<img src="https://certify.alexametrics.com/atrk.gif?account=kla4t1zDGU20kU" style="display:none" height="1" width="1" alt="">
Contact us
Request demo →
Contact us
search
close

Pandemic-related domains list

by Sebastiaan Bosman Blog, Analyst Report 11 May 2020

The 2020 pandemic has forced us all to adapt the way we work and communicate. Cybercriminals are leveraging the situation at the expense of others. At Cybersprint, we aim to keep these digital risks to a minimum. Therefore, we're sharing our research, containing a list of dodgy Corona-related domains you can use for blacklisting purposes.

Creating a domain ‘blacklist’

In our previous blog, we talked about three types of malicious activity to watch out for. Cybercriminals are using a variety of methods for their own gain. The opportunists are (falsely) offering supplies such as face masks or phony tests. Fraudsters are using the crisis and increased web traffic on the subject for phishing purposes and to spread malware. In addition, nation state-funded campaigns and the spread of misinformation don’t help either.

The cybercriminals are setting up new domains for their activities. The registration date of the domains can be tracked, together with other detectable information. We have taken these variables to trace domain registrations related to the pandemic using our Digital Risk Protection platform. The result is a list of thousands of domain names. Please note we can't be sure there aren't any genuine domains in here, but we believe the vast majority of these entries are, or will be used, for malicious purposes. If you want to use them for blacklisting, please bear this in mind. 

You can download the complete list here (.xlsx).

Development over time

So far, we have traced over 94,600 new domains. After 11 March, the daily registrations increased rapidly, peaking at over 4700 on 18 March. After that, we started to see a decline in registrations, as shown below.


Still, the activity has not stopped yet. COVID-19 related domains kept being created in the weeks after the spike, with an average of 372 new domains per day starting from 29 March. 

Unfortunately, the decline we saw over April hasn't continued, as new spikes appeared late April and early May. We don't expect the opportunists to completely diminish their activity in the near future. Until then, we advise to stay vigilant when it comes to URLs and websites on COVID-19 and the corona virus in general. 


pasfoto001Sebastiaan Bosman is Content Marketeer at Cybersprint.
With a background in Comm
unications and Linguistics,
he is responsible for the creation and editing processes of most internal and external communication. He writes content such as blogs, whitepapers and case studies, primarily based on Cybersprint’s own research data. Previously, Sebastiaan worked as Content & Communications Advisor at ING Global. 

Cybersprint 5-year anniversary

2020 marks our five-year anniversary! To celebrate, we will publish five video interviews about our journey so far. One video every Thursday in the month October. 

read more

Hâck The Hague: From council questions to a unique hacking competition

The Hague Municipality’s Council, Monday 30th of September 2019 at 10:25 AM. On this location 3 years ago, the idea for the first edition of this event was established. Today, as chairman I have the pleasure to initiate its third edition, Hâck The Hague 2019. For the third year in a row, the municipality of The Hague and Cybersprint are working together to test the digital security of the city along with its inhabitants.

read more

Use case: Provincie Overijssel

For governmental organisations, it is important to have a clear overview of their digital footprint and risks. They need to ensure the right policies are in place when it comes to cybersecurity. To illustrate their challenges, and the benefits of digital footprint management, we've interviewed one of our customers from the governmental sector. Rick Verkade, Security and Privacy Specialist at Provincie Overijssel shares his experiences in this interview.

read more

Do you have a question?

Our experts have the answers

Contact us