Recent Posts
- Alibaba, Name.com among new RDRS opt-ins
- The Swiss can register .swiss domains from next week
- .ai up to 425,000 domains
- A million “free” .music domains up for grabs
- D3 to get $5 million in crypto to apply for .ape gTLD
- Alibaba hit with ICANN breach notice
- New Vegas conference “Davos for Web3 interoperability”
- ICANN content policing power grab may be dead
- Cable company unplugs its dot-brand after acquisition
- Germany crosses 10,000 dot-brand domains milestone
- Founders out as Com Laude gets equity injection
- PIR’s Diaz to leave domain industry
- Some registrars have already quit ICANN’s Whois experiment
- ICANN opens $217 million Grant Program
- Internet could get one-letter gTLDs (but there’s a catch)
- .ai registry fights deadbeats with tweaked auction rules
- Amazon and Google among .internal TLD ban backers
- .ai registry advises buyers not to use GoDaddy
- .post liberalizes with new sunrise period
- Team Internet spends $41 million on content farm
- Epik backtracks on Kiwi Farms claim after legal threat
- .austin names launch on blockchain
- Freenom shuts down 12.6 million domains — report
- GoDaddy’s next .xxx contract may not be a done deal
- GlobalBlock blocking 2.5 million domains
- Microsoft moving its cloud apps from .com to .microsoft
- ICANN 79: anonymous trolls and undercover lawyers
- ICANN scores win in single-letter .com lawsuit
- Cosmetics brand terminates its gTLD
- Up to 70 jobs on the line at Nominet as .uk regs dwindle
- Governments back down on new gTLD next round delay
- Private auctions could be banned in new gTLD next round
- ICANN meeting venue “insensitive and hurtful”
- GoDaddy to start selling graphic.design domains
- GAC spinning up new gTLD curveball at ICANN 79?
- GoDaddy’s GlobalBlock supports blockchain names
- Police .uk domain takedowns dive in 2023
- GoDaddy wants to cut the bullshit from .xxx
- Dueling domain blocking services to launch at ICANN 79
- Freename tries to bridge DNS and blockchain
- Olive retires from ICANN
- Whois policy published without life-saving disclosure rule
- UK gov takes its lead from ICANN on DNS abuse
- Tucows reports 2023 results
- Twitter “completely unresponsive” on clickable domains
- ICANN spends $5 million more than planned in first fiscal half
- .art takes a million domains off its premium list
- KeyTrap ‘the most devastating vulnerability ever found in DNSSEC’
- Freenom settles $500 million Meta lawsuit and will exit domain business
- New gTLD lottery to return in 2026
- First GlobalBlock prices revealed — they ain’t cheap
- Domain universe grows on new gTLDs despite .com shrinkage
- D3 signs up crypto gTLD client number five
- GoDaddy reports strong domains growth
- How to qualify for a $40,000 gTLD
- Registry service provider evaluation handbook published
- WebUnited inks deal to “mirror” country’s TLD in the blockchain
- GoDaddy project unveils brand-blocking calculator
- Report: Monster “misappropriated” millions from Epik
- .com is shrinking but Verisign raises prices again anyway
- D3 announces fourth crypto new gTLD client
- Donald Trump loses second UDRP case
- UK cybersquatting complaints hit record low
- No excuses! PIR to pay for ALL registries to tackle child abuse
- ICANN insists it is working on linkification
- Namecheap sues ICANN over .org price caps
- GoDaddy offers free Ethereum blockchain integration
- Epik reveals who is running the company
- Epik gets acquired again! The plot thickens…
- Airline gTLD crashes and burns
- First chunks of new gTLD Applicant Guidebook drop
- Epik to reveal its owners soon
- Another crypto firm to apply for a new gTLD
- Monster and Royce are NOT involved in Epik?!
- Nominet to overhaul .uk registry, turn off some services
- Russia blames DNSSEC, not Ukraine, for internet downtime
- Team Internet says revenue beat estimates
- Sold for over $20k, insure.ai and dog.ai back in .ai’s expired names auction
- .ai helps UDRP cases rise in 2023, WIPO says
- Freenom’s domains land at Gandi after termination
- .ru domains fly off the shelf as Western sanctions bite
- ICANN picks its first ever Supreme Court
- Lebanon’s ccTLD going back to Lebanon after ICANN takeover
- ICANN picks the domain it will never, ever release
- ICANN approves domain takedown rules
- Has Epik gone “woke”?
