reason":"","inline_featured_image":false,"footnotes":""},"tags":[],"resource-type":[67],"resource-topic":[],"resource-industry":[],"blog-category":[68,69],"class_list":["post-9652","sw_resource","type-sw_resource","status-publish","has-post-thumbnail","hentry","resource-type-blogs","blog-category-news-and-events","blog-category-use-cases"],"acf":[],"yoast_head":"<!-- This site is optimized with the Yoast SEO Premium plugin v22.5 (Yoast SEO v27.1.1) - https:\/\/yoast.com\/product\/yoast-seo-premium-wordpress\/ -->\n<title>Identify Malicious COVID Domains with SOAR<\/title>\n<meta name=\"description\" content=\"Swimlane Deep Dive team uncovers malicious domains related to COVID-19\" \/>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/swimlane.com\/pt\/blogue\/identifique-dominios-maliciosos-usando-o-soar\/\" \/>\n<meta property=\"og:locale\" content=\"pt_PT\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"Identify Malicious Domains using SOAR\" \/>\n<meta property=\"og:description\" content=\"Swimlane Deep Dive team uncovers malicious domains related to COVID-19\" \/>\n<meta property=\"og:url\" content=\"https:\/\/swimlane.com\/pt\/blogue\/identifique-dominios-maliciosos-usando-o-soar\/\" \/>\n<meta property=\"og:site_name\" content=\"AI Security Automation\" \/>\n<meta property=\"article:modified_time\" content=\"2026-03-03T11:10:55+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/swimlane.com\/wp-content\/uploads\/COVID-19-Identify-Malicious-Domains-using-SOAR.png\" \/>\n\t<meta property=\"og:image:width\" content=\"800\" \/>\n\t<meta property=\"og:image:height\" content=\"533\" \/>\n\t<meta property=\"og:image:type\" content=\"image\/png\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:site\" content=\"@swimlane\" \/>\n<meta name=\"twitter:label1\" content=\"Tempo estimado de leitura\" \/>\n\t<meta name=\"twitter:data1\" content=\"7 minutos\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\/\/schema.org\",\"@graph\":[{\"@type\":\"WebPage\",\"@id\":\"https:\/\/swimlane.com\/pt\/blog\/identify-malicious-domains-using-soar\/\",\"url\":\"https:\/\/swimlane.com\/pt\/blog\/identify-malicious-domains-using-soar\/\",\"name\":\"Identify Malicious COVID Domains with SOAR\",\"isPartOf\":{\"@id\":\"https:\/\/swimlane.com\/pt\/#website\"},\"primaryImageOfPage\":{\"@id\":\"https:\/\/swimlane.com\/pt\/blog\/identify-malicious-domains-using-soar\/#primaryimage\"},\"image\":{\"@id\":\"https:\/\/swimlane.com\/pt\/blog\/identify-malicious-domains-using-soar\/#primaryimage\"},\"thumbnailUrl\":\"https:\/\/swimlane.com\/wp-content\/uploads\/COVID-19-Identify-Malicious-Domains-using-SOAR.png\",\"datePublished\":\"2020-03-25T18:52:00+00:00\",\"dateModified\":\"2026-03-03T11:10:55+00:00\",\"description\":\"Swimlane Deep Dive team uncovers malicious domains related to COVID-19\",\"breadcrumb\":{\"@id\":\"https:\/\/swimlane.com\/pt\/blog\/identify-malicious-domains-using-soar\/#breadcrumb\"},\"inLanguage\":\"pt-PT\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\/\/swimlane.com\/pt\/blog\/identify-malicious-domains-using-soar\/\"]}]},{\"@type\":\"ImageObject\",\"inLanguage\":\"pt-PT\",\"@id\":\"https:\/\/swimlane.com\/pt\/blog\/identify-malicious-domains-using-soar\/#primaryimage\",\"url\":\"https:\/\/swimlane.com\/wp-content\/uploads\/COVID-19-Identify-Malicious-Domains-using-SOAR.png\",\"contentUrl\":\"https:\/\/swimlane.com\/wp-content\/uploads\/COVID-19-Identify-Malicious-Domains-using-SOAR.png\",\"width\":800,\"height\":533,\"caption\":\"Smartphone screen displaying an official government coronavirus (COVID-19) information page with guidance on protecting yourself and others.