What is Top-level domain hopping?
“Top-level domain hopping” is when a site (e.g. ‘badsite.ru’) keeps its second-level domain name (‘badsite’) but changes its top-level domain (‘.ru’), creating a whole new website with different hosting details but retaining its ‘name brand’. So from ‘badsite.ru’, the additional sites ‘badsite.ga’, ‘badsite.ml’ or ‘badsite.tk’ could be created. This allows instances of a website to persist online after the original has been taken down while keeping the website recognisable and easy to find
From 2015 to 2020, we tracked top-level domain hopping among websites created with the primary purpose of sharing child sexual abuse imagery.
Over this five-year period, we identified 2,293 commercial websites exploiting this technique – that’s websites created to financially gain from distributing child sexual abuse imagery. Of these, 917 were unique second-level domains. That means a further 1,376 websites were created by top-level domain hopping.
Forum websites dedicated to sharing child sexual abuse imagery have also relied on top-level domain hopping to remain online. Of the 133 forums we took action on, 43 unique second-level domains were used. An additional 90 forum sites were created using top-level domain hopping.
That adds up to 1,466 criminal websites that could have been intercepted and kept offline by blocking top-level domain hopping.
What can we do about this?
Domains are allocated and managed by internet registries and registrars. We can identify the top-level domains that are most frequently abused for hopping and continue to work with Members to remove these criminal websites. We hope to involve more registrars and registries in the fight against this exploitative practice.