Architelos puts out a State of Abuse report that looks at which domain extensions are being used the most for things like spam and phishing. Their latest report shows data from May, Ten New gTLDs comprised 77% of the 143 new phishing reports in May 2015. This equates to 24 phishing reports per million new gTLD domains under management. The .xyz TLD had the highest number of phishing reports with 42 followed by .science with 22 and .club with 9.
When it comes to spam .Science leads the way, not a surprise with all the free .science domains out there.
The report discusses that domain growth has been slowing and that many registries are relying on free and cheap promotions. You can read the full 8 page report here.