- First bits of new gTLD Applicant Guidebook expected next week
- ICANN bans closed generics for the foreseeable
- You can’t use money to buy .box domains
- After 14 years, ICANN practices what it preaches on IDNs
- Weak demand for private Whois data, ICANN data shows
- .ing doing way better than .meme
- DNS Women barred from ICANN funding?
- Dev releases free open-source TLD registry platform
- INCO flips a gTLD to Identity Digital
- Anguilla fears the .ai junk drop
- Five more gTLDs get launch dates
- $10 million of ICANN cash up for grabs
- Almost 50,000 .ai domains sold in a quarter
- ICANN threatens to regulate your speech [RANT]
- Life insurance company kills dot-brand
- ICANN finds new home for Lebanon’s TLD after founder’s death
- ICANN begs people to use its new Whois service
- Shiba Inu outs itself as crypto new gTLD applicant
- Over 50,000 .ai domains sold in three months
- Amazon planning new push into registrar market?
- Registries and registrars vote ‘Yes’ to new DNS abuse rules
- ICANN predicts flattish 2025 for domain industry
- Fast-growing Gname buys another 150 registrars
- GoDaddy service to let you block domains in over 650 TLDs
- Did I find a murder weapon in a zone file?
- ICANN drops the “man” from Ombudsman
- Have your say on police domain takedown powers
- Most registrars are shunning ICANN’s new Whois system
- Nominet to take over .gov.uk
- ICANN picks Istanbul for 2024 meeting
- ICANN’s private Whois data request service goes live
- .au regs slide on 2LD anniversary
- ICANN accused of power grab over $271 million auction fund
- A registrar is getting blamed for an Israeli war propaganda site
- Two more dot-brands bite the dust
- Google sells five-figure AI domain and six-figure .ing hack
- .blackfriday is still a bit rubbish
- Internet Naming Co acquires five more gTLDs
- Domain universe grows despite .com drag
.web has an auction date
The .web gTLD will go to auction July 27, according to ICANN.
The organization released an updated auction schedule (pdf) on Wednesday night that also slates .kids/.kid for an auction on the same day.
Both auctions have confusing “indirect contention” elements, where two strings were ruled confusingly similar.
With .web, it’s lumped in with Vistaprint’s application for .webs, which lost a String Confusion Objection filed by Web.com.
Under ICANN rules, .webs is confusingly similar to to Web.com’s .web, but not to the other six .web applications.
This means that Vistaprint and Web.com basically are fighting a mini contention set auction to see who gets their applied-for gTLD.
If Web.com wins the auction for .web, Vistaprint cannot have .webs. However, if any other .web applicant wins, Vistaprint can go ahead with .webs.
Either way, there will be a .web delegated this year. Google, Donuts, Radix, Afilias, Schlund Technologies, Nu Dot Co are all contenders.
In the case of .kids/.kid, the one applicant for .kid — Google — won SCOs against DotKids Foundation and Amazon by default because both .kids applicants failed to respond to the complaints.
DotKids Foundation recently lost a Community Priority Evaluation, enabling the auction to go ahead.
Because Google is in contention with both .kids applicants, only one of the two strings will ultimately be delegated — .kids and .kid will not coexist.
The only other scheduled auction right now is that of .doctor, which is planned for May 25. Radix, Donuts and The Medical Registry will fight it out in this rather less complex battle.
It’s worth noting that if any of these contention sets unanimously choose to resolve their differences via private auction, none of the ICANN auctions will go ahead.
The .web gTLD could go live in 2016
The new gTLD .web could be coming to the internet sooner than expected after two of the remaining barriers to delegation disappeared.
Following the withdrawal last week of an application for the plural .webs, an auction for .web could happen in the next couple of months, enabling a go-live date possibly in 2016.
.web, often considered the most desirable truly generic gTLD, has had a rough time of it in the 2012 ICANN new gTLD program.
