An explosion in the number of new Internet addresses has created a wealth of opportunities for criminals exploiting shady domains such as .zip, .kim or .party, according to an industry study published on Tuesday.
Attackers are constantly in search of new domains for links to lead users to download malware, divulge personal data or spam their friends, and a liberalization of the Web has expanded the number of top-level domains tenfold in the past two years.
An analysis of tens of millions of websites by enterprise security company Blue Coat found the most dangerous top-level domains (TLDs) were .zip, .review and .country, while the safest new ones were .london, .tel and .church.
"Ideally, TLDs would all be run by security-conscious operators who diligently review new domain name applications, and reject those that don't meet a stringent set of criteria," Blue Coat wrote in its study.
"The reality for many of these new neighborhoods is that this is not happening."
ICANN, the body that manages Web identifiers, launched an initiative to expand the number of TLDs to promote competition and choice online. Originally, there were just six not including country codes: .com, .edu, .gov, .mil, .net and .org.
Organizations who want to sell new TLDs have had to pay a $185,000 fee to ICANN and demonstrate that they are capable of running a registry.
The size of the global Web domain name sales market is hard to determine because so many sales are private. Sought-after domains can change hands for millions of dollars but more obscure ones can be had for as little as 99 cents.
GoDaddy, the world's largest accredited registrar of domain names, made sales of $1.4 billion last year and was valued at $3 billion in an initial public offering this year.
Blue Coat was bought by Bain Capital for $2.4 billion this year in a sign of the strength of demand for cybersecurity technology.