New GTLDs Hotspots for Malicious Activity

A new study report has found that new gTLDs (Generic Top Level Domains) are hotspots for different kinds of malicious activities.

The 2017 DomainTools Report, brought out by DomainTools, reportedly the most popular Whois research service on the internet, discusses the various “hotspots” of malicious activity across the internet, focusing on examining four domain characteristics, namely generic Top Level Domains, Whois privacy provider, free email provider and IP geolocation.

A post on the DomainTools blog discusses the study in detail; it first explains how the analysis was done. The blog says- ” we examined four domain characteristics, to see what patterns emerged in the amounts and rates of nefarious activity tied to those characteristics: TLD, Whois privacy provider (for those domains registered with privacy), free email provider (for registration contact email addresses), and IP geolocation of the IP addresses associated with the domains. Using well-known blacklist providers, we analyzed the counts of blacklisted domains versus neutral domains, for each of the four characteristics. This gave us both absolute numbers of bad domains and ratios of good to bad…We looked at four particular types of nefarious activity: spam, phishing, botnet, and malware. ”

The research team at DomainTools that conducted the story, after making the observations, concluded that the gTLDs (Generic Top Level Domains) have the highest concentrations of all malicious activities. As per the research, .science had the highest concentration of bad domains, followed by .study and .racing.

The DomainTools blog says- “The top level domains (TLDs) with the highest concentrations of malicious activity are a brand-new slate this year, some with truly alarming concentrations of bad domains (for example, over 60% of the domains in .science have been blacklisted). Many of this year’s top-ten were not yet open for registration in 2015. Because new TLDs have been coming online at a great rate, we expect to continue to see a lot of churn in the rankings of the TLDs in future reports.”

The DomainTools team has also analyzed Whois records and found those email providers that have high concentrations of malicious domains. The team found mynet.com to be topping the list, which also included live.com and outlook.com. The DomainTools blog says- “Among free email providers (which are represented in the registrant email fields in domain Whois records), many of this year’s top-ten for concentration of malicious domains were also in the 2015 top rankings. One, however, stands out: mynet.com was unranked in 2015 and rose to 1st place in 2017, with over 60% of the associated domains on blacklists.”