There were seven applications for the string. Google, Web.com, Donuts, Radix, Afilias, Schlund Technologies, Nu Dot Co all applied.
The registrar Web.com (owner of Network Solutions, Register.com, et al) appears to be especially keen to get the domain, given that the string more or less matches its brand.
It perhaps should have been a straightforward auction shoot-out.
But, complicating matters, bespoke printing firm Vistaprint had filed two applications — one vanilla, one “community” based — for the plural version of the string, “.webs”.
Vistaprint runs a website development service called Webs.com. It’s the plural of the Web.com brand.
Web.com wasn’t happy about Vistaprint’s .webs applications, so it filed String Confusion Objections against both, arguing that .web and .webs were too confusingly similar to co-exist on the internet.
While there are now many examples of plurals and singulars living together (see .auto/s, .fan/s and .gift/s), the registrar won both of its SCO complaints, meaning Vistaprint’s two applications and the seven .web applicants were lumped together into the same contention set.
If two strings are in the same contention set, only one can survive to be ultimately delegated to the DNS.
Vistaprint appealed the SCO decisions, first with a Request for Reconsideration to the ICANN board (predictably unsuccessful) and then with an Independent Review Process complaint.
While the IRP was being mulled over, .web was in limbo.
The IRP was unsuccessful. The IRP panel ruled in October that ICANN had not violated its bylaws in accepting the SCO panel’s decision.
But it gave ICANN a nudge, suggesting that perhaps it could give Vistaprint leave to appeal the original SCO determinations via another mechanism.
In early March, the ICANN board proper decided that:
the Vistaprint SCO Expert Determination is not sufficiently “inconsistent” or “unreasonable” such that the underlying objection proceedings resulting in the Expert Determination warrants re-evaluation.
The board said that the .web/.webs contention set should be processed as normal; in other words: go to auction.
That removed the first barrier to the .web/.webs auction going ahead.
The second barrier was the fact that Visaprint had file two applications for .webs — one regular, one “community”.
By self-identifying as a “community”, Vistaprint qualified for the Community Priority Evaluation. A winning CPE means all competing applications — including the .web applications in this case — would be eliminated.
While the CPE process is far from perfect, I think the chances of Vistaprint winning would be pretty slim.
Perhaps Vistaprint agreed with me. Whatever the thought process, the company has withdrawn its “community” application. The withdrawal was reflected on the ICANN web site at the weekend, according to the little birds at DI PRO.
What this means is that the seven .web applications and Vistaprint’s remaining, non-community .webs application will be going to auction together.
It could be a private auction, where the proceeds are divvied up between the losers, or an ICANN “last resort” auction, where ICANN gets all the money.
Either way, the winning bidder is likely to pay a LOT of cash for their chosen string.
GMO Registry paid $41 million for .shop back in January. I’d be flabbergasted if .web wasn’t eight figures too.
If Vistaprint offers to pay more money for .webs than Web.com wants to pay for .web, Web.com will be eliminated from the race and Vistaprint will get .webs.
In that scenario, the remaining six .web applicants fight it out for control of the gTLD.
However, if Vistaprint loses against Web.com then all of the seven .web applicants fight it out at auction.
Depending on the identity of the winner and the timing of auctions and pre-delegation testing, it could slip into the root and possibly even become available before the end of the year.
That’s assuming no more surprises, of course.
UPDATE: This post originally incorrectly described the rules of the .web/.webs auction. It was updated with a correct explanation at 2120 UTC.
.hotel fight gets nasty with “criminal” hacking claims
A group of would-be .hotel gTLD registries have called on ICANN to reject the winning applicant’s bid or be complicit in “criminal acts”.
The group, which includes Travel Reservations, Famous Four Media, Radix, Minds + Machines, Donuts and Fegistry is threatening to file a second Independent Review Process complaint unless ICANN complies with its demands.
Six applicants, represented by Flip Petillion of Crowell & Moring, claim that Hotel Top Level Domain Sarl should forfeit its application because one of its representatives gained unauthorized access to their trade secrets.
