COVID-19 Spam website collection

I've started collecting some website and example of spam messages and website as during this period.

this page will get updated over time so keep it monitored. if you know more put them in the comments and I'll integrate the missing one.

I've written an article here with suggestions on remote working safely, the blog post on protecting your identity and Multi Factor Authentication are still applicable during these tough times

To report a new one, add them in the comment section below and on this website: https://www.phishtank.com/

Safe map of coronavirus: https://gisanddata.maps.arcgis.com/apps/opsdashboard/index.html#/bda7594740fd40299423467b48e9ecf6

Following some domains with the source, they were mentioned (as not every website has been verified take it with a pinch of salt. The sites at the top have been verified while the ones at the bottom have been just announced.

List of covid 19 malicious URLs (phishing/spam)

New from abuse.ch

• GZ: https://bazaar.abuse.ch/sample/533d468a0feb495dc12aa8d399844ebdb03c56eab5b04fbdadc4fa65c68138cf

• GuLoader: https://bazaar.abuse.ch/sample/97e961ffd1883624c6629f8e621d86ac6388751a15a851c33eb12006ab9e1bff

• AgentTesla: https://bazaar.abuse.ch/sample/668c31c58c0816f31b863d088cb88ff43f7c69aeae0e21734f96dd9a5992a872/

• GuLoader payload URL: https://urlhaus.abuse.ch/url/332150/

Other addresses

Lindsay Kaye, director of operation outcomes at Recorded Future, specifically called out the following domains as potentially dangerous:

• coronavirusstatus[.]space

• coronavirus-map[.]com

• blogcoronacl.canalcero[.]digital

• coronavirus[.]zone

• coronavirus-realtime[.]com

• coronavirus[.]app

• bgvfr.coronavirusaware[.]xyz

• Coronavirusaware[.]xyz

Forbes - Bernardo Quintero

• corona-virus[.]healthcare

• survivecoronavirus[.]org

• vaccine-coronavirus[.]com

• coronavirus[.]cc

• bestcoronavirusprotect[.]tk

• Coronavirusupdate[.]tk

From https://www.forbes.com/sites/thomasbrewster/2020/03/12/coronavirus-scam-alert-watch-out-for-these-risky-covid-19-websites-and-emails/#4833d7cb1099

Address released from Polish Police:

DomainAddress"in-post.net"

DomainAddress"faktury3941.org"

DomainAddress"rachinfo.com"

DomainAddress"get-payment.pl"

DomainAddress"e-bokpge.pl"

DomainAddress"e-platnosc.best"

DomainAddress"windykacjajagoda.org"

For the full list go here

Full list of IOC/Malicious domains

As a rule of thumb, those are some guidance:

• Beware of online requests for personal information. A coronavirus-themed email that seeks personal information like your Social Security number or login information is a phishing scam. Legitimate government agencies won’t ask for that information. Never respond to the email with your personal data.

• Check the email address or link. You can inspect a link by hovering your mouse button over the URL to see where it leads. Sometimes, it’s obvious the web address is not legitimate. But keep in mind phishers can create links that closely resemble legitimate addresses. Delete the email.

• Watch for spelling and grammatical mistakes. If an email includes spelling, punctuation, and grammar errors, it’s likely a sign you’ve received a phishing email. Delete it.

• Look for generic greetings. Phishing emails are unlikely to use your name. Greetings like “Dear sir or madam” signal an email is not legitimate.

• Avoid emails that insist you act now. Phishing emails often try to create a sense of urgency or demand immediate action. The goal is to get you to click on a link and provide personal information — right now. Instead, delete the message.

some examples of fake e-mail/websites: