The Internet is full of malicious places, but it seems like some are more dangerous than others (.com). Avoid these domain extensions at all costs!

We’re talking about those which cybercriminals register to exploit vulnerabilities.

But if there are over 1,500 Top-Level Domains (TLDs) today… How can we avoid them?

How can you stay safe while browsing, especially when new are created every year?

Top 7 Malicious Domain Extensions (TLDs)

Among all the cybersecurity firms that have taken the time to study the subject, the Spamhaus Project is the most precise. Today’s top is inspired by their data. 

All of the following TLDs are in active use (mail feeds or DNS traffic within the last 30 days). And were ranked according to the lowest price, low barrier registration processes, and ease to register in bulk.

#7 – .cf:

(3,506 Malicious domains out of 8,667 registered = 40.5%)

The .cf belongs to the Central African region was opened to the world in July 2013… And you can get them for free, however the place you are now.

There aren’t many limitations, jut with 1 exception: “Premium” names cannot be registered (common dictionary terms, especially <4 characters long).

#6 – .ml:

(3,666 Malicious domains out of 8,667 registered = 42.7%)

It carries the country’s code of Mali, and like the previous one,  it has no territorial restriction. This was very positive until the African Nation started to give these away for free (the 1st one in Africa to do so). 

#5 – .ga:

(3,406 Malicious domains out of 7,600 registered = 44.8%)

This one was created in 1994 for the sovereign estate of Gabon. Gabon Telecom formed a partnership with Freenom in 2013 to offer registrations of this one for free… And you know the story.

#4 – .work:

(14,214 Malicious domains out of 36,672 registered = 38.8%)

Are you interested in highlighting your professional skills on the web? That’s what the TLD .work is for. Unfortunately, this one has been highly-exploited by scammers.

#3 – .gq:

(2,636 Malicious domains out of 4,835 registered = 54.5%)

The TLD directed to the African country: Equatorial Guinea is well-known among hackers and scammers and not that much between webmasters. 

#2 – .fit:

(4,618 Malicious domains out of 8,321 registered  = 55.5%)

A generic but brandable extension for all fitness-related (personal trainers, gyms, supplements, clothing, and so on).  This and several other reasons make .fit extension very dangerous.

#1 – .tk:

(10,405 Malicious domains out of 18,875 registered = 55.1%)

The most threatening TLD of all the one from Tokelau, New Zealand.

Anyone can open a domain there, for free… But there are several limitations. For example, (dot) TK requires regular traffic of visitors. If it doesn’t have it, it is replaced by an advertisement page with no previous warning.

This measure was taken after McAfee reported a 10.1% rate of “unwanted behaviors” using .tk… And it only continued in 2011 through the Anti Phishing Working Group report, blaming Tokelau for being hosts of so many phishing criminals.

But are they really that dangerous? The (dot) com extension is the most common in the world, and that gets it the gold medal in this contest… Being said, what makes it different?

Well-known registrars (which I won’t name here due to legal reasons) sell low-cost extensions as:.tk, .fit, .gq, .work, .ga, .ml, .cf are at a sale and accessible very easily to everybody (including cyber-attackers). 

Especially newer TLDs, that are becoming more and more popular among spammers and scammers for the pennies price tag. So, if a spammer can register them in bulk, cheaply, with little barrier stopping, they will do so. 

Top seven “worst” TLDs have a price range between $6 and $14.50 each. Sometimes you will see them at less than $1 each.

The rest is available for free.

Wouldn’t a temporary ban to solve this problem? 

Considering that the .com and similar US-based top-level domains are the biggest sources of the overall problem… That we can conclude that’s not practical to assume and block all the traffic to a country’s net, for a few baddies. 

But in the first place… Why are they considered “malicious”?

That’s where the infamous Malware domains come to the stage.

Imagine getting into a site with high-chances of infecting and harming your devices?

They host botnets, generate spam and DDoS attacks… Even may contain Malware inside.

Adobe Flash Player "Out of Date"
Fake Battery Recharge on Malicious Domain Website
Malicious Domain website with Pokemon Trainer Fake Prizes

That’s what they are, and you can see (preferably, from a distance) how do they look.

malwaredomainlist.com and isc.sans.edu sites dedicate to enlist them, keeping control of them, and helping cybersecurity experts to study them. 

If you aren’t a cybersecurity expert, then I truly recommend you to stay away from it… For your own good.

Not more dangerous, but not less scary… There are Phishing Domains between all malicious threats related.

They basically trick unsuspecting email users into sending private account details. Sometimes, criminals imitate the domain’s registrar, asking to sign in through a modified link. 

I know you are very smart, and that you wouldn’t’ click on any of these shady domains,  inside of a spammy, phishing email. 

Just take into account that links with malicious domains are mostly placed inside a .com, .org, or .net hosted websites, in smart ways. 

Avoid Malicious Domain Extensions at All Cost

And keep yourself away from terrifying threats.

Be aware that .com can be as risky as the one mentioned; and not every website using these domain extensions is harmful.

But if you want to avoid risking yourself, your personal credentials, and your business assets…

Then we recommend you to take maximum precautions, analyze URLs/Links of domains before going in… And protect yourself with the help of experts.