A report from cybersecurity researchers at Oxford University has claimed that darknet markets and underground forums are increasingly evading detection by using country code top-level domains (ccTLDs) that aren’t commonly in use.
The ccTLDs in question are from São Tomé and Príncipe, Tonga, and the Soviet Union, and are used because they are not well regulated, meaning they are difficult for law enforcement to shut down.
Commenting on the research, Mark Graham, director of the Wayback Machine at the Internet Archive, said: “Many of the domains used for these kinds of purposes are technically ‘doing nothing wrong’ – it is the behaviour of the people and organisations operating these sites that are of concern.