800+ Newly Registered Domains Themed Around COVID-19 Have Been Detected in Israel

By LEO GIOSUÈ
(photo credit: UNSPLASH)
(photo credit: UNSPLASH)
The new coronavirus has impacted most countries. Among them, Israel confirmed its first COVID-19 case on February 21, with the number of new cases starting to peak in later March. On March 25 alone, 1,100 new cases were confirmed.
Around the same time, our newly registered domains database detected a spike in coronavirus-related domain registrations with Israel as the registrant country.
Newly Registered Domains and Confirmed Cases: What is the Link?
A comparable trend from early March to mid-April can be seen from the two charts below. Here is the data from Johns Hopkins Coronavirus Center showing the daily number of confirmed cases in Israel until May:
Source: Johns Hopkins on June 23, 2020
Source: Johns Hopkins on June 23, 2020
In parallel, the number of coronavirus-related domains where Israel was indicated as the registrant country. The newly registered domains in question contain any of the following word strings:
  • “corona”
  • “virus”
  • “mask”
  • “covid”
Should We Be Concerned About these Newly Registered Domains?
Seven out of ten newly registered domains are tagged as suspicious at best and malicious at worst. Of course, some of the coronavirus-inspired domain names detected by the newly registered domains database may reflect the country’s entrepreneurial spirit and legitimate activities.
However, many of these domains could also easily be used by threat actors in phishing, malware attacks, financial scams, and disinformation campaigns. From hundreds of coronavirus-themed domain names that list Israel as their registrant country, six categories stood out.
1. Coronavirus Vaccine, Treatment, and Testing
Several newly registered domains relate to the disease’s treatment, vaccine, and testing. As such, people would expect these domains to offer scientific information about COVID-19. However, only covid19kits-test[.]com had content (at the time of writing) among the domains listed below. The rest are either unreachable or parked with advertising links, as revealed by , a tool that allows users to take a screenshot of a website without visiting it.
  • treat-coronavirus[.]com
  • covid-19-vaccine[.]com
  • getcovid19rapidtest[.]com
  • fastcoronavirustest[.]com
  • covid19kits-test[.]com
  • coronavirusolutions[.]com
2. Coronavirus Prevention and Safety Measures
Another popular theme for coronavirus-inspired newly registered domains pertains to prevention and safety measures, including wearing masks. That applies to both global and Israel-specific domain names. Below are some examples:
  • covid-19virusprevention[.]com
  • covid19-mask-project[.]com
  • covid19-masks[.]com
  • coronavirussafetie[.]com
  • coronavirussafeties[.]com
  • top10coronaviruscleaners[.]com
  • coronavirusctrl[.]com
  • covid19-control[.]com
3. Coronavirus News and Updates
Several domain names hint to providing coronavirus news, research, and the latest developments. People are understandably hungry for coronavirus information, yet it is important to note that threat actors could take advantage of this.
Below are some examples of newly registered domains that belong to this category.
  • coronavirusnewsfeed[.]com
  • covid19-news[.]com
  • covid19new[.]com
  • covid19-virusupdates[.]com
  • covid19virus-info[.]com
  • covid19-usainfo[.]com
  • covidlive2020[.]com
  • coronavirus-channel[.]com
4. Coronavirus Lawsuits
Although it’s primarily a healthcare issue, the effects of COVID-19 are felt in other industries. In the legal sector, several lawyers began offering their services to medical practitioners and patients seeking to initiate legal actions against hospitals and their employers. Though law firms can host a page on their websites for this specific service, it’s interesting to find several coronavirus lawsuit domains being registered.
  • yourcoronavirusattorney[.]com
  • coronavirusclassactioncom[.]com
  • legalrights-coronavirus[.]com
  • lawsuitscoronavirus[.]com
  • covid-19lawyers[.]com
  • attorneycoronavirus[.]com
  • covid-19attorneys[.]com
  • covid-19lawsuits[.]com
5. Location-Based Domains
Some domain names have location tags, such as those listed below.
  • israelcovid19[.]com
  • israelcovid-19[.]com
  • coronaviruseuropa[.]com
  • covid19-eu[.]com
  • israel-covid[.]com
  • covid19-usainfo[.]com
Since they are location-based, one may expect these websites to offer localized content. With the help of Screenshot API, we found that israelcovid19[.]com contains both local and international news.
On the other hand, the website israelcovid-19[.]com looks exactly like israelcovid19[.]com, yet with Russian content (probably targeting the Russian community in Israel).
Although the registrant’s name and organization are hidden according to WHOIS Lookup, the registrant address of both domains is Tel Aviv.
6. Coronavirus Business and Other Opportunities
True to Israel’s entrepreneurial spirit, some coronavirus-themed domains also relate to business and job opportunities. Below are some examples.
  • covid19-merchandise[.]com
  • covid19order[.]com
  • covid19-jobs[.]com
  • covidkitchens[.]com
  • coronavirus-ventures[.]com
  • covidfreehotel[.]com
  • covidfreeresort[.]com
  • covidholyday[.]com
  • covidfreecruise[.]com
  • covidfreetourism[.]com
  • covidfreetour[.]com
While some coronavirus-related domains are certainly used as part of legitimate response to the pandemic, others could be used as cybercrime weapons. The public at large needs to be careful when engaging with these and similar online properties.
For organizations, integrating a newly registered domain database into their cybersecurity platforms can be helpful. By monitoring newly registered domains, they can better prevent cyber threats that bank on the abuse of domain names.


Related Tags
review
domain