The current outbreak of the COVID-19 created a perfect scenario for all sorts of scammers to monetize through fear, false promises and fraud. Since the beginning of March, tens of thousands of new domains have been registered using the terms “corona”, ‘covid’, ‘epidemic’, ‘pandemic’ and ‘wuhan’.

While some of these are legitimate – and some still point to parking pages – it is fair to assume that many are to be used for malicious purposes. In general, newly registered domains should be approached with caution, and under the current circumstances we should be even more vigilant.

 I have collaborated with various CTI Channels and put up these data sets for OSINT ideas :-

1. Text file containing all domain names detected so far

https://github.com/aksc1992/covid19intel/blob/master/malicious_domains2021.txt

2. Text file containing all domain names and respective IP addresses detected so far

https://github.com/aksc1992/covid19intel/blob/master/Malicous_domains-ips.txt

3. JSON file containing all domain names detected so far and additional metadata

https://github.com/aksc1992/covid19intel/blob/master/JSON_Malicious.txt

4. Snort rules file containing all domain names detected so far (test version)

https://github.com/aksc1992/covid19intel/blob/master/snort-rules.txt 

For information about other online coronavirus scams, check out these articles:

• Coronavirus Scam Alert: Watch Out For These Risky COVID-19 Websites And Emails (Forbes)

• Battling online coronavirus scams with facts (Malwarebytes)

• Malicious coronavirus map hides AZORult info-stealing malware (SC Magazine)

• Coronavirus Used in Spam, Malware, and Malicious Domains (TrendMicro)