That’s a reference to a story we covered extensively last year, where an ICANN audit found that DotBerlin CEO Dirk Krischenowski, or at least somebody using his credentials, had accessed hundreds of supposedly confidential gTLD application documents on ICANN’s web site.
Krischenowski, who has denied any wrongdoing, is also involved with HTLD, though in what capacity appears to be a matter of dispute between ICANN and the rival .hotel applicants.
In a month-old letter (pdf) to ICANN, only published at the weekend, Petillion doesn’t pull many punches.
The letter alleges:
Allowing HTLD’s application to proceed would go agaist everthing that ICANN stands for. It would amount to an acquiescence in criminal acts that were committed with the obvious intent to obtain an unfair advantage over direct competitors.
…
ICANN caught a representative of HTLD stealing trade secrets of competing applicants via the use of computers and the internet. The situation is even more critical as the crime was committed with the obvious intent of obtaining sensitive business information concerning a competing applicant.
It points out that ICANN’s Applicant Guidebook disqualifies people from applying for a new gTLD if they’ve been convicted of a computer crime.
To the best of my knowledge Krischenowski has not been convicted of, or even charged with, any computer crime.
What ICANN says he did was use its new gTLD applicants’ customer service portal to search for documents which, due to a dumb misconfiguration by ICANN, were visible to users other than their owners.
Krischenowski told DI in an emailed statement today:
According to ICANN, the failure in ICANN’s CSC and GDD portals was the result of a misconfiguration by ICANN of the software used (as mentioned at https://www.icann.org/news/announcement-2-2015-11-19-en). As a user, I relied on the proper functioning of ICANN’s technical infrastructure while working with ICANN’s CSC portal.
HTLD’s application for .hotel is currently “On Hold”, though it is technically the winner of the seven-application contention set.
It prevailed after winning a controversial Community Priority Evaluation in 2014, which was then challenged in an Independent Review Process case by the applicants Petillion represents.
They lost the IRP, but the IRP panelists said that ICANN’s failure to be transparent about its investigation into Krischenowski could amount to a breach of its bylaws.
In its February ruling, the IRP panel wrote:
It is not clear if ICANN has properly investigated the allegation of association between HTLD and D. Krischenowski and, if it has, what conclusions it has reached. Openness and transparency, in the light of such serious allegations, require that it should, and that it should make public the fact of the investigation and the result thereof.
The ruling seems to envisage the possibility of a follow-up IRP.
ICANN had told the panel that its investigation was not complete, so its failure to act to date could not be considered inaction.
The ICANN board resolved in March, two days after Petillion’s letter was sent, to “complete the investigation” and “provide a report to the Board for consideration”.
While the complaining applicants want information about this investigation, their clear preference appears to be that the HTLD application be thrown out.
.shop gTLD sells for record $41.5 million
The nine-way fight for the .shop gTLD has raised $41.5 million at auction.
It’s the most-expensive reported new gTLD sale to date.
The victor was GMO Registry of Japan, which runs a few Asian geographic gTLDs and acts as service provider for over a dozen dot-brands.
GMO wanted .shop so badly it actually applied twice for the gTLD in the 2012 application round.
Only two bidders, GMO and an unidentified rival, were prepared to pay over $15 million, according to ICANN.
The previous record-holder for an ICANN gTLD auction was .app, which Google bought for a smidgen over $25 million last February.
Dozens of contention sets have “self resolved” via private auction, but the winning bids of those are typically not disclosed.
According to GMO’s .shop application, .shop will be an open, unrestricted namespace. The company seems to be planning to sell value-added e-commerce services in addition to domain names.
But domainers will not be welcome in the gTLD. GMO’s application reads:
Registration of a .SHOP domain name solely for the purpose of selling, exchanging, trading, leasing the domain name shall be deemed as inappropriate use or intent.
The company plans to do random spot checks to make sure no registrants are breaking this rule.
GMO is using CentralNic as its back-end registry services software provider, following a 2013 deal.
Radix, Famous Four, Donuts, Google, Amazon, 2000-round applicant Commercial Connect and a company called Beijing Jingdong 360 had all applied for .shop.
But according to ICANN only seven of the original applicants qualified for the auction.
