The current outbreak of the COVID-19 created a perfect scenario for all sorts of scammers to monetize through fear, false promises and fraud. Since the beginning of March, tens of thousands of new domains have been registered using the terms “corona”, ‘covid’, ‘epidemic’, ‘pandemic’ and ‘wuhan’.
While some of these are legitimate – and some still point to parking pages – it is fair to assume that many are to be used for malicious purposes. In general, newly registered domains should be approached with caution, and under the current circumstances we should be even more vigilant.
Our team compiled a list of domains containing keywords related to the global pandemic from our Newly Registered Domains feed that can be used to protect your family, employees and customers. The list is based solely on the timeframe and the terms used to register the domains, no other assumptions are made. However, if used with caution, we believe it can help to keep people from falling for scams and to prevent the dissemination of misinformation.
The information is provided as-is, with no warranties and free for any use. We will continue to update these feeds likely in a daily basis, so feel free to automate your downloads using the links below:
- Text file containing all domain names detected so far
- Text file containing all domain names registered in a specific date
- http://malwarepatrolexport-covid-19.s3-website.us-east-2.amazonaws.com/domains/domains-YYMMDD.txt – substitute YYYY with year, MM with month and DD with day for the desired date
- Text file containing all domain names and respective IP addresses detected so far
- Text file containing all domain names and respective IP addresses registered in a specific date
- http://malwarepatrolexport-covid-19.s3-website.us-east-2.amazonaws.com/domains-ips/domains-ips.txt – substitute YYYY with year, MM with month and DD with day for the desired date
- JSON file containing all domain names detected so far and additional metadata
- JSON file containing all domain names registered in a specific date and additional metadata
- http://malwarepatrolexport-covid-19.s3-website.us-east-2.amazonaws.com/domains/domains-YYMMDD.json – substitute YYYY with year, MM with month and DD with day for the desired date
- BIND RPZ zone containing all domain names detected so far (test version)
- Squid compatible file containing all domain names detected so far (test version)
- Snort rules file containing all domain names detected so far (test version)
For information about other online coronavirus scams, check out these articles:
Coronavirus Scam Alert: Watch Out For These Risky COVID-19 Websites And Emails (Forbes)
Battling online coronavirus scams with facts (Malwarebytes)
Malicious coronavirus map hides AZORult info-stealing malware (SC Magazine)
Coronavirus Used in Spam, Malware, and Malicious Domains (TrendMicro)