800+ Newly Registered Domains Themed Around COVID-19 Have Been Detected in Israel
By LEO GIOSUÈ
The new coronavirus has impacted most countries. Among them, Israel confirmed its first COVID-19 case on February 21, with the number of new cases starting to peak in later March. On March 25 alone, 1,100 new cases were confirmed.Around the same time, our newly registered domains database detected a spike in coronavirus-related domain registrations with Israel as the registrant country.Newly Registered Domains and Confirmed Cases: What is the Link?A comparable trend from early March to mid-April can be seen from the two charts below. Here is the data from Johns Hopkins Coronavirus Center showing the daily number of confirmed cases in Israel until May:In parallel, the number of coronavirus-related domains where Israel was indicated as the registrant country. The newly registered domains in question contain any of the following word strings:
“corona”
“virus”
“mask”
“covid”
Should We Be Concerned About these Newly Registered Domains?Seven out of ten newly registered domains are tagged as suspicious at best and malicious at worst. Of course, some of the coronavirus-inspired domain names detected by the newly registered domains database may reflect the country’s entrepreneurial spirit and legitimate activities.However, many of these domains could also easily be used by threat actors in phishing, malware attacks, financial scams, and disinformation campaigns. From hundreds of coronavirus-themed domain names that list Israel as their registrant country, six categories stood out.1. Coronavirus Vaccine, Treatment, and TestingSeveral newly registered domains relate to the disease’s treatment, vaccine, and testing. As such, people would expect these domains to offer scientific information about COVID-19. However, only covid19kits-test[.]com had content (at the time of writing) among the domains listed below. The rest are either unreachable or parked with advertising links, as revealed by , a tool that allows users to take a screenshot of a website without visiting it.
treat-coronavirus[.]com
covid-19-vaccine[.]com
getcovid19rapidtest[.]com
fastcoronavirustest[.]com
covid19kits-test[.]com
coronavirusolutions[.]com
2. Coronavirus Prevention and Safety MeasuresAnother popular theme for coronavirus-inspired newly registered domains pertains to prevention and safety measures, including wearing masks. That applies to both global and Israel-specific domain names. Below are some examples:
covid-19virusprevention[.]com
covid19-mask-project[.]com
covid19-masks[.]com
coronavirussafetie[.]com
coronavirussafeties[.]com
top10coronaviruscleaners[.]com
coronavirusctrl[.]com
covid19-control[.]com
3. Coronavirus News and UpdatesSeveral domain names hint to providing coronavirus news, research, and the latest developments. People are understandably hungry for coronavirus information, yet it is important to note that threat actors could take advantage of this.Below are some examples of newly registered domains that belong to this category.
coronavirusnewsfeed[.]com
covid19-news[.]com
covid19new[.]com
covid19-virusupdates[.]com
covid19virus-info[.]com
covid19-usainfo[.]com
covidlive2020[.]com
coronavirus-channel[.]com
4. Coronavirus LawsuitsAlthough it’s primarily a healthcare issue, the effects of COVID-19 are felt in other industries. In the legal sector, several lawyers began offering their services to medical practitioners and patients seeking to initiate legal actions against hospitals and their employers. Though law firms can host a page on their websites for this specific service, it’s interesting to find several coronavirus lawsuit domains being registered.
yourcoronavirusattorney[.]com
coronavirusclassactioncom[.]com
legalrights-coronavirus[.]com
lawsuitscoronavirus[.]com
covid-19lawyers[.]com
attorneycoronavirus[.]com
covid-19attorneys[.]com
covid-19lawsuits[.]com
5. Location-Based DomainsSome domain names have location tags, such as those listed below.
israelcovid19[.]com
israelcovid-19[.]com
coronaviruseuropa[.]com
covid19-eu[.]com
israel-covid[.]com
covid19-usainfo[.]com
Since they are location-based, one may expect these websites to offer localized content. With the help of Screenshot API, we found that israelcovid19[.]com contains both local and international news.On the other hand, the website israelcovid-19[.]com looks exactly like israelcovid19[.]com, yet with Russian content (probably targeting the Russian community in Israel).Although the registrant’s name and organization are hidden according to WHOIS Lookup, the registrant address of both domains is Tel Aviv.6. Coronavirus Business and Other OpportunitiesTrue to Israel’s entrepreneurial spirit, some coronavirus-themed domains also relate to business and job opportunities. Below are some examples.
covid19-merchandise[.]com
covid19order[.]com
covid19-jobs[.]com
covidkitchens[.]com
coronavirus-ventures[.]com
covidfreehotel[.]com
covidfreeresort[.]com
covidholyday[.]com
covidfreecruise[.]com
covidfreetourism[.]com
covidfreetour[.]com
While some coronavirus-related domains are certainly used as part of legitimate response to the pandemic, others could be used as cybercrime weapons. The public at large needs to be careful when engaging with these and similar online properties.For organizations, integrating a newly registered domain database into their cybersecurity platforms can be helpful. By monitoring newly registered domains, they can better prevent cyber threats that bank on the abuse of domain names.
Related Tagsreviewdomain
if(catID != 151){
var cont = `Take Israel home with the new Jerusalem Post Store