AdSecure introduces dedicated Suspicious TLD Detection

AdSecure is committed to providing our partners with a higher level of transparency, choice, and control when evaluating the health and security of their digital supply chain and eliminating malicious digital threats. This is why we are very pleased to announce the launch of a new, dedicated detection option: Suspicious TLD (Top-level domain).

Top-level domains (TLDs)  — such as .com, .org, and .edu — are the most prominent domains on the internet, and we have all spent time on a .com domain. You're reading this on one right now.

While domain names are a key aspect of building a strong online identity, they can also be targeted for abuse by cybercriminals looking to set up hosts for a plethora of dangerous schemes. Spamming, scamming, phishing attacks, malware distribution, and other suspicious activity can often be found lurking on sites with TLDs that look somewhat… unusual.

Enter the Suspicious TLD – top level domains far less familiar to everyday internet users, and frequently weaponized by online scam-artists and threat actors for profit.

Suspicious TLDs — domains ending with things like .xyz, .gq, .country, .stream, — are popular with cybercriminals because they are usually cheaper to obtain than more universally recognised TLDs. This allows the bad guys to register a chain of highly similar top-level domains (like abcd1.xyz, abcd2.xyz, abcd3.xyz) and spread their malicious attacks continuously. When one domain is flagged and shut down, just move your attack to the next one.

Despite the brief lifespan of a Suspicious TLD, their potential impact on the digital ecosystem can ripple far and wide. These domains also pose a unique challenge for dealing with them, because while many have malicious activity lying in wait, many are perfectly clean.

As AdSecure's Technical Director, Pierre Brouca, points out "the issue with a suspicious domain, like .xyz is that there can be completely safe activity on some, while others are definitely being used to spread malware, or a phishing attack. You also have cases like .xin, which in certain regions will definitely be a suspicious domain, but in China, will be a common TLD used legitimately. Being able to understand not only that the domain is suspicious, but that it also has a serious violation attached to it, makes ad delivery more efficient, saving both time and money for our partners."


The paradoxical nature of these TLDs has led other ad verification providers to group them all in the same violation bucket as malware, even when the ad is legitimately harmless. This lack of clarity leads to ads being halted without cause, a loss of time and money tackling a non-issue, and potential friction between publishers and advertisers.

AdSecure brings a clear, precise approach to this challenge by introducing a completely separate, fully dedicated violation classification for "Suspicious TLD". This gives our partners a transparent view of both the suspicious domain and what might — or might not — be lurking within, as our scan reports will also flag separately each additional violation attached to the ad campaign.

With a complete view of what's really happening within Suspicious TLDs, choice and control over how to proceed is returned, and our partners can confidently take the action that is best for their business.

AdSecure's new dedicated detection for Suspicious TLD will be available to all partners as of the 31st of January. To learn more, click here

Recommended Posts