\"},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\/\/swimlane.com\/pt\/blog\/identify-malicious-domains-using-soar\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\/\/swimlane.com\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"Identify Malicious Domains using SOAR\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\/\/swimlane.com\/pt\/#website\",\"url\":\"https:\/\/swimlane.com\/pt\/\",\"name\":\"Low-Code Security Automation & SOAR Platform | Swimlane\",\"description\":\"Agentic AI automation for every security function\",\"publisher\":{\"@id\":\"https:\/\/swimlane.com\/pt\/#organization\"},\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\/\/swimlane.com\/pt\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"pt-PT\"},{\"@type\":\"Organization\",\"@id\":\"https:\/\/swimlane.com\/pt\/#organization\",\"name\":\"Low-Code Security Automation & SOAR Platform | Swimlane\",\"url\":\"https:\/\/swimlane.com\/pt\/\",\"logo\":{\"@type\":\"ImageObject\",\"inLanguage\":\"pt-PT\",\"@id\":\"https:\/\/swimlane.com\/pt\/#\/schema\/logo\/image\/\",\"url\":\"https:\/\/swimlane.com\/wp-content\/uploads\/sw-inline-logo-color-white.svg\",\"contentUrl\":\"https:\/\/swimlane.com\/wp-content\/uploads\/sw-inline-logo-color-white.svg\",\"width\":912,\"height\":190,\"caption\":\"Low-Code Security Automation & SOAR Platform | Swimlane\"},\"image\":{\"@id\":\"https:\/\/swimlane.com\/pt\/#\/schema\/logo\/image\/\"},\"sameAs\":[\"https:\/\/x.com\/swimlane\",\"https:\/\/www.linkedin.com\/company\/swimlane\/\"]}]}<\/script>\n<!-- \/ Yoast SEO Premium plugin. -->","yoast_head_json":{"title":"Identifique dom\u00ednios maliciosos relacionados \u00e0 COVID com o SOAR.","description":"A equipe Swimlane Deep Dive descobre dom\u00ednios maliciosos relacionados \u00e0 COVID-19.","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/swimlane.com\/pt\/blogue\/identifique-dominios-maliciosos-usando-o-soar\/","og_locale":"pt_PT","og_type":"article","og_title":"Identify Malicious Domains using SOAR","og_description":"Swimlane Deep Dive team uncovers malicious domains related to COVID-19","og_url":"https:\/\/swimlane.com\/pt\/blogue\/identifique-dominios-maliciosos-usando-o-soar\/","og_site_name":"AI Security Automation","article_modified_time":"2026-03-03T11:10:55+00:00","og_image":[{"width":800,"height":533,"url":"https:\/\/swimlane.com\/wp-content\/uploads\/COVID-19-Identify-Malicious-Domains-using-SOAR.png","type":"image\/png"}],"twitter_card":"summary_large_image","twitter_site":"@swimlane","twitter_misc":{"Tempo estimado de leitura":"7 minutos"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"WebPage","@id":"https:\/\/swimlane.com\/pt\/blog\/identify-malicious-domains-using-soar\/","url":"https:\/\/swimlane.com\/pt\/blog\/identify-malicious-domains-using-soar\/","name":"Identifique dom\u00ednios maliciosos relacionados \u00e0 COVID com o SOAR.","isPartOf":{"@id":"https:\/\/swimlane.com\/pt\/#website"},"primaryImageOfPage":{"@id":"https:\/\/swimlane.com\/pt\/blog\/identify-malicious-domains-using-soar\/#primaryimage"},"image":{"@id":"https:\/\/swimlane.com\/pt\/blog\/identify-malicious-domains-using-soar\/#primaryimage"},"thumbnailUrl":"https:\/\/swimlane.com\/wp-content\/uploads\/COVID-19-Identify-Malicious-Domains-using-SOAR.png","datePublished":"2020-03-25T18:52:00+00:00","dateModified":"2026-03-03T11:10:55+00:00","description":"A equipe Swimlane Deep Dive descobre dom\u00ednios maliciosos relacionados \u00e0 