Recent Posts
- Is the .co rebid biased toward Afilias? Yeah, kinda
- Amazon governments vow revenge for “illegal and unjust” ICANN decision on .amazon
- SaveDotOrg to protest outside ICANN HQ. #lol
- Ten years ago I predicted Oscar winners wanted a .movie gTLD. Was I right?
- ICANN gets a new European chief
- New CEO to step into the lion’s den at auDA
- Secrets of the .org deal revealed, but much info remains private
- Registrar terminated after what looks like domain hijacking
- NamesCon publishes full agenda for debut Austin conference
- .gay prices and availability revealed as registry promises to give 20% of revenue to charity
- Now .org critics actually want to take over the registry, blocking billion-dollar sale
- Verisign pays ICANN $20 million and gets to raise .com prices again
- ICANN predicts shrinkage in new gTLD sector
- ASO uses super powers to demand ICANN turn over .org buyout docs
- Now PIR rubbishes .org “downtime” claims
- DI Leaders Roundtable #4 — Big predictions for 2020
- Afilias denies .org will go down post-acquisition
- Palestine to release all one-character .ps domains, at a price
- PIR thinks 20-year domain regs are a good idea
- Amazon beats South America! Dot-brand contracts now signed
- Q3 industry growth driven by .tk, .com and .icu
- ICANN throws out second .org appeal, so URS stays
- Warning (or threat?) prices must go up or .org will suffer DAYS of downtime
- Russian company approved as gTLD escrow provider
- Guy gets 14 years for trying to steal a domain with a gun
- GoDaddy girls often make more money than the men
- Non-coms want .org’s future carved in stone
- Kamel’s deputy gets promoted at ICANN
- ICANN delays approval of .org acquisition
- AlpNames died months ago. Why is it still the “most-abused” registrar?
- Ethos promises to keep .org for many many many many years
- Amid .org controversy, Cerf predicts the death of all domains
- #SaveDotOrg to hold public web conference tomorrow with Ethos execs
- As pricey .new launches, Google reveals first set of big-name users including rapper Drake
- Three more dot-brands fizzle out. Total now 69, dudes
- Are ISOC’s claims about .org’s history bogus?
- Criminal .uk suspensions down this year
- Governments kill off another gTLD bid
- Four big developments in the .org pricing scandal
- DI Leaders Roundtable #3 — What did you think of ICANN 66?
- Petition launched to fight .org deal
- ICANN board meets to consider PIR acquisition TODAY
- XYZ buys dormant gTLD from “pyramid scheme” operator
- I attempt to answer ICA’s questions about the “terrible blunder” .org acquisition
- Selling off PIR, did ISOC just throw .org registrants under a bus?
- Rival dot-brand bidders in settlement talks, seek auction delay
- ICANN going back to Puerto Rico for a third time
- Montreal airport thinks DI is porn
- DI Leaders Roundtable #2 — Should we kill off “Whois”?
- Former NTIA chief Redl now working for Amazon
- Neustar’s .co contract up for grabs
- US official Heineman joins GoDaddy
- Web.com got pwned
- Surprise! ICANN throws out complaints about .org price caps
- Somber mood as ICANN 66 opens in Montreal
- America has Amazon’s back in gTLD fight at ICANN 66
- New (kinda) geo-TLD rules laid out at ICANN 66
- Emoji domains get a 😟 after broad study
- Industry veteran Jay Daley tapped to lead IETF
- Verisign likely to get its billion-dollar .com pricing windfall
- ICANN enters talks to kill off Whois for good
- Form an orderly queue: New Zealand wants a new back-end
- Brexit hell: .eu suspension plan put on hold
- DI Leaders Roundtable #1 — How many new gTLDs will be applied for next time around?
- Now you don’t have to live in the EU to register a .eu domain, but there’s a catch
- Spam is not our problem, major domain firms say ahead of ICANN 66
- Crunch time, again, for Whois access policy
- Google quietly launches .new domains sunrise
- After .org price outrage, ICANN says it has NOT scrapped public comments
- Hindu god smites Chrysler gTLD
- Top ICANN advisor Tarek Kamel dies at 57
- Three big changes could be coming to .uk
- Introducing… the DI Leaders Roundtable
- After killing the cows, what does the new Tucows logo remind you of?
