Friday 15 July 2022
This blog looks at the dubious awards for worst domain spaces across Malware, Phishing Attacks and Spam. Not all domain spaces are designed to be good.
Domain Tools recently released its spring report, Internet Scale Patterns in Malicious Infrastructure that analyzed the prevalence of phishing, malware and spam compared to the number of domains registered.
Not surprisingly the domain name spaces that were cheap or are given at no cost are the worst offenders in each of the three categorize studies: phishing, malware and spam. The same applies for SSLs, where cheap of free SSls are provided, bad actors favour them, for example, Let’s encrypt is a free SSL and shows up high in DomainTools’ badness reports for SSL certificates.
Top Phishing Domain Spaces
Phishing Following are the top ten TLDs ranked by signal strength for phishing. The domain spaces .buzz, .rest, .ml, .top, .monster, and .cyou were all in the previous Top 10 list for phishing. .buzz more than doubled the dodgy signal strength than any other TLDs. Top 10 Phishing domain name spaces were:
1.buzz
2.gq
3.ga
4.rest
5.ml
6.top
7.cf
8.monster
9.cyou
10.quest
Top Malware Domain Spaces
Sorry, .xyz, but your reputation in the infosec community is what it is for a reason. In the Malware category, we observed over 323,000 domains in .xyz, a significant uptick from its previous showing of a still-substantial ~207,000.
Top 10 Malware domain name spaces were:
- .xyz
- .cc
- .buzz
- .cfd
- .cyou
- .top
- .gq
- .bar
- .ga
- .monster
Top Spam Domain Spaces
Among TLDs with the highest signal strength for spam, .cam made a major jump, from the 8th position to 1st. TLDs repeating from last time were .cam, .bar, .surf, and .xyz. Another data point that stands out about .xyz is its high overall count of spam domains, with almost 56,000 as of our snapshot time.
Top 10 Spam domain name spaces were:
- .cam
- .bar
- .surf
- .xyz
- .click
- .top
- .tk
- .ml
- .ga
- .cf
About brandsec
Brandsec is a corporate domain name management and brand protection company that looks after many of Australia, New Zealand and Asia’s top publicly listed brands. We provide monitoring and enforcement services, DNS, SSL Management, domain name brokerage and dispute management and brand security consultation services.