Cloudflare loses 22% of its domains in Freenom.tk shutdown

A staggering 12.6 million domains on TLDs controlled by Freenom have been shut down and no longer resolve, leading to a significant reduction in the number of websites hosted by Cloudflare.
The disappearance of these websites was spotted during our monthly Web Server Survey and represents a 98.7% drop from the number of Freenom domains that were resolvable last month.
Gq TLDs are country code top-level domains for Tokelau, Central African Republic, and Equatorial Guinea.
The huge drop is likely the culmination of a series of events that started last year, when Freenom was sued by Meta for ignoring abuse complaints.
Freenom subsequently paused new domain registrations in March 2023, and Netcraft noticed a dramatic reduction in the amount of cybercrime across two TLDs that later moved away from the provider.
Finally, on 12 February 2024, Freenom announced that it had decided to exit the domain name business, including the operation of registries.
The same press release also announced that Freenom had resolved the Meta lawsuit on confidential monetary and business terms.
The affected domains represent a big loss for Cloudflare, with.
Gq previously accounting for 23.1% of all domains hosted on its platform - and nearly all of these have now gone.
Gq domains hosted by Cloudflare has fallen by 99.8% since our March 2024 Web Server Survey, leading to a noticeable 22.0% drop in the total number of all domains hosted by Cloudflare.
The.tk top level domain was the most popular of those operated by Freenom.
Last month it accounted for 16.2% of all domains hosted by Cloudflare, but very few of these were used by popular websites.
Amongst Netcraft's top million websites dataset, there were only 59 sites across 57.tk domains.
36 of these still resolve, which suggests they are paid-for domains.
To the vast majority who registered these domain names for free, their sudden disappearance came as a bit of a surprise.
Tk domains provides a good indication of when the shutdown took effect, particularly as the two largest certificate authorities - Google and Let's Encrypt - only issue domain validated certificates.
The issuance and renewal process for a domain validated certificate involves sending an HTTP request to the website it will be issued for, and so each subject domain must be resolvable for the process to succeed.
This graph shows the shutdown taking noticeable effect between 8 - 10 February 2024, crucially a few days before Freenom issued the 12 February press statement where it announced its exit from the domain name business.
The free and easily acquired domain names that Freenom used to provide were unsurprisingly attractive to criminals and were used to host many phishing sites, malware, and other types of cyberattacks.
One positive side effect of the shutdown is that the number of malicious URLs that we block on the affected TLDs has fallen by 86.9% since December 2023.


This Cyber News was published on www.netcraft.com. Publication date: Fri, 15 Mar 2024 18:13:05 +0000


