<img src="https://certify.alexametrics.com/atrk.gif?account=kla4t1zDGU20kU" style="display:none" height="1" width="1" alt="">
Contact us
Request demo →
Contact us
German website
search
close

Pandemic-related domains list

by Sebastiaan Bosman Blog, Analyst Report 11 May 2020

The 2020 pandemic has forced us all to adapt the way we work and communicate. Cybercriminals are leveraging the situation at the expense of others. At Cybersprint, we aim to keep these digital risks to a minimum. Therefore, we're sharing our research, containing a list of dodgy Corona-related domains you can use for blacklisting purposes.

Creating a domain ‘blacklist’

In our previous blog, we talked about three types of malicious activity to watch out for. Cybercriminals are using a variety of methods for their own gain. The opportunists are (falsely) offering supplies such as face masks or phony tests. Fraudsters are using the crisis and increased web traffic on the subject for phishing purposes and to spread malware. In addition, nation state-funded campaigns and the spread of misinformation don’t help either.

The cybercriminals are setting up new domains for their activities. The registration date of the domains can be tracked, together with other detectable information. We have taken these variables to trace domain registrations related to the pandemic using our Digital Risk Protection platform. The result is a list of thousands of domain names. Please note we can't be sure there aren't any genuine domains in here, but we believe the vast majority of these entries are, or will be used, for malicious purposes. If you want to use them for blacklisting, please bear this in mind. 

You can download the complete list here (.xlsx).

Development over time

So far, we have traced over 94,600 new domains. After 11 March, the daily registrations increased rapidly, peaking at over 4700 on 18 March. After that, we started to see a decline in registrations, as shown below.


Still, the activity has not stopped yet. COVID-19 related domains kept being created in the weeks after the spike, with an average of 372 new domains per day starting from 29 March. 

Unfortunately, the decline we saw over April hasn't continued, as new spikes appeared late April and early May. We don't expect the opportunists to completely diminish their activity in the near future. Until then, we advise to stay vigilant when it comes to URLs and websites on COVID-19 and the corona virus in general. 


pasfoto001Sebastiaan Bosman is Content Marketeer at Cybersprint.
With a background in Comm
unications and Linguistics,
he is responsible for the creation and editing processes of most internal and external communication. He writes content such as blogs, whitepapers and case studies, primarily based on Cybersprint’s own research data. Previously, Sebastiaan worked as Content & Communications Advisor at ING Global. 

What does effective attack surface management look like?

In recent blog posts we’ve discussed the need to understand how your attack surface affects your risk and highlighted three areas that regularly slip under the radar when trying to analyse the true extent of that attack surface. The answer to both these challenges is attack surface management, and in this blog we’re going to focus on what that looks like.

read more

3 Constantly Evolving Areas of Risk Your Organisation Could Be Overlooking

As we mentioned in our previous blog, your attack surface is a constantly evolving source of risks. This is compounded by the fact that most organisations can only see a portion of their attack surface – we believe they’re missing 30 to 50 percent.

read more

Understanding your organisation’s attack surface and why it poses a risk

Your attack surface is the sum of the exposed and internet-facing assets, and the associated risks a hacker can exploit to carry out a cyber-attack. Over the past decade or so, that attack surface has changed dramatically. Long gone are the days when the only things exposed to the outside world were your website and your mail server. Today, increased complexity means that many organisations often have huge attack surfaces – in fact, we believe that the attack surface has grown by around 1000% in the past 10 years.

read more

Do you have a question?

Our experts have the answers

Contact us