Given the global interest in artificial intelligence (AI), it comes as no surprise that cybercriminals are looking to exploit the media hype. 2023 has seen a rapid increase in AI-themed attacks, following the release of Large Language Model (LLM)-powered chatbot ChatGPT in late 2022 (which quickly became one of the fastest-growing consumer applications ever). One easy way to theme a website around AI is to use a domain name which highlights it, as a .ai domain does.

This blog takes a look at the popularity of the .ai domains in recent years and the malicious activity on them that Netcraft has detected and disrupted.

About the .ai TLD

.ai is the country code top-level domain (ccTLD) for the British Overseas Territory of Anguilla. Registrations for this ccTLD began in 1995, but these have accelerated rapidly due to the boom in AI and related industries. Related fees go to the treasury of the government of Anguilla who, according to a report in the New York Times, made $2.9 million in 2018 from .ai registrations.

The ccTLD is used by many legitimate businesses, including two of the biggest technology companies in the world. Google and Meta registered google.ai and facebook.ai in 2017, which redirect to websites promoting their work in the field of AI.  

Since 2013, the number of .ai domains used by web servers has grown 12,523% from 913 to 115,245 domains. We can also see similar growth in IPs and Active sites, growing from 165 to 37,041 IPs and 647 to 112,600 Active Sites. We detected the first part of this massive growth in 2017, when the technology industry and the wider media first began to take notice of (and report on) the potential of AI.

However, we saw an even bigger explosion in growth at the beginning of 2023 making .ai the 123rd most popular TLD as of September. This coincides with the recent explosion of interest in generative AI applications, such as ChatGPT and Stable Diffusion, which have received significant hype and attention amongst the media, investors and the technology industry, and have even filtered through to social media and pop culture. Furthermore, the text ‘GPT’ is 44 times more common in .ai domains compared to all domains, solidifying the connection between the rapid genAI revolution and the spike in .ai domain use.

The number of URLs on .ai domains that we have blocked also follows a similar pattern over the past 10 years. The number of blocks we have performed in 2023 is on track to beat 2022 by a large margin, with the total block count for 2022 already having been surpassed in September 2023. However, despite this recent surge in growth, Netcraft first blocked a .ai domain over 16 years ago, in June 2007. 

All of the above figures come from the Netcraft Web Server Survey, our crawl of every discoverable site on the Web, run monthly since 1995.

Malicious activity using .ai domains

We have detected numerous types of malicious content hosted on .ai domains. These mostly comprise:

Phishing attacks: a site that masquerades as a reputable entity to trick the victim into installing malware, or revealing personal details (such as credentials or bank details).

Affiliate marketing scams: a range of scams that mislead victims into following an affiliate link and purchasing a product or service from an unrelated third-party company.

Defaced sites: sites that have been hacked to alter their appearance, usually with a message claiming responsibility.

Cryptocurrency investment scams: sites run by fraudsters that entice victims to invest into bogus cryptocurrency platforms.

Web shells: small programs or scripts that can be uploaded to a vulnerable server and then accessed from a browser to run system commands from a web interface, acting as a backdoor for criminals. More information about these is available in our previous blog Web Shells: The Criminal’s Control Panel.

Phishing attacks account for 67% of the malicious URLs we see on .ai domains, with survey scams accounting for another 11%. Survey scams are a type of affiliate marketing scam involving victims being tricked into thinking they’ve won a prize. After the survey is filled (with the results often not being sent anywhere), the victim is redirected to a destination site, which encourages them to sign up for a third-party service, typically a sweepstake with a very small chance of winning the advertised prize. We often see affiliate marketing scams utilise .ai domains as redirects to other domains that host the scams. Consequently, these malicious .ai domains utilise a smaller range of IP addresses than other attacks.

In September 2023, we blocked 845 URLs on 58 IP addresses using .ai domains, a steady increase over previous months that shows no signs of slowing down.

ai: a small but rapidly growing domain space

It’s worth noting that .ai domains are much more expensive than other domains. A .ai domain costs around $60, compared to $10 for a .zip domain or a .com domain. We suspect that criminals believe that the implied ‘legitimacy’ of .ai domains is worth the extra cost, as there is a notable proportion of purpose-registered .ai sites (particularly for cryptocurrency investment scams).

The hype surrounding AI over the last few years perhaps explains why victims are ignoring long-established conventions of ‘avoiding unknown links’, and instead are willing to click on .ai URLs. In the past year, there have been numerous legitimate AI products created (mostly from new/generic brand names), which means victims are getting used to seeing (and clicking on) .ai brands and URLs. The increasing familiarity of seeing domains that end in .ai – coupled with a curiosity about AI fuelled by months of media speculation – makes the .ai ccTLD attractive for cybercriminals.

Our research to date shows that .ai is a small but rapidly growing domain space containing lots of unregistered domains that could be used for malicious purposes. There is also future potential for .ai to be used for phishing .au domains in typosquatting attacks, as the letters ‘u’ and ‘i’ are next to each other on most common keyboard layouts (such as QWERTY, AZERTY, and Dvorak), although we are not yet seeing this actively exploited.

How can Netcraft help?

Our position at the epicentre of the battle against cybercrime allows us to rapidly identify, monitor and react to new threats, like those identified in this post. We continue to monitor for malicious content on .ai and other TLDs. This includes access to the entire list of all registered .ai domains. We also make use of AI-powered systems ourselves to aid in detecting these threats. The Netcraft browser extension and mobile apps block the .ai threats described in this post and will block new threats as we discover them.

Netcraft is the world leader in cybercrime detection, disruption, and takedown, and has been protecting companies online since 1996. We help organizations worldwide (including 12 of the top 50 global banks) and perform takedowns for around one-third of the world’s phishing attacks, taking down 90+ attack types at a rate of 1 attack every 15 seconds. Our malicious site feeds protect billions of people around the world from phishing, malware, and other cybercrime activities.

We offer solutions for domain registries and domain registrars, including real-time alerts or takedowns for fraudulent content found on your TLD or other infrastructure, and a tool for analyzing the likelihood that a new domain name is deceptive and will be used for fraud.