A rush of new websites referencing Venezuela’s June earthquake has added a new online risk to an already urgent humanitarian crisis, with researchers warning that donation pages, missing person listings, and crypto payment requests need careful checks before people share money or personal details.
WhoisXML API, a cyber threat intelligence provider, said its latest review found 212 domains registered between 24 and 28 June 2026 that clearly reference the Venezuela earthquake. The company said the names were pulled from its newly registered domain feed and filtered for terms linked to Venezuela, local place names, earthquake wording, and aid-related phrases.
According to the company’s report shared with Hackread.com, researchers found no earthquake-themed domains matching their criteria in the three days before the quake. However, on 24 June, the day the disaster hit, Activity began and then peaked on 25 June, when 105 of the 212 domains were filed. More names followed, with 60 on 26 June, 29 on 27 June, and 15 on 28 June.
The registrations came after a magnitude 7.2 foreshock and a magnitude 7.5 mainshock struck north central Venezuela on 24 June. The disaster quickly led to rescue operations, aid appeals, missing person searches, and public calls for donations, creating the kind of online environment where legitimate relief work and fraud can appear side by side.
WhoisXML API said that many of the domains use language that sounds helpful at first reading. 110 names in the dataset appear linked to aid or donations, 52 use SOS or rescue wording, 56 reference earthquakes or seismic activity, and 12 refer to missing or affected people. Other names point to medical help, shelters, information pages, maps, and tracking services.
That does not mean the domains are malicious. The report states that many may belong to real organizations, volunteers, journalists, researchers, advocates, or community groups trying to respond quickly. But new disaster-related domains can be hard for the public to verify, especially when they ask for money, identity details, or information about missing people.
Another noteworthy issue is the ownership of these domains. WhoisXML API found that 93 percent of the domains exposed no individual registrant mailbox, either because privacy services were used or no direct registrant contact was listed.
Additionally, the domains were spread among 28 registrars and 20 top-level domains (TLDs), with Namecheap accounting for the largest share at 46 domains, followed by Name.com with 43, GoDaddy with 28, Cloudflare with 25, and Hostinger with 23.
The infrastructure does not point to one single operator, according to the company. Only one registrant mailbox appeared more than once in the visible data, connected to three domains using the same second-level name under different top-level domains. WhoisXML API said the pattern looked more like many separate registrations moving at the same time than one bulk operation.
The highest risk sits with pages that request donations without clear proof of who controls the site or where the money will go. Alexandre François, DNS threat researcher and research and media collaborations director at WhoisXML API, said some live pages already ask for cryptocurrency donations, including Bitcoin, while giving no clear confirmation that funds will reach victims.
Disaster Exploitation: No Honor Among Thieves
Disaster scams often work because they exploit urgency, grief, and public pressure to help fast. Scammers have used Gaza relief appeals to steal donations, posed as fire relief services during the 2025 California wildfires, and treated COVID-19 as a lucrative opening for phishing, fake charities, and malware campaigns.
In October 2024, Hurricane Milton in Florida was also abused by fraudsters through fake FEMA claims and malicious files disguised as emergency information. In Venezuela’s case, the domain activity shows how quickly the web reacts to a crisis, not only through help and coordination, but also through pages that ordinary users may struggle to judge.
Therefore, if you plan to donate to victims in in Venezuela, verify the organization through its official channels, check whether the domain was created recently, and avoid crypto-only payment requests that do not provide a named charity, registration details, or transparent fund handling information.
People sharing missing person reports should also be cautious. A name listed only on a site created after the quake should not be treated as verified on its own. Families and volunteers should compare such entries with established official platforms before submitting personal details or passing the link to others.
