Reports Indicate That Newly Registered Domains Are Very Often Malicious

  • The vast majority of newly registered domains are used for malicious purposes like phishing and spamming.
  • The domains are showing their intent from the first moments, and don’t last for more than a week.
  • Registrar deletion and domain blacklisting are the most common causes of NRD death.

Two independent reports from the Georgia Tech University and Farsight Security indicate that newly registered domains (NRDs) are perilous, having much higher chances to be used by phishing actors and malware distribution campaigns. Unit42 also reports that their data, which derives from years of tracking newly registered domains paint the same picture, with the approximate percentage of suspicious NRDs being 70%. This makes their close monitoring imperative, as they cannot be considered reliable in any setting. In contrast, Alexa’s top 10000 domains are ten times less likely to be used for malicious purposes.

As reported by Unit42, every day, there’s an average number of 200 thousand of new domains that are registered around the globe. This activity spikes on weekdays and subsides on weekends. Between March and May 2019, about 5.6 million new domains were registered on the “.com” TLD, with “.tk” following with 1.9 million domains, “.cn” with 0.9 million, and “.ga”, “.cf”, “.tw”, and “.ml” with just over half a million. The reason for the popularity of the TLDs that come after “.com” is that they are offered free of any charge, and since malicious actors only get to work with them for a little while, paying nothing is the preferable way to go.

malicious domains
image source:

While the risk that comes with NRDs is too great to ignore, it doesn’t mean that aggressive URL filtering and exaggerated scrutiny is a good idea either. About 8.4% of the domains that were registered from January to May 2019 are genuinely benign, concerning the launching of new products, promotion of events or marketing campaigns, personal websites, etc. Unit42 clarifies a time frame that determines if an NRD is malicious or not, and this is 32 days. So, NRDs should be monitored for about a month as suspicious, and if they don’t demonstrate a threatening behavior, they can be considered safe.

If it’s really malicious, then it’s not going to last for much longer. In fact, most malicious domains are “getting to work” almost immediately after their registration, so usually, they rarely last for over a week. The main reasons for their death are blacklisting and deletion action taken by the registrars, with these two happening mostly in the first two days. Malicious actors try to keep their domains up by running their own dedicated nameservers, trying to reduce the risk of delegation. Still, as reported by Farsight, the death of a malicious NRD comes at a median time of only four hours and 16 minutes.

Leave your comments in our dedicated section down below, or hop to our socials on Facebook and Twitter to check more news and stories from around the tech world.


Recent Articles

Samsung to Help Apple Add a Periscope Camera on iPhone 13

Apple is rumored to add a periscope zoom camera on iPhone 13, but it could happen a bit later.Periscopic units are now...

‘Kingdom Leaks’ Announced the Date of the End of Its Operation

‘Kingdom Leaks’ will go on until January 1, 2021, and then it’ll close down forever.The reasons given are that the operators are...

‘Apodis Pharma’ Leaked Over 1.7 TB of Confidential Data Online

‘Apodis Pharma’ left online an unprotected database containing massive amounts of sensitive data.The data was not encrypted, and the chances of the...