11 thoughts on “Why Phishers Love New TLDs Like .shop, .top and .xyz

  1. suggestion

    Your Mastodon is linked at the bottom of each page, but you should move it to the top with an icon like your Twitter, LinkedIn, and RSS.

    Reply
  2. Impossibly Stupid

    > “Any action upstream, such as blocking the second-level domain, would have an impact across the provider’s whole customer base,” the report observes.

    *Good!* Anyone turning a blind eye to abuse needs to be removed from the Internet. They’re all certainly getting stuck in my own firewall, up to and including these pop-up TLDs. Wildcard matches on a Pi-hole are a beautiful thing.

    Reply
  3. Dave

    All my spam comes from namecheap.com hosting .news and a few from .com & .net.

    Reply
  4. Josh Woods

    I have no problem blocking a domain hosting malicious subdomains. As far as I’m concerned, they brought it upon themselves by refusing to deal with the issue and have only themselves to blame.

    Reply
  5. Robin Norris, CISSP

    .xyz has been a cesspool since the beginning.
    Namecheap is one of the worst registrars from a cybersecurity perspective. Business web proxies should block domains registered there by default.
    That said, in the last few years I have seen more phishing related threats from popped email accounts, popped legitimated web servers, and popped accounts on marketing services. Most businesses are good at blocking new registration domains and sketchy gTLDs. The bigger threat is BEC and popped legitimate web spaces.

    Reply
  6. Dick

    Weebly was bought by Square a couple years ago. I’m surprised Square isn’t taking this more seriously.
    I used Weebly as a kind of a vanity domain for a regular local event for a few years and when Square bought them there was a push away from free services towards Square’s e-commerce products.

    Reply
  7. Bob

    Needs to be noted that Cloudflare is a major enabler of the use of these fraud-laden TLDs for malicious purposes due to its
    obfuscation of hosting details, etc. Cloudflare knowingly aids and abets scores of criminals by refusing to take action on abuse reports, including with the TLDs referenced in thsi article. Were Cloudflare to responsibily act on abuse reports or, otherwise, expose the hosting detail for the domtains being used for malicious activities, the game would change. Cloudflare is more the problem than the scores of malicious domains!

    Reply
    1. William Kemmler

      If only Cloudflare and other Content Distribution Network providers were held legally responsible for the content they distribute instead of being allowed to take a blind sided view of their clients and their possible illegal acts and actions and profit from illegality. If only domain registrars could be held legally accountable for profiting from registering with little to no account or identity verification to spammer and scammers. If only ICANN would have the balls to shutdown domain registrars that have shown little responsibility towards keeping the spammers and scammers off the internet.

      If only . . . well, I wouldn’t hold my breath because it ain’t gonna happen any time soon. If ever.

      Reply
  8. MRL

    My biggest concern is when Google, Microsoft, SendGrid, Constant Contact, etc are abused. It makes it really hard to mitigate because many things on those hosting providers are business related. The smaller subdomain providers are really no big deal to just block all together. Then put in allows for specific subdomains if a user at our company asks for it.

    Reply
  9. Miles Tabby

    Levine is right about everything, per usual, but it is clear that ICANN made up its mind that it is really a cheesy trade association representing the interests of Verisign and the sleaziest, slimiest registrars while masquerading as an infrastructure governance organization around the time that Columbus was getting catphished by fake hot chicks in Haiti.

    Having ICANN managing the contracts for domain name registration is like asking cannibals to curate criteria applied for the award of culinary arts degrees.

    Reply

Leave a Reply

Your email address will not be published. Required fields are marked *