.Science and .study: Domains of the bookish? More like domains of the JERKS!

Only few bad apples at internet badness hotspots, though


The .science domain has become a “hotspots” of malicious or abusive activity on the internet, according to a new study out Tuesday.

DNS-based cyber threat intelligence DomainTools found that .science had the highest concentration of bad domains, followed by .study and .racing. None of the 2017's most malicious generic Top Level Domains (gTLDs) were in meaningful operation two years ago.

Highest concentration of bad domain charts [source: DomainTools]

Tim Helming, director of product management at DomainTools, explained that these TLDs are not inherently malicious, as single registrants can be responsible for the vast majority of nefarious domains. “It is worth noting that in .science, of the 230,000 domains in the TLD, over 144,000 (63 per cent) have been blacklisted and even more noteworthy, perhaps, is that the blacklisted domains in .science are dominated by a single registrant. Similarly, the blacklisted domains in the .racing TLD are also largely the work of a single registrant entity.”

DomainTools report also looked at which email providers, based on registrant contact information contained in Whois records, were most used by those registering malicious domains.

Mynet.com featured at the top of the list while Microsoft mail providers live.com and outlook.com also featured. “Mynet.com went from being completely absent in 2015 all the way to the dubious distinction of top slot this year, and live.com showed a significant increase in the rates of unsavory domains linked to it,” Helming said. “While it bears repeating that the use of any of these providers is not proof that a domain is dangerous, many of the actual concentrations are extremely high. Only one of the top ten had a lower than 10 per cent incidence of observed bad activity among the domains connected to it.”

More details on the research can be found on the Domain Tools blog here. ®

Similar topics


Other stories you might like

  • Red Hat effort to shut down WeMakeFedora.org deemed harassment
    IBM's Linux distro giant unable to wrestle domain name from owner

    IBM's Red Hat cannot prevent Daniel Pocock and his Software Freedom Institute SA from using the domain name WeMakeFedora.org, according to a ruling on Monday.

    Red Hat, which sponsors the development of the Fedora Linux distribution, challenged the inclusion of the trademarked term "Fedora" in the website URL, and demanded it be given the .org domain name. But under the Uniform Domain Name Dispute Resolution Policy (UDRP) established by DNS oversight body ICANN, a FORUM mediator found Red Hat's objections wanting, and refused to order a transfer of the domain.

    "There are no advertisements on the respondent's website," the decision states. "There is no evidence that respondent is a competitor of complainant, nor is there any evidence that respondent has operated the website for any commercial purpose. The panel rejects complainant's submission, unsupported by evidence, that respondent's conduct is likely to have been undertaken for commercial gain."

    Continue reading
  • Client demo in 30 minutes. Just what could go wrong?
    DNS means Do Not Shove under desk

    On Call Welcome to a continent-trotting edition of On Call, in which a Register reader takes a trip to sunnier climes only to be let down by a clown in windswept Blighty.

    Our hero, whom we shall call Simon though that is not his name, was gainfully employed at a UK telecoms outfit way back in the mid-1990s. Carrying the vaunted title of systems engineer, he was based in the City of London doing pre-sales work for some of the world's biggest finance companies.

    High-powered stuff, indeed.

    Continue reading
  • Nominet suspends 'single digit' number of Russian dot-UK domain registrars
    Does not wish to 'profit' from 'commercial arrangements' in Russia

    Nominet, the dot-UK domain registry, has announced that it will suspend services for Russian web domain registrars – and the British government says it "welcomes" the action.

    Suspension will prevent the registrars from managing or renewing dot-UK domains they own or control.

    "We are not accepting registrations from registrars in Russia – we are suspending the relevant tags. To avoid compromising outlets for expression outside the control of the regime, the very small number of domains with Russian address details will continue to operate as normal," said the organisation in a statement on its website.

    Continue reading
  • ICANN responds to Ukraine demand to delete all Russian domains
    Even if we wanted to, which we don't, we can't, so we won't, says boss

    ICANN on Wednesday rebuffed a request from Mykhailo Fedorov, First Vice Prime Minister of Ukraine, to revoke all Russian web domains, shut down Russian DNS root servers, and invalidate associated TLS/SSL certificates in response to the Russian invasion of Ukraine.

    Fedorov made his request because Russia's assault has been "made possible mainly due to Russia propaganda machinery using websites continuously spreading disinformation, hate speech, promoting violence and hiding the truth about the war in Ukraine."

    In a publicly posted reply [PDF], Göran Marby, CEO of ICANN, said his organization is an independent technical body charged with overseeing the global internet's DNS and unique identifiers and must maintain neutrality.

    Continue reading
  • Russia acknowledges sanctions could hurt its tech companies
    Cuts taxes, offers subsidies, defers military service for developers – and preps for internet isolation

    Russia's Ministry of Digital Development has acknowledged that sanctions may send its tech businesses to the wall, and announced a raft of measures designed to stop that happening – among them ending dependency on internet infrastructure hosted offshore and disconnecting from the global internet.

    News of the industry support measures comes from an FAQ published by the Ministry on Saturday, which The Register has translated with online services. Among the questions asked is the poser: "What to do if IT specialists massively lose their jobs due to the suspension of the activities of foreign companies or a reduction in the export revenue of Russian developers?"

    The answer is that Russia plans a round of subsidies aimed at sparking the development of software it's felt may soon be hard to source or operate. Other measures outlined in the FAQ are the ability to offer jobs to foreign workers without first having visas approved, a zero per cent tax rate for tech companies involved in activities the Kremlin feels are necessary, preferential mortgage rates for techies, and even exemption from military service.

    Continue reading
  • Ukraine asks ICANN to delete all Russian domains
    Plus: Namecheap tells customers in Russia they are no longer welcome, citing 'war crimes'

    Updated In response to the Russian invasion of Ukraine last week, Mykhailo Fedorov, First Vice Prime Minister of Ukraine, on Monday asked the head of DNS overlord ICANN to disable country code top-level domains associated with Russia.

    In an email [PDF], Fedorov asked Göran Marby, CEO of ICANN, to impose sanctions on Russia, arguing that the Putin regime has used internet infrastructure to propagandize its war effort.

    Specifically, he has asked for the revocation of domains “.ru”, “.рф”, “.su”, and others used by the Russian Federation, shutting down DNS root servers serving the Russian Federation, and contributing to the revocation of associated TLS/SSL certificates for those domains.

    Continue reading

Biting the hand that feeds IT © 1998–2022