One of the drop-outs was GMO itself. The company has actually applied for .shop twice — once as a regular applicant and once as a “community”.
The non-community application was the one that participated in the auction.
Unsuccessful community applicant Commercial Connect, which has been fighting for .shop since first applying for it in 2000, also did not participate.
On Tuesday, it filed a futile Request for Reconsideration (pdf) with ICANN, complaining about the fact that it lost its Community Priority Evaluation.
.shop was originally linked to .shopping, due to a badly decided String Similarity Objection, but that contention set was resolved separately by Donuts and Uniregistry last week.
Web.com just gave itself another reason to bid high for .web gTLD
Registrar group Web.com is changing its stock market ticker symbol to WEB tomorrow, in another sign that it really, really wants to be identified with the string.
The switch from WWWW may indicate that the NASDAQ-listed company’s six rivals for the new gTLD .web have a fight — and a possible big payday — on their hands when .web finally goes to auction.
Web.com is competing with Nu Dot Co, Radix, Google, Donuts, Afilias and Schlund for the gTLD.
The company has already fiercely defended its “right” to .web, filing successful String Confusion Objections against .webs applicant Vistaprint.
Vistaprint subsequently filed an ICANN Independent Review Process complaint to appeal its SCO loss.
Last month, the IRP was won by ICANN, but the panel left the door open for ICANN to reconsider its decision.
The .web auction is not likely to go ahead until the Vistaprint issue is resolved.
If ICANN decides the two strings can be delegated separately, what I think is the last barrier to the .web auction going ahead disappears.
If not, then Vistaprint finds itself as the seventh contender in the auction, which may give it the impetus to carry on challenging the ruling.
ICANN’s board plans to discuss the issue at its next meeting, December 10.
Which way it leans will give an indication of how long it will be before .web goes to auction.
Now Uniregistry shifts to Early Access launch model
Uniregistry has become the latest registry to adopt the Early Access Period model for some new gTLD launches.
.cars, .car and .auto will all use the EAP, in place of the more typical landrush period, when they launch in January.
Technically, while Uniregistry is running the back-end, the three gTLDS are all being offered by Cars Registry, a partnership between Uniregistry and .xyz registry XYZ.com.
Uniregistry CEO Frank Schilling said it was felt that EAP was needed due to the “stupendous cost” of acquiring the strings.
EAP is a period lasting usually about a week in which the price of registering any domain descends daily from a very high fee on day one — usually above $10,000 at the storefront — to maybe a hundred bucks when the period closes.
The model was pioneered by portfolio registries Donuts and Rightside, but has since been adopted by the likes of Minds + Machines, Radix and XYZ.com.
It’s rapidly becoming the de facto industry standard for new gTLD launches, replacing the auction-based approach to landrush most registries have used in the past.
The driving factor for the industry switch is surely revenue.
Donuts told us late last month that it had sold 48,381 EAP domains across all of its launches to date, where registry prices are believed to start at around the $10,000 mark.
M+M said yesterday that it sold $1.18 million after it chose to use EAP with its recently launched .law gTLD, where registration restrictions suggest many of the sales will have been to legit end users.
Registrars also get a bigger slice of the pie. In an auction model they might wind up with just the regular registration fee, but with EAP they can mark up day one domains by thousands of dollars.
Cars Registry says its EAP is targeted at “OEMs, dealerships, vendors”, but it will almost certainly get a healthy chunk of domainer interest too.
Radix targets a million .online names in 2-3 years
Having just finished the most-successful new gTLD launch day to date, Radix Registry reckons it can get .online to seven figures in two to three years.
“We’re at 37,170 names as of an hour ago,” Radix CEO Bhavin Turakhia told DI at about 1000 UTC this morning.
That represents less than a full day of general availability. The company said last night that 28,000 names were registered in the first 30 minutes.
UPDATE: At the 24-hour mark, Radix tweeted this:
What an exciting Day 1 it has been for .online! Total DUMs 24 hours into the GA is 39,449 #newgTLDs #domaining
— Radix (@RadixRegistry) August 27, 2015
That beats .club’s 25,000-ish, which was Radix’s publicly stated goal, but it also tops .berlin’s 31,000 first-day names.
