So my process for cover domains:

https://www.expireddomains.net/domain-name-search/?start=100&q=investments+.com&o=whois2&r=d

With the keyword of choice (investments, trading, finance, etc. - I would use industry appropriate terms if I was going after an edu or other industry). Sort by available - you want expired domains, not something that's parked.

Anything interesting/plausible sounding, I stick in Bluecoat Site review to see if its classified:

https://sitereview.bluecoat.com/#/

Watch out for suspicious domains. A lot of the finance domains are expired phishing pages - good if you're doing a specific threat simulation and want to test the controls, bad if you don't want to get caught.

Good one I just found:

ifainvestmentsolutions.com

Classified as financial services, likely an old/secondary domain for a London Trading firm by the same name. The company exists, so I wouldn't stand up web servers or LinkedIn pages for it (too creepy, and feels like it pushes into trademark/branding issues we want to stay far away from) - but good for light email cover.

https://github.com/Mr-Un1k0d3r/CatMyFish

Domain Categorization:

Blue Coat https://sitereview.bluecoat.com/sitereview.jsp Zscaler http://zulu.zscaler.com/ Websense http://csi.websense.com/ McAfee https://trustedsource.org/en/feedback/url?action=checksingle Barracuda http://www.barracudacentral.org/lookups TrendMicro http://global.sitesafety.trendmicro.com/index.php Symantec http://rulespace.com/swg-ratertool/tool.php Sophos https://secure2.sophos.com/en-us/threat-center/reassessment-request.aspx Trustwave https://www3.trustwave.com/support/m86filtercheck.asp BrightCloud http://www.brightcloud.com/tools/change-request-url-categorization.php CheckPoint https://www.checkpoint.com/urlcat/main.htm Zvelo https://zvelo.com/ AVG http://www.avgthreatlabs.com/ww-en/website-safety-reports/ Palo Alto https://urlfiltering.paloaltonetworks.com/ Fortinet http://fortiguard.com/webfilter