Updated: ‘Shadiest’ New Internet Addresses

September 4, 2015

A new report warns that more than 95 percent of websites with new Internet addresses such as .zip, .kim or .party are suspicious.

[See Editor’s Note below for update on .zip.]

Internet security firm Blue Coat says its research of the top 10 new top-level domains (TLDs), or “neighborhoods,” shows that most are associated with suspicious websites, with nearly 100 percent of the websites for .zip and .review considered “shady.”

The safest of the new neighborhoods include .london, .tel and .church.

“Shady TLDs can provide fertile ground for malicious activity including spam, phishing, and distribution of potentially unwanted software,” says the report, which the company hopes is useful for Internet users, enterprise security and IT departments looking to avoid viruses and other malicious activity.

Source: Blue Coat
Source: Blue Coat

Blue Coat said it analyzed hundreds of millions of Web requests from more than 15,000 businesses and 75 million users to create “The Web’s Shadiest Neighborhoods” report.

The domain naming world is exploding.

For the early days of the Internet, there were only six common top level domains: com, .edu, .gov, .mil, .net and .org. There were also country codes including .fr (France), and .jp (Japan).

However in 2013, ICANN, the organization that manages Web addresses, began allowing new domains for interests willing to pay a fee. By June 2015, there were more than 1,000 new TLDs, “many of which may be considered for web security purposes as neither safe nor friendly,” according to Blue Coat.

“As the number of TLDs has increased, so have the opportunities for attackers,” warns Blue Coat.

In addition to presenting malware concerns, the expansion to include addresses such as .sucks and .xxx (to be available by end of this year) has spurred concerns among businesses over reputational and trademark damage.

Next year ICANN will allow any company to apply for its own domain extension, like .apple or .progressive.

The top-level Internet domain “.insurance” is expected to be available later this year, according to a financial services-backed organization, fTLD, that operates generic domains including “.bank.”

Editor’s Note:

According to Google, .zip has never been publicly released and it is not available to others at this time. So how can it be on a list of shady TLDs if there are no wesbites using it?

According to Blue Coat, there is one live domain as of today: nic.zip, which is Google’s pre-registration page that relays to a page on Google.com talking about its new TLDs.

Despite this, Blue Coat says, .zip URLs show up in its traffic logs. They are not real URLs for registered sites but they are still showing up in its database.

“Generally, if you look closer, most of these appear to be filenames, not URLs – but they somehow ended up in somebody’s browser somewhere as a URL, and got treated accordingly,” Blue Coat explains on its website’s blog.

Blue Coat says that now that .zip is no longer just a file extension but also a TLD, browsers are treating it as a real URL.

“So when one of those URLs shows up out on the public Internet, as a real Web request, we in turn treat it as a URL. Funny-looking URLs that don’t resolve tend to get treated as suspicious — after all, we don’t see any counter-balancing legitimate traffic there,” Blue Coat’s blog explains.

Blue Coat also says some of its large customers with in-house security teams have flagged .zip URLs as being associated with malware.

“In conclusion,” the Blue Coat blog adds, “none of the .zip ‘domains’ we see in our traffic logs are requests to registered sites. Nevertheless, we recommend that people block these requests, until valid .zip domains start showing up.”


Was this article valuable?

Here are more articles you may enjoy.