14 DAY TRIAL // Blue Coat, a US-based provider of security and networking solutions, has carried out a research with the aim of finding the Web's most dangerous domains.
Analyzing anonymized data from 15,000 businesses and 75 million users, the company's security experts compared URLs to a database of known threats that included spam, online scams, PUS (Potentially Unwanted Software) sources, malware, phishing sites, and botnets.
According to their findings, a worrisome trend tends to have formed, through which online malicious actors have started moving their operations to custom domain extensions for their campaigns.
Stay away from .zip and .review domains
Blue Coat's research shows that out of all the analyzed domains, all .zip and .review domains contained one form of shady activity.
These two are followed by the .country domain (99.97%), .kim (99.74%), .cricket (99.57%), .science (99.35%), .work (98.20%), .party (98.07%), .gq (Equatorial Guinea) (97.68%), and .link (96.98%).
9 out of the 10 most dangerous domain extensions are so-called "generic" TLDs (Top Level Domains), custom URL suffixes approved for usage by the ICANN back in 2013.
While ICANN's decision was taken to diversify the options when registering a domain, and because the domain name market has slowly dried up in recent years, this also allowed malicious parties to benefit from the clean reputation of these new domains.
As Blue Coat researchers point out, custom domains are regularly used in spam and scam campaigns, since most users tend to believe these new generic domain names are hard to get by or are incredibly expensive.
While not all new generic domain extensions cost $2,500 / €2,225 to register as .sucks does, they are quite easy to get a hold of, just as easy as any other domain name actually.
The safest domain extensions are...
On the other side of the spectrum, the most clean TLDs seem to be .mil (0.24%), .jobs (0.36%), .ck (Cook Islands) (0.52%), .church (0.84%), .gov (0.96%), .gl (Gibraltar) (1.26%), .tel (1.60%), .kw (Kuwait) (1.61%), .london (1.85%), and .jp (Japan) (1.95%).
While it's hard to tell users and ask them to remember to take extra precautions when accessing one domain extension or another, Blue Coat security researchers do recommend that businesses ban access to certain domains, a practice which Blue Coat has employed for its customers.