The CEOs of both these rival registries had publicly predicted their positions would be toppled and actively encouraged Radix to claim the crown.
Turakhia said that the majority of names registered came from pre-orders, largely at 1&1.
“Fourteen thousand names came from 1&1, 6,000 from Go Daddy, 2,700 from United Domains, 1,900 from Name.com and 1,400 from Tucows,” he said, partially breaking down the 37,170 figure by registrar.
He said the goal is to have a .online zone measured in the millions of names.
“I estimate that we should be able to get to a million names in a period of two to three years,” he said. “That’s on a conservative basis.”
Depending on how you count domains, .xyz may have already been the first to hit one million. Its zone never got as high as a million names, but it may have briefly crossed a million in terms of domains under management earlier this year.
At auction, .online sold for what is believed to be an eight-figure sum, originally to a joint venture of Radix, Tucows and Namecheap.
Radix bought out its partners earlier this year.
That was an increase in risk exposure Radix business head Sandeep Ramchandani said made him nervous. He said launch day’s numbers show .online’s potential.
Turahkhia said that there are 680,000 names in the .com zone that end in “online” today, and a million that have “online” somewhere in the second level, showing that the string is desirable to registrants.
Radix said last night that its Early Access Period — during which names are sold for a higher price — ended with 1,130 sales.
Turahkhia said that of these, about 1,000 were registered in the last three days, during which time the price was $100. Regular .online pricing is around the same as .com ($14.99 at 1&1 and Go Daddy), but some registrars are selling for as much at $50.
Radix targets 25,000 names for .online’s first day
Radix Registry reckons .online will move at least 15,000 domains in its first day of general availability, but it’s aiming higher.
“We are confident .online will be amongst the biggest new gTLDs that have launched,” Radix business head Sandeep Ramchandani said in a press release today.
“The same sentiment across several Registrar Partners has reinforced our beliefs. We expect to start off with at least 15,000 registrations at launch and would love to break .club’s launch record,” he said.
When .CLUB Domains launched .club in 2014, its zone file showed over 25,000 domains after the first 10 hours.
Radix is basing its projections not only on its registrar conversations, but also on .online’s sunrise period, which ended yesterday with 775 sales.
That number is of course low by pre-2012 standards, but it’s in the top tier of sunrise periods for non-controversial new gTLDs.
The only strings to top 1,000 names to date have been ICM Registry’s .porn and .adult and Vox Populi’s .sucks.
.CLUB’s sunrise weighed in at 454 domains.
Radix had better hope .online is successful — the gTLD sold for seven or eight figures at private auction.
The gTLD will go to its Early Access Period tomorrow before settling down to regular pricing August 26.
New gTLDs not an illegal conspiracy, court rules
ICANN has beaten off a lawsuit from alternate root provider name.space for a second time, with a US appeals court ruling that the new gTLD program was not an illegal conspiracy.
name.space sued ICANN in 2012, claiming that the program broke competition laws and that “conflicted” ICANN directors conspired with the industry in an “attack” on its business model.
The company runs an alternate DNS root containing hundreds of TLDs that hardly anyone knows about, cares about, or has access to.
Almost 200 of the strings in its system had matching applications in the 2012 new gTLD round; many have since been delegated.
The company’s complaint asked for an injunction against all 189 matching TLDs.
But a court ruled against it in 2013, saying that name.space had failed to make a case for breaches of antitrust law.
Last week, an appeals court upheld that ruling, saying that the company had basically failed to cross the legal threshold from simply making wild allegations to showing evidence of an illegal conspiracy.
“We cannot… infer an anticompetitive agreement when factual allegations ‘just as easily suggest rational, legal business behavior.’,” the court ruled, citing precedent.
“Here, ICANN’s decision-making was fully consistent with its agreement with the DOC [US Department of Commerce] to operate the DNS and the Root,” it wrote. “In transferring control to ICANN, the DOC specifically required it to coordinate the introduction of new TLDs onto the Root. This is exactly what ICANN did in the 2012 Application Round”.
“The 2012 rules and procedures were facially neutral, and there are no allegations that the selection process was rigged,” the panel ruled.
