The .science domain has become a “hotspots” of malicious or abusive activity on the internet, according to a new study out Tuesday.
DNS-based cyber threat intelligence DomainTools found that .science had the highest concentration of bad domains, followed by .study and .racing. None of the 2017's most malicious generic Top Level Domains (gTLDs) were in meaningful operation two years ago.
Highest concentration of bad domain charts [source: DomainTools]
Tim Helming, director of product management at DomainTools, explained that these TLDs are not inherently malicious, as single registrants can be responsible for the vast majority of nefarious domains. “It is worth noting that in .science, of the 230,000 domains in the TLD, over 144,000 (63 per cent) have been blacklisted and even more noteworthy, perhaps, is that the blacklisted domains in .science are dominated by a single registrant. Similarly, the blacklisted domains in the .racing TLD are also largely the work of a single registrant entity.”
DomainTools report also looked at which email providers, based on registrant contact information contained in Whois records, were most used by those registering malicious domains.
Mynet.com featured at the top of the list while Microsoft mail providers live.com and outlook.com also featured. “Mynet.com went from being completely absent in 2015 all the way to the dubious distinction of top slot this year, and live.com showed a significant increase in the rates of unsavory domains linked to it,” Helming said. “While it bears repeating that the use of any of these providers is not proof that a domain is dangerous, many of the actual concentrations are extremely high. Only one of the top ten had a lower than 10 per cent incidence of observed bad activity among the domains connected to it.”
More details on the research can be found on the Domain Tools blog here. ®