COVID-19.","breadcrumb":{"@id":"https:\/\/swimlane.com\/pt\/blog\/identify-malicious-domains-using-soar\/#breadcrumb"},"inLanguage":"pt-PT","potentialAction":[{"@type":"ReadAction","target":["https:\/\/swimlane.com\/pt\/blog\/identify-malicious-domains-using-soar\/"]}]},{"@type":"ImageObject","inLanguage":"pt-PT","@id":"https:\/\/swimlane.com\/pt\/blog\/identify-malicious-domains-using-soar\/#primaryimage","url":"https:\/\/swimlane.com\/wp-content\/uploads\/COVID-19-Identify-Malicious-Domains-using-SOAR.png","contentUrl":"https:\/\/swimlane.com\/wp-content\/uploads\/COVID-19-Identify-Malicious-Domains-using-SOAR.png","width":800,"height":533,"caption":"Smartphone screen displaying an official government coronavirus (COVID-19) information page with guidance on protecting yourself and others."},{"@type":"BreadcrumbList","@id":"https:\/\/swimlane.com\/pt\/blog\/identify-malicious-domains-using-soar\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/swimlane.com\/"},{"@type":"ListItem","position":2,"name":"Identify Malicious Domains using SOAR"}]},{"@type":"WebSite","@id":"https:\/\/swimlane.com\/pt\/#website","url":"https:\/\/swimlane.com\/pt\/","name":"Automa\u00e7\u00e3o de seguran\u00e7a de baixo c\u00f3digo e plataforma SOAR | Swimlane","description":"Automa\u00e7\u00e3o de IA ag\u00eantica para todas as fun\u00e7\u00f5es de seguran\u00e7a","publisher":{"@id":"https:\/\/swimlane.com\/pt\/#organization"},"potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/swimlane.com\/pt\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"pt-PT"},{"@type":"Organization","@id":"https:\/\/swimlane.com\/pt\/#organization","name":"Automa\u00e7\u00e3o de seguran\u00e7a de baixo c\u00f3digo e plataforma SOAR | Swimlane","url":"https:\/\/swimlane.com\/pt\/","logo":{"@type":"ImageObject","inLanguage":"pt-PT","@id":"https:\/\/swimlane.com\/pt\/#\/schema\/logo\/image\/","url":"https:\/\/swimlane.com\/wp-content\/uploads\/sw-inline-logo-color-white.svg","contentUrl":"https:\/\/swimlane.com\/wp-content\/uploads\/sw-inline-logo-color-white.svg","width":912,"height":190,"caption":"Low-Code Security Automation & SOAR Platform | Swimlane"},"image":{"@id":"https:\/\/swimlane.com\/pt\/#\/schema\/logo\/image\/"},"sameAs":["https:\/\/x.com\/swimlane","https:\/\/www.linkedin.com\/company\/swimlane\/"]}]}},"publishpress_future_workflow_manual_trigger":{"enabledWorkflows":[]},"_links":{"self":[{"href":"https:\/\/swimlane.com\/pt\/wp-json\/wp\/v2\/sw_resource\/9652","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/swimlane.com\/pt\/wp-json\/wp\/v2\/sw_resource"}],"about":[{"href":"https:\/\/swimlane.com\/pt\/wp-json\/wp\/v2\/types\/sw_resource"}],"author":[{"embeddable":true,"href":"https:\/\/swimlane.com\/pt\/wp-json\/wp\/v2\/users\/22"}],"version-history":[{"count":1,"href":"https:\/\/swimlane.com\/pt\/wp-json\/wp\/v2\/sw_resource\/9652\/revisions"}],"predecessor-version":[{"id":54411,"href":"https:\/\/swimlane.com\/pt\/wp-json\/wp\/v2\/sw_resource\/9652\/revisions\/54411"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/swimlane.com\/pt\/wp-json\/wp\/v2\/media\/9653"}],"wp:attachment":[{"href":"https:\/\/swimlane.com\/pt\/wp-json\/wp\/v2\/media?parent=9652"}],"wp:term":[{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/swimlane.com\/pt\/wp-json\/wp\/v2\/tags?post=9652"},{"taxonomy":"resource-type","embeddable":true,"href":"https:\/\/swimlane.com\/pt\/wp-json\/wp\/v2\/resource-type?post=9652"},{"taxonomy":"resource-topic","embeddable":true,"href":"https:\/\/swimlane.com\/pt\/wp-json\/wp\/v2\/resource-topic?post=9652"},{"taxonomy":"resource-industry","embeddable":true,"href":"https:\/\/swimlane.com\/pt\/wp-json\/wp\/v2\/resource-industry?post=9652"},{"taxonomy":"blog-category","embeddable":true,"href":"https:\/\/swimlane.com\/pt\/wp-json\/wp\/v2\/blog-category?post=9652"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}