A staggering 12.6 million domains on TLDs controlled by Freenom have been shut down and no longer resolve, leading to a significant reduction in the number of websites hosted by Cloudflare.
The disappearance of these websites was spotted during our monthly Web Server Survey and represents a 98.7% drop from the number of Freenom domains that were resolvable last month.
Gq TLDs are country code top-level domains for Tokelau, Central African Republic, and Equatorial Guinea.
The huge drop is likely the culmination of a series of events that started last year, when Freenom was sued by Meta for ignoring abuse complaints.
Freenom subsequently paused new domain registrations in March 2023, and Netcraft noticed a dramatic reduction in the amount of cybercrime across two TLDs that later moved away from the provider.
Finally, on 12 February 2024, Freenom announced that it had decided to exit the domain name business, including the operation of registries.
The same press release also announced that Freenom had resolved the Meta lawsuit on confidential monetary and business terms.
The affected domains represent a big loss for Cloudflare, with.
Gq previously accounting for 23.1% of all domains hosted on its platform - and nearly all of these have now gone.
Gq domains hosted by Cloudflare has fallen by 99.8% since our March 2024 Web Server Survey, leading to a noticeable 22.0% drop in the total number of all domains hosted by Cloudflare.
The.tk top level domain was the most popular of those operated by Freenom.
Last month it accounted for 16.2% of all domains hosted by Cloudflare, but very few of these were used by popular websites.
Amongst Netcraft's top million websites dataset, there were only 59 sites across 57.tk domains.
36 of these still resolve, which suggests they are paid-for domains.
To the vast majority who registered these domain names for free, their sudden disappearance came as a bit of a surprise.
Tk domains provides a good indication of when the shutdown took effect, particularly as the two largest certificate authorities - Google and Let's Encrypt - only issue domain validated certificates.
The issuance and renewal process for a domain validated certificate involves sending an HTTP request to the website it will be issued for, and so each subject domain must be resolvable for the process to succeed.
This graph shows the shutdown taking noticeable effect between 8 - 10 February 2024, crucially a few days before Freenom issued the 12 February press statement where it announced its exit from the domain name business.
The free and easily acquired domain names that Freenom used to provide were unsurprisingly attractive to criminals and were used to host many phishing sites, malware, and other types of cyberattacks.
One positive side effect of the shutdown is that the number of malicious URLs that we block on the affected TLDs has fallen by 86.9% since December 2023.
This Cyber News was published on www.netcraft.com. Publication date: Fri, 15 Mar 2024 18:13:05 +0000