[CPWG] ICANN DNS Abuse report (4 years of data)

John McCormac jmcc at hosterstats.com
Wed Mar 23 13:00:11 UTC 2022 

On 23/03/2022 12:39, Michele Neylon - Blacknight wrote:
> John
> 
> It also focusses on domain names, whereas a lot of the other numbers 
> conflate URLs and domains.
> 

Yep Michele,
The graphs of registrations and types of abuse are interesting in that 
they track some of the bulk registation patterns in the new gTLDs.

Phishing is a more difficult thing to detect with deep URLs on 
compromised sites so it may rely more on reporting than detection. The 
logic in the EC report was a bit strange when it came to associating 
malware with specifically registered domain names. That would be closer 
to spear phishing as the most effective way of distributing malware to a 
larger set of victims would be via a compromised popular website with 
traffic. (An alternative would be spam carrying the link to a 
maliciously registered domain name's website.)

Regards...jmcc

> Michele
> 
> --
> 
> Mr Michele Neylon
> 
> Blacknight Solutions
> 
> Hosting, Colocation & Domains
> 
> https://www.blacknight.com/ <https://www.blacknight.com/>
> 
> https://blacknight.blog/ <https://blacknight.blog/>
> 
> Intl. +353 (0) 59  9183072
> 
> Direct Dial: +353 (0)59 9183090
> 
> Personal blog: https://michele.blog/ <https://michele.blog/>
> 
> Some thoughts: https://ceo.hosting/ <https://ceo.hosting/>
> 
> -------------------------------
> 
> Blacknight Internet Solutions Ltd, Unit 12A,Barrowside Business Park,Sleaty
> 
> Road,Graiguecullen,Carlow,R93 X265,Ireland  Company No.: 370845
> 
> *From: *CPWG <cpwg-bounces at icann.org> on behalf of John McCormac via 
> CPWG <cpwg at icann.org>
> *Date: *Tuesday, 22 March 2022 at 21:07
> *To: *CPWG <cpwg at icann.org>
> *Subject: *[CPWG] ICANN DNS Abuse report (4 years of data)
> 
> [EXTERNAL EMAIL] Please use caution when opening attachments from 
> unrecognised sources.
> 
> ICANN published a report on DNS Abuse that's one of the most interesting
> of the last few years. It is based on four years of data but it also
> captures things that the EC report completely missed due to its
> extremely narrow timeframe. On page 5 of the ICANN report the change in
> the kind of abusive registrations from October 2017 to February 2022
> shows some kinds of abuse being reduced. This may correlate with a
> decline in bulk registrations.
> 
> https://www.icann.org/en/blogs/details/icann-publishes-dns-abuse-trends-22-03-2022-en 
> <https://www.icann.org/en/blogs/details/icann-publishes-dns-abuse-trends-22-03-2022-en>
> 
> https://www.icann.org/en/system/files/files/last-four-years-retrospect-brief-review-dns-abuse-trends-22mar22-en.pdf 
> <https://www.icann.org/en/system/files/files/last-four-years-retrospect-brief-review-dns-abuse-trends-22mar22-en.pdf>
> 
> There is an economic effect with some kind of DNS abuse in that low cost
> registration fees enable some kinds of abuse. The SIDN report from a few
> years ago also pointed out that there was a major shift of abusive
> registrations from the legacy gTLDs to the new gTLDs. That coincided
> with heavy discounting in some new gTLDs.
> 
> Regards...jmcc
> --
> **********************************************************
> John McCormac  *  e-mail: jmcc at hosterstats.com
> MC2            *  web: http://www.hosterstats.com/ 
> <http://www.hosterstats.com/>
> 22 Viewmount   *  Domain Registrations Statistics
> Waterford      *  Domnomics - the business of domain names
> Ireland        * https://amzn.to/2OPtEIO <https://amzn.to/2OPtEIO>
> IE             *  Skype: hosterstats.com
> **********************************************************
> 
> --
> This email has been checked for viruses by AVG.
> https://www.avg.com <https://www.avg.com>
> 
> _______________________________________________
> CPWG mailing list
> CPWG at icann.org
> https://mm.icann.org/mailman/listinfo/cpwg 
> <https://mm.icann.org/mailman/listinfo/cpwg>
> 
> _______________________________________________
> By submitting your personal data, you consent to the processing of your 
> personal data for purposes of subscribing to this mailing list 
> accordance with the ICANN Privacy Policy 
> (https://www.icann.org/privacy/policy 
> <https://www.icann.org/privacy/policy>) and the website Terms of Service 
> (https://www.icann.org/privacy/tos <https://www.icann.org/privacy/tos>). 
> You can visit the Mailman link above to change your membership status or 
> configuration, including unsubscribing, setting digest-style delivery or 
> disabling delivery altogether (e.g., for a vacation), and so on.
> 
> 
> <http://www.avg.com/email-signature?utm_medium=email&utm_source=link&utm_campaign=sig-email&utm_content=emailclient> 
> 	Virus-free. www.avg.com 
> <http://www.avg.com/email-signature?utm_medium=email&utm_source=link&utm_campaign=sig-email&utm_content=emailclient> 
> 
> 
> <#DAB4FAD8-2DD7-40BB-A1B8-4E2AA1F9FDF2>


-- 
**********************************************************
John McCormac  *  e-mail: jmcc at hosterstats.com
MC2            *  web: http://www.hosterstats.com/
22 Viewmount   *  Domain Registrations Statistics
Waterford      *  Domnomics - the business of domain names
Ireland        *  https://amzn.to/2OPtEIO
IE             *  Skype: hosterstats.com
**********************************************************

-- 
This email has been checked for viruses by AVG.
https://www.avg.com

More information about the CPWG mailing list