Cyber News related to Cloudflare loses 22% of its domains in Freenom.tk shutdown

Cloudflare loses 22% of its domains in Freenom.tk shutdown - A staggering 12.6 million domains on TLDs controlled by Freenom have been shut down and no longer resolve, leading to a significant reduction in the number of websites hosted by Cloudflare. The disappearance of these websites was spotted during our ...
9 months ago Netcraft.com
Cloudflare discloses breach related to stolen Okta data - Last fall, Cloudflare announced it mitigated an attempted cyberattack stemming from the infamous Okta breach. Cloudflare disclosed in a blog post that it had been breached by an unnamed nation-state threat actor using an access token and three ...
10 months ago Techtarget.com
Polyfill.io, BootCDN, Bootcss, Staticfile attack traced to 1 operator - The recent large scale supply chain attack conducted via multiple CDNs, namely Polyfill.io, BootCDN, Bootcss, and Staticfile that affected anywhere from 100,000 to tens of millions of websites has been traced to a common operator, according to ...
5 months ago Bleepingcomputer.com
Cloudflare Dashboard and APIs down after data center power outage - An ongoing Cloudflare outage has taken down many of its products, including the company's dashboard and related application programming interfaces customers use to manage and read service configurations. The complete list of services whose ...
1 year ago Bleepingcomputer.com
Toward Ending the Domain Wars: Early Detection of Malicious Stockpiled Domains - The two main advantages of detecting stockpiled domains are expanding coverage of malicious domains and providing patient-zero detections as attackers stock up on domains for future use. As of July 2023, our detection pipeline has found 1,114,499 ...
1 year ago Unit42.paloaltonetworks.com
How to Arm Yourself With CloudFlare Security Solutions - Securing your website or digital asset is a critical part of running a successful business or website. With the rise of the digital era, the need to protect yourself from cyber-attacks is essential. That's why CloudFlare, the leading cloud solution ...
1 year ago Blog.cloudflare.com
Cloudflare publishes details of Thanksgiving security breach The Register - Cloudflare has just detailed how suspected government spies gained access to its internal Atlassian installation using credentials stolen via a security breach at Okta in October. In a write-up on Thursday, CEO Matthew Prince, CTO John ...
10 months ago Go.theregister.com
9 Best DDoS Protection Service Providers for 2024 - eSecurity Planet content and product recommendations are editorially independent. We may make money when you click on links to our partners. Learn More. One of the most powerful defenses an organization can employ against distributed ...
1 year ago Esecurityplanet.com
Cloudflare hacked using auth tokens stolen in Okta attack - Cloudflare disclosed today that its internal Atlassian server was breached by a 'nation state' attacker who accessed its Confluence wiki, Jira bug database, and Atlassian Bitbucket source code management system. The threat actor first gained access ...
10 months ago Bleepingcomputer.com
InfectedSlurs Botnet Spreads Mirai via Zero-Days - The payload targets routers and network video recorder devices with default admin credentials and installs Mirai variants when successful. Until November 9, 2023, the vulnerable devices being targeted were unknown. Since both the name and the version ...
1 year ago Akamai.com
Researchers Hunted Malicious Stockpiled Domains DNS Records - Malicious stockpiled domains are the collection of domain names that threat actors acquire in advance for several types of future malicious activities like:-. While all these domains are often kept unused initially to evade detection, and then later ...
11 months ago Cybersecuritynews.com
Imperva Client-Side Protection Mitigates the Polyfill Supply Chain Attack - The recent discovery of a website supply chain attack using the cdn. Polyfill.io domain has left many websites vulnerable to malicious code injection. Once a trusted resource for adding JavaScript polyfills to websites, the domain has recently become ...
5 months ago Imperva.com
CVE-2020-25600 - An issue was discovered in Xen through 4.14.x. Out of bounds event channels are available to 32-bit x86 domains. The so called 2-level event channel model imposes different limits on the number of usable event channels for 32-bit x86 domains vs ...
2 years ago
Hunting for malicious domains with VT Intelligence ~ VirusTotal Blog - Please note that this blogpost is part of our #VTMondays series, check out our collection of past publications here. Many cyberattacks begin by victims visiting compromised websites that host malware or phishing scams, threat actors use domains for ...
1 year ago Blog.virustotal.com
Cloudflare Incident on January 24th, 2023 - An Overview - On January 24th, 2023, Cloudflare experienced an incident that impacted its customers globally. In this article, we will provide an overview analysis of the incident, its impacts on SEO, security, threats, etc. ...
1 year ago Blog.cloudflare.com
AsyncRAT Loader Delivers Malware via JavaScript - For at least 11 months, this threat actor has been working on delivering the Remote Access Trojan through an initial JavaScript file, embedded in a phishing page. After more than 300 samples and over 100 domains later, the threat actor is persistent ...
10 months ago Cybersecurity-insiders.com
Cloudflare Expands Zero Trust Capabilities with Acquisition of BastionZero - Technology vendor Cloudflare on Thursday announced the acquisition of seed-stage startup BastionZero as part of plans to expand the scope of its VPN replacement solutions. BastionZero, based in Boston, Mass., raised $6 million in seed capital from ...
6 months ago Securityweek.com
Cloudflare Acquires Zaraz to Improve Cloud Loading of Third-Party Tools - Cloudflare, the global leader in cloud performance and security, has announced the acquisition of Zaraz, a leading provider of cloud server loading technology. The acquisition will enable Cloudflare to provide automated access to third-party tools, ...
1 year ago Blog.cloudflare.com
Announcing Custom DLP Profiles for Data Loss Prevention - Do you have questions about where your sensitive data is stored and who can access it? Does your organization need more visibility and control over their data? Cloudflare One offers customers Data Loss Prevention (DLP) that is designed to give ...
1 year ago Blog.cloudflare.com
Detectify platform enhancements address growing attack surface complexity - Detectify announced a new Domains page and major improvements to existing capabilities for setting custom attack surface policies. These updates bring control over attack surface data and enable organizations to seamlessly configure alerts for policy ...
6 months ago Helpnetsecurity.com
Spooky action: Phantom domains create hijackable hyperlinks - Links to phantom domains don’t pose an inherent risk — so long as companies ensure they review websites for misspelled URLs and remove any placeholder links, hijacked hyperlinks are impossible. From an education standpoint, enterprises ...
2 months ago Securityintelligence.com
Cypher Queries in BloodHound Enterprise - Our first use case is identifying Domain Trusts that exist within an environment. Our specific query here, Map Domain Trusts can be selected which automatically populates the search window with the built-in query. Selecting Search will then return a ...
11 months ago Securityboulevard.com
CVE-2024-35885 - In the Linux kernel, the following vulnerability has been resolved: ...
7 months ago
Smart Automatic Restarts for Unhealthy Kafka Consumers The Advantages of Cloudflare - Cloudflare's technology has revolutionized the way modern web applications are maintained and enhanced to improve performance. Their Intelligent Automatic Restarts for Unhealthy Kafka Consumers is a powerful feature that allows businesses to reduce ...
1 year ago Blog.cloudflare.com
Cloudflare Report Surfaces Lots of API Insecurity - A report published by Cloudflare today finds machine learning algorithms employed by the content delivery network provider found 31% more REST application programming interface endpoints than its customers have self-reported. More than 15,000 ...
11 months ago Securityboulevard.com

Latest Cyber News


Cyber Trends (last 7 days)


Trending Cyber News (last 7 days)