Looking at spam

Opening a blog post with a meme – check. Fancy title – check. While you might think that this blog post is a joke, I have to tell you that it might be one of the most serious ones until now. Not “>>Houston, we have a problem<< and everyone already knows that he’s not gonna make it back”-serious, but more like “You still haven’t done the dishes?“-serious.

Whenever I scroll through seemingly endless lists of domain names, one particular type of them catches my attention. Let me give you a few examples:

8c5968b9kspxkwd.club
fxdee.science
jb1bd.webcam
yposx.party
tsy809.science
vokvbn.science
7kks.science
tzjv.party
j3dv.science
bl9nl.party
iij3e.xyz
qetyyu.xyz
16872.xyz
wshod.party
sus430.xyz
c8356el.xyz
avvb.science
mskcx.space
vxur.webcam
wq6e.party
h9jb.webcam
y8g1x.science
520v1v484.top
seosepll.xyz
papuuod.xyz
ggzcx.party
nx5l1f.science
v29qkt30dxh5.link

Of course you could just shrug it off, but that would be boring. Instead, I added another item to our already infinitely long to-do list: “Write blog posts about spam TLD stuff!

Why would you register those domains?, the naive internet user asked. Well, that question is partially answered by our categorization of those domains: “Spam” and “Filler”. So Spam-TLDs are used to create spam websites while “Filler”-TLDs, well, apparently to fill up the pool of domains for that particular TLD.

 

Spam

Most of the domains timed out like one would expect. When we started to check those still responding, we quickly realized that an overwhelming part has the same content: Scripted websites with automatically generated links – in chinese. Those websites mostly link to other spam-TLDs, but sometimes even include ccTLDs or old gTLDs. The purpose? Sale spam. The websites are basically a big list of links to products. Interestingly, you can’t order any of the advertised products online – you have to call a number (can you imagine? 2015?). And since I only speak the rare Chinese Huizhou dialect from southern Anhui (think of it as the chinese “Texas English” counterpart), I couldn’t get more information about the order process.

Back to topic: Another set of spam domains shows a page full of products as well. Regardless of which link you follow, you will be redirected to a modified version of the chinese news agency CNNB.com.cn, even though you are accessing the CNNB domain and servers, the articles have modified names (“European Casino”, etc.).

One could argue about how successful all of this is, but we already know that people willingly sent money to the nigerian government/lottery/whatever with the promise of receiving 2 million dollars in return. So, uhm, yeah. Also, it’s Asia. While checking those domains, I stumbled across the website of a japanese dentist. It was full of pictures of him and his staff. Doing victory signs. With their patients. During their dental treatment. And that’s why I absolutely don’t know whether this kind of marketing-spam works in Asia or not, because I don’t understand  the people living there (haha, unintentional pun).

 

Filler

While it is easy to make sense of spam domains, I feel that “Filler”-domains are a more complex matter. Here is a list of some of them:

aabo.wang
aabp.wang
aabq.wang
aabr.wang
aabs.wang
aabt.wang
aabu.wang
aabv.wang
aabw.wang
aabx.wang
aaby.wang
aabz.wang
aaca.wang
aacb.wang
aacd.wang

I cut it down to 15, because this would go on for another few hundred entries. Here is another excerpt:

lalala001.xyz
lalala002.xyz
lalala003.xyz
lalala004.xyz
lalala005.xyz
lalala006.xyz
lalala007.xyz
lalala008.xyz
lalala009.xyz
lalala010.xyz
lalala011.xyz
lalala012.xyz
lalala013.xyz
lalala014.xyz
lalala015.xyz

Again, let’s start with the simple question: Why would you register those domains? I am unable to answer that question. All domains time-out and all of them are whois-protected. I could dig deeper, but that would go beyond the scope of this blog post. Although I am pretty sure that, while looking at the numbers, those domains aren’t just failed attempts of whatever, but tough business strategy.

My thoughts travel in a lot of different directions here.

  • What would be the plan with these kind of domains?
  • Would you use it for spam?
  • If so, is there some difference in using randomized names and continuous names or do I just get overly excited?
  • Who profits from those registrations short-, mid- and long-term?
  • Why are none of those domains accessible?
  • Why aren’t they being renewed?
  • Why are they whois-protected?

Unfortunately, I do plan on leaving you alone with those questions, because I fear that doing a follow-up on all of those questions would risk the impartial status that we at nTLDstats are so proud of. But before you start your journey into the dangerous world of consipiracy theories, take two more charts from me. Yes, they may answer some questions – but might as well raise just as much new ones. *flashlight face vanishes in the dark*

(If you have input on this, feel free to mail me at [this authors name] at [this websites name] dot [this websites TLD] (ha! take this, e-mail-address crawling spam bots!))

Classification of spam / non-spam TLDs by registrar

Classification of spam / non-spam by TLD

Classification of spam / non-spam by registrar

Classification of spam / non-spam by registrar