The 10 riskiest Internet domains firewall admins should block

Set your filters – some of the new Internet domains are not ones users should visit, even accidentally


For years there was nothing much to be said about Internet top-level domains (TLDs). People had heard of .com, .net and perhaps a few of the country-specific suffixes such as, extended over time by a few additions such as .info and the more notorious .xxx and .sex (the latter prompted a book by a former Techworld journalist, Kieren McCarthy, telling the story of one of the most fought-over domains in Internet history but we digress).

By 2013 this change almost overnight as hundreds of new and unfamiliar domain possibilities were approved for use by Internet governing body ICANN as part of its controversial liberalisation programme that to this day many still have doubts about.


There are now more than a thousand TLDs – including famous new examples such as .buzz, .cash, .ceo, .cool, .flights, .paris, .ninja and, infamously, .sucks, used to troll celebrities, politicians and large companies. Plenty of choice then.

New research by security firm Blue Coat offers us an interesting a petty mixed picture of how the new domains possibilities are being used and, sure enough, some of them are being abused on an industrial scale to game search engines and worse.

The firm’s top 10 ‘shadiest’ domains, based on the volume of spam, malware botnets and phishing emanating from websites using them, turned up some staggering statistics (see figure 1). According to this sample, 100 percent of two domains (.zip and .review) were being used for entirely nefarious purposes while the rest on the list were only fractions of a percent off this level of criminal saturation.

It's an open and shut case that the new domains are being abused although it should also be pointed out that plenty of the old domains were exploited for the same purposes.

Next: filtering

"Recommended For You"

Spammers create their own URL shortening services Forgotten subdomains boost risk of account hijacking, other attacks