The Everyday Internet, a Minefield in Disguise : Characterization of different types of domains including malicious and popularity

Abstract: Today, security has become a growing concern for all internet users, where technology is developing faster than its security is implemented, which leads to insecure domains. In this thesis, we look at the reality of today’s domains and research if some categories of domains are safer than others and the reason behind it. The total amount of researched domains was 8080 divided into four categories; popular, categories, continents, and malicious. The analysis was made by looking closer at default protocols, cipher suites, certificate authorities (CAs), certificate classifications, page loading times, and vulnerabilities. Our result indicated that TLS 1.2 and TLS 1.3 are the most commonly used protocol. The largest difference between the domains could be seen among the CAs, even though no definite reason for this could be found. The most popular cipher suite for popular, categories, and malicious belonged to TLS 1.3 meanwhile, continents had a cipher suite belonging to TLS 1.2. All four categories were vulnerable to at least five out of eight different types of attacks. The least commonly used certificate classification is EV certificates, while DV is the most commonly used. Through our data collection and analysis, we could conclude that all domains are not as safe as one might think, while the underlying security infrastructure of malicious domains might be better than anyone expects.