There were many who warned that the Internet Corporation for Assigned Names and Numbers' (ICANN) decision to allow a host of new commercial generic top-level Internet domains was going to create a huge opportunity for Internet scammers and hackers. The approval of top-level domains (TLDs) beyond those assigned to countries and generic ones such as .com, .org, and .net created an opportunity, some in the security industry warned, for criminals to set up "look-alike" domains in the new namespace that aped legitimate sites already registered in .com or elsewhere.
Well, the warnings were spot-on. Based on data just published (PDF) by the network security and deep packet inspection tool vendor Blue Coat, that's exactly what happened: some of the new "neighborhoods" open for name registration have become almost exclusively the domain of people setting up hosts for spam e-mailing, scams, shady software downloads, malware distribution, botnet operations and "phishing" attacks, or other suspicious content. One hundred percent of sites accessed with the .zip and .review TLD that had been scanned and added to Blue Coat's domain database were classified by Blue Coat's researchers as "shady." Of course, these rankings may be distorted by the fact that there are so few records in Blue Coat's database for these domains—.zip isn't even officially available yet from domain registrars, so it's not clear how there were any records for it at all.
Not all of the worst domains were new TLDs. One, .gq—the top level domain assigned to Equatorial Guinea—scored a 96.68 percent score for "shady" sites out of all traffic screened. Overall, the worst ten TLDs for malicious domains, as of August of 2015, were: