Well here’s an interesting one – Unit 42, the security division of Palo Alto Networks recently analyzed a boatload of newly registered domains and look what they found… (note: they use the acronym NRD to stand for newly registered domain)
Our analysis shows that more than 70% of NRDs are “malicious” or “suspicious” or “not safe for work.” This ratio is almost 10 times higher than the ratio observed in Alexa’s top 10,000 domains. Also, most NRDs used for malicious purposes are very short-lived. They can be alive only for a few hours or a couple of days, sometimes even before any security vendor can detect it. This is why blocking NRDs is a necessary, preventive security measure for enterprises.(Source – Palo Alto Networks)
When you think about it, this isn’t wildly surprising. Buying a brand new domain and getting a site on it usually takes some time. If you’re doing it quickly, there’s a good chance you’re used to quickly launching thin sites, and who likes to do that – spammers and scammers.
Of course, like most things in the domain world, all things are not equal when it comes to domain name extensions. The same is true for newly registered domains, here’s a breakdown of the top ten domain extensions when it comes to newly registered domains:
I’m not surprised to see .TK in second place, this domain extension has been a favorite of spammers and scammers for longer than I can remember. Honestly, have you ever been to a legitimate .TK site?
What was surprising to me was .ICU, a relatively new domain extension making the top ten actually beating out .TOP. Of course, just having a lot of new registrations doesn’t mean the domain is used by scammers. Here’s a more interesting chart (IMO) that shows malicious use by domain extension:
As you can see in the chart above, some of the extensions shown in the previous chart don’t even make the cut like .COM, .TK or .ICU. In fact, .TO, .KI, and .NF are the top offenders and to be perfectly honest, until reading this article I didn’t even know .KI or .NF existed!
The whole article is a really interesting read and I have to say Unit 42 did a great job doing a deep dive here. Have you ever been to a scam site on a .TO, .KI or .NF? What do you think about the data Unit 42 put together here? I want to hear from you, comment and let your voice be heard!