Reports Indicate That Newly Registered Domains Are Very Often Malicious

  • The vast majority of newly registered domains are used for malicious purposes like phishing and spamming.
  • The domains are showing their intent from the first moments, and don’t last for more than a week.
  • Registrar deletion and domain blacklisting are the most common causes of NRD death.

Two independent reports from the Georgia Tech University and Farsight Security indicate that newly registered domains (NRDs) are perilous, having much higher chances to be used by phishing actors and malware distribution campaigns. Unit42 also reports that their data, which derives from years of tracking newly registered domains paint the same picture, with the approximate percentage of suspicious NRDs being 70%. This makes their close monitoring imperative, as they cannot be considered reliable in any setting. In contrast, Alexa’s top 10000 domains are ten times less likely to be used for malicious purposes.

As reported by Unit42, every day, there’s an average number of 200 thousand of new domains that are registered around the globe. This activity spikes on weekdays and subsides on weekends. Between March and May 2019, about 5.6 million new domains were registered on the “.com” TLD, with “.tk” following with 1.9 million domains, “.cn” with 0.9 million, and “.ga”, “.cf”, “.tw”, and “.ml” with just over half a million. The reason for the popularity of the TLDs that come after “.com” is that they are offered free of any charge, and since malicious actors only get to work with them for a little while, paying nothing is the preferable way to go.

malicious domains
image source:

While the risk that comes with NRDs is too great to ignore, it doesn’t mean that aggressive URL filtering and exaggerated scrutiny is a good idea either. About 8.4% of the domains that were registered from January to May 2019 are genuinely benign, concerning the launching of new products, promotion of events or marketing campaigns, personal websites, etc. Unit42 clarifies a time frame that determines if an NRD is malicious or not, and this is 32 days. So, NRDs should be monitored for about a month as suspicious, and if they don’t demonstrate a threatening behavior, they can be considered safe.

If it’s really malicious, then it’s not going to last for much longer. In fact, most malicious domains are “getting to work” almost immediately after their registration, so usually, they rarely last for over a week. The main reasons for their death are blacklisting and deletion action taken by the registrars, with these two happening mostly in the first two days. Malicious actors try to keep their domains up by running their own dedicated nameservers, trying to reduce the risk of delegation. Still, as reported by Farsight, the death of a malicious NRD comes at a median time of only four hours and 16 minutes.

Leave your comments in our dedicated section down below, or hop to our socials on Facebook and Twitter to check more news and stories from around the tech world.

How to Watch World Cup 2022 Online: Live Stream Soccer Matches for Free from Anywhere
It was the Kylian Mbappe show as France booked their place in the quarterfinals of the 2022 FIFA World Cup with a...
Monday Night Football Live Stream: How to Watch Online From Anywhere
Love the NFL? Want to catch all the action of the most exciting games but don't know how to do it? You're...
How to Watch Barmageddon Online: Stream the Blake Shelton & Carson Daly Game Show From Anywhere
This December, get ready to be entertained by the latest upcoming celebrity game show, Barmageddon. The great news is that you will...
For a better user experience we recommend using a more modern browser. We support the latest version of the following browsers: For a better user experience we recommend using the latest version of the following browsers: Chrome, Edge, Firefox, Safari