counterfeit webshops on TLDs

Giovane Moura giovane.moura at
Wed Feb 26 11:59:45 UTC 2020


We've been busy over the last few years with identifying and removing
domain names hosting counterfeit webshops on our zone (.nl). We have now
documented our experience in an academic paper[1] and also now on Ripe
Labs blog[2].

The issue is that many people fall for these websites (which advertise
typically 60%+ discounts), only to end up receiving a counterfeit,
low-quality product, and then are left to deal with their financial
losses. And these shops may 'fly under the radar' for years, given they
do not raise red flags as phishing domains, but still they may incur
significant losses.

We share our experience in two controlled experiments that we run since
2017, and ultimately took down 4455 of those domains. To be fair, we are
not the first ones to identify these shops: Wang et. al[3]  carried out
a comprehensive study on the topic, but used search engine results as
input data and focusing on search engine optimization.

We, however, argue and show how TLDs provide a great vantage point to
identify and possibly remove such websites _in bulk_.

Some folks here may have had had similar experiences (e.g, .de took down
16,000 of those last year[4]), and others may consider taking a look on
their zones.







More information about the dns-operations mailing list