Tracing Covid-19 domain name clusters on the internet

During the Covid-19 pandemic, many new Internet domains appeared which contain keywords related to the pandemic. While part of these domains are just legitimate information sites, a significant number of them are related to all sorts of malicious activity, from disinformation, to phishing, the spreading of malware, and more. Given a dataset from OpenINTEL[14], which includes a set of internet domain names containing Covid-19-related keywords, we will try to find traits to identify trends or common actors that register and run these domains. We determined that the majority of domains were created during the first wave of the pandemic and 28% of domains are malicious. These findings show that it is more demanding than ever to determine which domains are used for legitimate purposes during the Covid-19 pandemic.