TIL – Malicious domains are frequently killed off within hours of creation

I stumbled on an interesting article today that did a deep dive into the average lifespan of what they define as malicious domains. While I’ve never heard of “malicious” domains, I assume that they’re talking about domains that are illegal to own for one reason or another. Apparently, these are being registered all the time, and killed off usually hours later.

A lot of the new domain names that are created die quickly, either by being canceled by the person who registered them or by the registrar like GoDaddy or the gTLD registry that’s responsible for whatever dot-domain it is. (Source – TechTarget)

As the article goes on, they start talking about Domain Blacklisting which it turns out is the biggest cause of death for malicious domains. The article jumps around quite a bit but there’s also a pretty interesting read about .TK domains and some of the absolutely insane things that happened with this previously unknown ccTLD.

If you go back a couple of years ago, about half of all new domain names came from a single country-code top-level domain (TLD). That was .tk for Tokelau, a small island off the coast of New Zealand. They did not really have a need for their own top-level domain — they didn’t even have much internet connectivity — so they rented it out to a commercial organization in the Netherlands. The owner of the organization did not have the public interest at heart; he was trying to maximize revenue at whatever cost. He had a way for people to buy domain names in bulk, which they did because they needed to buy cheap domain names for things like comment spam on forums and things like Amazon reviews; the places they wanted to spam were going to notice if the same domain name was trying to send comments again and again. They needed unique domain names for every comment. (Source – TechTarget)

There’s more to the story if you read on, including a system that would allow security professionals to arbitrarily kill off any .TK domain they wanted to.

Did you know about this malicious domain deletion process? What about the .TK saga? Both of these are news to me – always learning!

Morgan Linton

Morgan Linton