The court further ruled that ICANN is not a competitor in the markets for domain names as registry, registrar or defensive registration services, therefore it could not be subject to antitrust claims for those markets.
A few other claims against ICANN were also dismissed.
In short, it’s a pretty decisive victory for ICANN. General counsel John Jeffrey said in a statement that ICANN is “pleased” to have won.
All the major documents in the case, including the latest opinion, can be downloaded here.
While the lawsuit has been making its way through the courts, the .space gTLD has actually been delegated and the domain name.space is owned by its new registry, Radix.
There’s some salt in the wounds.
New gTLD phishing still tiny, but .xyz sees most of it
New gTLDs are not yet being widely used to carry out phishing runs, but most such attacks are concentrated in .xyz.
That’s one of the conclusions of the Anti-Phishing Working Group, which today published its report for the second half of 2014.
Phishing was basically flat in the second half of the year, with 123,972 recorded attacks.
The number of domains used to phish was 95,321, up 8.4% from the first half of the year.
However, the number of domains that were registered maliciously in order to phish (as opposed to compromised domains) was up sharply — by 20% to 27,253 names.
In the period, 272 TLDs were used, but almost 54% of the attacks used .com domains. In terms of maliciously registered domains, .com fared worse, with over 62% share.
According to APWG, 75% of maliciously registered domains were in .com, .tk, .pw, .cf and .net.
Both .tk and .cf are Freenom-administered free ccTLDs (for Tokelau and the Central African Republic) while low-cost .pw — “plagued” by Chinese phishers — is run by Radix for Palau.
New gTLDs accounted for just 335 of the maliciously registered domains — 1.2% of the total.
That’s about half of what you’d expect given new gTLDs’ share of the overall domain name industry.
Twenty-four new gTLDs had malicious registrations, but .xyz saw most of them. APWG said:
Almost two-thirds of the phishing in the new gTLDs — 288 domains — was concentrated in the .XYZ registry. (Of the 335 maliciously registered domains, 274 were in .XYZ.) This is the first example of malicious registrations clustering in one new gTLD, and we are seeing more examples in early 2015.
XYZ.com aggressively promoted cheap or free .xyz names during the period, but APWG said that only four .xyz phishing names were registered via freebie partner Network Solutions.
In fact, APWG found that most of its phishing names were registered via Xin Net and used to attack Chinese brands.
But, normalizing the numbers to take account of different market shares, .xyz shapes up poorly when compared to .com and other TLDs, in terms of maliciously registered domains. APWG said:
XYZ had a phishing-per-10,000-domains score of 3.6, which was just slightly above the average of 3.4 for all TLDs, and lower than .COM’s score of 4.7. Since most phishing domains in .XYZ were fraudulently registered and most in .COM compromised, .XYZ had a significantly higher incidence of malicious domain registrations per 10,000 coming in at 3.4 versus 1.4 for .COM.
APWG said that it expects the amount of phishing to increase in new gTLDs as registries, finding themselves in a crowded marketplace, compete aggressively on price.
It also noted that the amount of non-phishing abuse in new gTLDs is “much higher” than the phishing numbers would suggest:
Tens of thousands of domains in the new gTLDs are being consumed by spammers, and are being blocklisted by providers such as Spamhaus and SURBL. So while relatively few new gTLD domains have been used for phishing, the total number of them being used maliciously is much higher.
The number of maliciously registered domains containing a variation on the targeted brand was more or less flat, up from 6.6% to 6.8%.
APWG found that 84% of all phishing attacks target Chinese brands and Chinese internet users.
The APWG report can be downloaded here.
UPDATE: XYZ.com CEO Daniel Negari responded to the report by pointing out that phishing attacks using .xyz have a much shorter duration compared to other TLDs, including .com.
According to the APWG report, the average uptime of an attack using .xyz is just shy of 12 hours, compared to almost 28 hours in .com. The median uptime was a little over six hours in .xyz, compared to 10 hours in .com.
Negari said that this was due to the registry’s “aggressive detection and takedowns”. He said XYZ has three full-time employees devoted to handling abuse.
Recent Comments