.garden TLD's change to a bad neighborhood
4 hours ago
- #Cybersecurity
- #TLD Threats
- #Domain Risk Analysis
- The .garden TLD experienced a massive increase in registrations in 2026, with 147,000 domains ingested compared to 2,500 in 2025.
- The average risk score for .garden domains surged from 55 in 2025 to 84 in 2026, indicating a significant rise in potential threats.
- AliDNS nameservers and Dominet registrar are major contributors to high-risk scores, with AliDNS-associated domains averaging an 87 risk score and AliDNS + Dominet combinations reaching 94.
- Cloudflare, accounting for 19,000 domains with an 81 risk score, is not the primary cause; excluding it leaves the overall average risk unchanged at 84.
- Recommendation: Block the entire .garden TLD in network environments due to high risk, with allowlisting as needed, and consider blocking based on registrar or nameserver characteristics like AliDNS or Dominet.