- Radix acquires another gTLD
- .whoswho survives!
- Correction: the 10 most-used dot-brands
- Nominet raises .uk prices
- Registrar suspended over dodgy transfers
- Mediocre .vote gTLD drops restrictions
- ICANN’s babysitting fund goes live
- Claims auDA boss quit after he was busted for “falsified” law degree
- .bond domains could cost a grand each
- PIR’s “new” .org domain is just temporary. Help it pick another new one!
- MMX switches porn TLDs from Afilias to Uniregistry
- Argentina will use a lottery to decide 2LD landrush
- Sixty gTLD registries not monitoring security threats
- ICANN must do more to fight internet security threats [Guest Post]
- Bumper batch of dot-brands off themselves for Friday 13th
- .org price cap complaints more like “spam” says Ombudsman
- Botterman is new ICANN chair
- Another victory for Amazon as ICANN rejects Colombian appeal
- Kafka turns in grave as ICANN crowbars “useless” Greek TLD into the root
- Sorry, you still can’t sue ICANN, two-faced .africa bidder told
- Why you should never let a pizza joint apply for your billion-dollar dot-brand
- More than 1,000 new gTLDs a year? Sure!
- Paranoid ICANN opens another root server in China
- A third of the top TLDs are shrinking
- These two ccTLDs drove two thirds of all domain growth in Q2
- .blog registry handover did NOT go smoothly
- Donuts slashes prices on a million domains
- .tech gTLD startups “raise $2 billion”
- Whois killer deadline has passed. Did most registrars miss it?
- CIRA replaces CORE as emergency backup registry
- The Amazon is burning. Is this good news for .amazon?
- China’s MySpace trainwreck sells its gTLD
- Second-level .au names delayed
- ICANN names new directors, replaces Facebook exec
- After getting acquired, bank scraps its dot-brand
- Porn-block retail prices revealed. Wow.
- Registrars could be held liable for US gun violence
- Three-letter .com owned by hospital “hijacked”
- “We’re Irish!” claim Brits as .eu shrinks yet again
- Mystery .vu registry revealed
- Berkens says new gTLDs mostly suck but geos suck hardest
- .gay gets rooted
- Neustar takes control of two new gTLDs
- Epik will sponsor 8chan’s domain, but will not host its site
- EFF becomes second to appeal new .org contract
- CentralNic to pay $3.4 million for iwantmyname
- Google has big, innovative plans for .new
- Amazon and Google have been BEATEN by a non-profit in the fight for .kids
- After more racist shootings, take one guess which registrar 8chan just switched to
- Radix releases huge amount of premium domain data
- ICANN dumps the “Whois” in new Whois tool
SpamHaus ranks most-botted TLDs and registrars
Namecheap and Uniregistry have emerged as two of the most-abused domain name companies, using statistics on botnet command and control centers released by SpamHaus this week.
SpamHaus data shows that over a quarter of all botnet C&Cs found during the year were using NameCheap as their registrar.
It also shows that almost 1% of domains registered in Uniregistry’s .click are used as C&Cs.
The spam-fighting outfit said it discovered “almost 50,000” domains in 2017 that were registered for the purpose of controlling botnets.
Comparable data for 2016 was not published a year ago, but if you go back a few years, SpamHaus reported that there were just 3,793 such domains in 2014.
Neither number includes compromised domains or free subdomains.
The TLD with the most botnet abuse was of course .com, with 14,218 domains used as C&C servers. It was followed by Directi’s .pw (8,587) and Afilias’ .info (3,707).
When taking into account the relative size of the TLDs, SpamHaus fingered Russian ccTLD .ru as the “most heavily abused” TLD, but its numbers don’t ring true to me.
With 1,370 botnet controllers and about five and a half million domains, .ru’s abused domains would be around 0.03%.
But if you look at .click, with 1,256 botnet C&Cs and 131,000 domains (as of September), that number is very close to 1%. When it comes to botnets, that’s a high number.
In fact, using SpamHaus numbers and September registry reports of total domains under management, it seems that .work, .space, .website, .top, .pro, .biz, .info, .xyz, .bid and .online all have higher levels of botnet abuse than .ru, though in absolute numbers some have fewer abused domains.
