Welcome to our

Cyber Security News Aggregator

.

Cyber Tzar

provide a

cyber security risk management

platform; including automated penetration tests and risk assesments culminating in a "cyber risk score" out of 1,000, just like a credit score.

Cloudflare loses 22% of its domains in Freenom .tk shutdown

published on 2024-03-15 14:20:21 UTC by Paul Mutton
Content:

A staggering 12.6 million domains on TLDs controlled by Freenom (.tk, .cf and .gq) have been shut down and no longer resolve, leading to a significant reduction in the number of websites hosted by Cloudflare.

The disappearance of these websites was spotted during our monthly Web Server Survey and represents a 98.7% drop from the number of Freenom domains that were resolvable last month.

Nearly all .tk, .cf and .gq domains have effectively disappeared.

The .tk, .cf and .gq TLDs are country code top-level domains (ccTLDs) for Tokelau, Central African Republic, and Equatorial Guinea. They were officially intended to be used by entities connected with these countries, but this was very rarely the case.

The huge drop is likely the culmination of a series of events that started last year, when Freenom was sued by Meta for ignoring abuse complaints. Freenom subsequently paused new domain registrations in March 2023, and Netcraft noticed a dramatic reduction in the amount of cybercrime across two TLDs that later moved away from the provider (.ga and .ml).

Finally, on 12 February 2024, Freenom announced that it had decided to exit the domain name business, including the operation of registries. The same press release (which has since been removed but is archived here) also announced that Freenom had resolved the Meta lawsuit on confidential monetary and business terms.

Cloudflare losses

The affected domains represent a big loss for Cloudflare, with .tk, .cf and .gq previously accounting for 23.1% of all domains hosted on its platform – and nearly all of these have now gone.

The combined amount of .tk, .cf and .gq domains hosted by Cloudflare has fallen by 99.8% since our March 2024 Web Server Survey, leading to a noticeable 22.0% drop in the total number of all domains hosted by Cloudflare.

All domains hosted by Cloudflare.
(Note sites like foo.example.tk and bar.example.tk would be counted as a single domain)

The .tk top level domain was the most popular of those operated by Freenom. Last month it accounted for 16.2% of all domains hosted by Cloudflare, but very few of these were used by popular websites. Amongst Netcraft’s top million websites dataset, there were only 59 sites across 57 .tk domains. 36 of these still resolve, which suggests they are paid-for domains.

But to the vast majority who registered these domain names for free, their sudden disappearance came as a bit of a surprise. Amongst the debate in the Cloudflare and Reddit communities, some customers reported being able to get their domain names back up and running by having their domains marked as “paid domains”.

The Freenom website claims new registrations are temporarily out-of-order due to “technical issues”.

When did the shutdown happen?

The number of SSL certificates successfully issued to .tk domains provides a good indication of when the shutdown took effect, particularly as the two largest certificate authorities – Google and Let’s Encrypt – only issue domain validated certificates.

The issuance and renewal process for a domain validated certificate involves sending an HTTP request to the website it will be issued for, and so each subject domain must be resolvable for the process to succeed.

Certificates issued to .tk domains (hourly).

This graph shows the shutdown taking noticeable effect between 8 – 10 February 2024, crucially a few days before Freenom issued the 12 February press statement where it announced its exit from the domain name business. This lack of notice clearly caught lots of people by surprise.

The small trickle of issuances thereafter represents the small number of .tk domains that are still active, including those marked as “paid domains”.

The free and easily acquired domain names that Freenom used to provide were unsurprisingly attractive to criminals and were used to host many phishing sites, malware, and other types of cyberattacks. Consequently, one positive side effect of the shutdown is that the number of malicious URLs that we block on the affected TLDs has fallen by 86.9% since December 2023.

You can read more about the impacts on cybercrime in the aftermath of Freenom’s original announcement on the Netcraft Blog.

Article: Cloudflare loses 22% of its domains in Freenom .tk shutdown - published 9 months ago.

https://www.netcraft.com/blog/cloudflare-loses-22-of-its-domains-in-freenom-tk-shutdown/   
Published: 2024 03 15 14:20:21
Received: 2024 03 29 17:22:17
Feed: Netcraft
Source: Netcraft
Category: Cyber Security
Topic: Cyber Security
Views: 3

Custom HTML Block

Click to Open Code Editor