In terms of registrars, Namecheap was the runaway loser, with a whopping 11,878 domains used to control botnets. 
While SpamHaus acknowledges that the size of the registrar has a bearing on abuse levels, it’s worth noting that GoDaddy — by far the biggest registrar, but well-staffed with over-zealous abuse guys — does not even feature on the top 20 list here.
SpamHaus wrote:
While the total numbers of botnet domains at the registrar might appear large, the registrar does not necessarily support cybercriminals. Registrars simply can’t detect all fraudulent registrations or registrations of domains for criminal use before those domains go live. The “life span” of criminal domains on legitimate, well-run, registrars tends to be quite short.
However, other much smaller registrars that you might never have heard of (like Shinjiru or WebNic) appear on this same list. Several of these registrars have an extremely high proportion of cybercrime domains registered through them. Like ISPs with high numbers of botnet controllers, these registrars usually have no or limited abuse staff, poor abuse detection processes, and some either do not or cannot accept takedown requests except by a legal order from the local government or a local court.
The SpamHaus report, which you can read here, concludes with a call for registries and registrars to take more action to shut down repeat offenders, saying it is “embarrassing” that some registrars allow perpetrators to register domains for abuse over and over and over again.
Recent Comments
Agree with Milton, Nice job on relavant history ! but for a different reason. Legacy tld"s should remain legacy and... read more
Hi, What is the result of .web auction? Since 2016 .web extension has not activated.... read more
'nobody has been forced to buy a .xxx domain' Just manipulated in to buying brand protection instead...... read more
.CO's achilles heel is that Columbia is the owner of the registry. .CO's potential would limitless if it was owned by a... read more
Add that to the fact that Brice Tonkin was sent by Afilias to explain how easy a registry transition is. Paid for by Afi... read more
By and large, movie industry folks don’t value domain names and rarely spend serious money to acquire them. This is as t... read more
Maybe they can hire some homeless people in Cancun to picket the ICANN meeting. Worked so well in San Francisco...... read more
These countries may wish to send people to the ICANN protest, SaveDotOrg protest outside ICANN’s offices in Los Angel... read more
The RFP also assumes incorrectly that the same entity would run the registry system and the DNS publishing system. Those... read more
They could call the other ICANN to provide free cannabis at the protest. Large attendance guaranteed, and this is now le... read more
Why so many people dislike Jon like that?... read more
Why is the idea of people protesting the handing over of a public resource to a private equity company funny to you? ... read more
I see movies buying a lot of TV and radio ad time, so I wouldn't say that they don't need a good, memorable domain. And ... read more
It is an area where the domain is not important. They often used .net and hyphenated names previously. Just anything tha... read more
If this is the Rosemary Sinclair I think it is, she is fabulous. Haven't worked with her in years, but from what I reca... read more
Thanks for being the "John" I can't be now across numerous blogs these past weeks.... read more
Where can we find the face of Fadi the greedy orchestra of this dubious deal?Please post link.... read more
As soon as they take over,they want to raise price as soon as possible to recoup their on investment and greedy,crooked... read more
Unless there is a contract with Icann not to raise prices then raising prices is exactly what they will do. They’ll do i... read more
I will offer $5B for .org, owner financing please, what kind of joke is this. Seriously this is the most corrupt deal... read more
Remarkable what Fadi Chehadé has been able to do since leaving his post as CEO of ICANN: 1.) Joined ABRY partners and... read more
Let's get this straight: goes though a number of banks/investors for funding, much of whom are to remain autonomous, unt... read more
Looks like a deal with the Devil himself. Everyone is selling their soul.... read more
Fadi Chehade should be investigated.All his past dealings will be exposed.We need a face to his name.All these greedy pe... read more
Great point. Thanks Rubens.... read more
Also nice to have a fan and that you are so concerned as to look me up. How about addressing the actual issue? At lea... read more
Horribly salty at Afilias and at Neustar and at auDA. I'm mad at everyone. Actually I've got no beef whatsoever with... read more
Most of the controversy regarding .sucks is about trademark owners being extorted, not about the sexual meaning of sucks... read more
Lol...controversy? Why not (im straight) but uhh, ya know what .sucks mean? It NOT JUST sucks...it's insulates a specifi... read more
I think they could raise the Billion dollars in debt with their eyes closed. There have an incredibly secure asset th... read more
Well, with the exposure to millions of readers in “the failing New York Times,” thoughtful individuals around the world ... read more
Well, with the exposure to millions of readers in "the failing New York Times," thoughtful individuals around the world ... read more
They could put the money where they mouth is, and buy PIR from ISOC instead of Ethos.... read more
Well, since the Ethos thing is clearly an insider deal it won't happen. Too bad. Greed wins. What a surprise.... read more
It is not just .ICU that is stuffed with discounted domain names.... read more
ICANN Rejects request. Approves sale. Fate decided. ASO recall .org deal completes ASO -Takes control of ICA... read more
"These are most likely dot-brand gTLDs that could follow the path of 69 predecessors and flunk out of the program." I... read more
The New TLD predictions would be nothing more than wild guess because the main influencer now is sub $1 promotions from ... read more
(Different "John," not the one above.)... read more
This change happened due to a change in US administration. So, if you are eligible to vote in the US 2020 presidential e... read more
I submitted my public comments and so should you!... read more
“And I saw the dead, the great and the small, standing before the throne, and books were opened; and another book was op... read more
Considering the base of .com domains is 143,000,000 today and with a projected 3.0% increase per year on the base of dom... read more
Soon we will see more registries merging or holding each others hands in desperation.... read more
What is the purpose of having a contract ICANN, if it can be amended at any time?! You might as well say your contracts ... read more
If Verisign’s actual costs have declined and continue to decline, while the base of domains continues to increase, what ... read more
Everyone here is paying attention, John. What can we possibly do about that?... read more
Is anybody paying any attention to Verisign’s financials? The base of .com domains has climbed from 84 million in 200... read more
Actually, in the past ICANN allowed .com price increases, but DoC blocked them. It was the change in US administration t... read more
What a sham. The existing .com registry agreement has .com domains prices fixed at $7.85 through 2024 for consumer pr... read more
So, Verisign will fund ICANN's programs with flawed methodology like DAAR, so they can generate more flawed results fast... read more
Adrian Kinderis didn't you work at Neustar when Afilias came to town and took over their .au business? I notice your em... read more
The Packet Clearing House produced a technical analysis which concluded that transitioning .org from non-profit to for-p... read more
The way you described ICANN reconsideration process looked like a Dr. Evil lair. #ohwait... read more
While I agree that registry consolidation will continue, I don't think that Afilias will be largest buyer. They usually ... read more
Same here, The domain king is always right and DOT COM would be the king always.... read more
While a number of the experts danced around the edge of the volcano, not one came out with a prediction that U.S. Senate... read more
All experts considered, I have to agree with Rick, the numbers don't lie.... read more
Even without the TLD working, the cached knowledge of how to reach SLDs works for a long time, notably where the SLDs ar... read more
Thanks Matt. An intelligent response that is simple enough for a dope like me to understand. What is interesting to m... read more
The au TLD has used multiple secondary DNS services for at least the last five years, since before Neustar acquired AusR... read more
Why not till heat death of the universe?... read more
Further to this... the only reason I would foresee the use of another provider in this circumstance, given how robust yo... read more
Thanks for the response Ram, albeit it horribly condescending. Please educate me. I read on your website https://afil... read more
There is a concept, often deployed in high quality and at scale operations, where diversity is a feature. Happy to educa... read more
Will we be using domains in 20 years?... read more
If Afilias' DNS servcie is so robust why did auDA just outsource further DNS services to Neustar as sited in this articl... read more
Wake me when we reach 690, please, or when the U.S. Senate hearings commence. "The Next Big Thing," indeed!... read more
takingthe.ps... read more
..and regardless of what you think of dnssec, the root deployment would not have happened without Ashley. Here is someo... read more
Only 20 years for legit domains that have active websites.... read more
Removing URS is unlikely as it is a current RPM working group charter question and an individual member's proposal to re... read more
Actually, years-long registrations are terrible for continued business relationship. Your customer doesn't know you anym... read more
Interesting, thanks for this info packed post but more catchy is the phrase you ended the article with: "There’s clearl... read more
how I can buy premium .mobi domains ?????????... read more