Websites are one of the main entryway for malware to infect your system and in a bid to reveal which all top-level domains could spell a disaster if you visit them, Blue Coat Systems has released a report highlighting the top-level domains (TLDs) which are associated with suspicious websites.

The research by experts at the internet security firm have found that more than 95 per cent of websites in 10 different TLDs are rated as suspicious, with that percentage increasing to 100 per cent for the top two highest ranking TLDs, .zip and .review.

Blue Coat analysed hundreds of millions of Web requests from more than 15,000 businesses and 75 million users to create “The Web’s Shadiest Neighborhoods,” a new report that combines research with tips and tricks for Web users and enterprise security and IT departments looking to avoid viruses and other malicious activity.

For the research, Blue Coat counted a domain as “shady” if it was rated in its database with a category such as spam, scam, malware, botnet, phishing, suspicious, or potentially unwanted software (PUS). Domains in the database that were not classified in one of these ways were counted as “non-shady.”

Blue Coat note that times have changed since the Internet first came into being. Initially there were only six common TLDs and life for security companies and experts was a lot simple.

Back then, what most consumers and businesses encountered were a small number of standard TLDs, such as .com, .net, .edu and .gov, as well as some “country code” domains like .fr (France), and .jp (Japan). However, since 2013, the number of new TLDs has skyrocketed. There has been an explosion of new neighborhoods on the Web, many of which may be considered for web security purposes as neither safe nor friendly.

Blue Coat notes that by June 2015, the count of validly issued TLDs stood at over one thousand. As the number of TLDs has increased, so have the opportunities for attackers. These TLDs, with high numbers of shady sites dubbed “Shady TLDs” can provide fertile ground for malicious activity including spam, phishing, and distribution of Potentially Unwanted Software (PUS).

Rank Top-Level Domain Name Percentage of Shady Sites
#1 .zip 100.00%
#2 .review 100.00%
#3 .country 99.97%
#4 .kim 99.74%
#5 .cricket 99.57%
#6 .science 99.35%
#7 .work 98.20%
#8 .party 98.07%
#9 .gq (Equatorial Guinea) 97.68%
#10 .link 96.98%

Blue Coat has also revealed in detail about the nefarious activities that take place on shady websites of some of the top ranked Shady TLDs, including the fourth most seemingly dangerous neighborhood, .kim.

Blue Coat researchers recently discovered websites serving up pages which mimic popular video and image sites and prompt unprotected visitors to unwittingly download malware.

“Due to the explosion of TLDs in recent years, we have seen a staggering number of almost entirely shady Web neighborhoods crop up at an alarming rate,” said Dr. Hugh Thompson, CTO for Blue Coat Systems.

“The increase in Shady TLDs as revealed by Blue Coat’s analysis is in turn providing increased opportunity for the bad guys to partake in malicious activity. In order to build a better security posture, knowledge about which sites are the most suspicious, and how to avoid them, is essential for consumers and businesses alike.”

Blue Coat says that to minimize the risk for your business and consumers, companies should consider blocking traffic that leads to the riskiest TLDs including .work, .gq, .science, .kim and .country; users should use caution to click on any links that contain these TLDs if they encounter them in search results, e-mail, or social network environments; if unsure of the source, hover the mouse over a link to help verify that it leads to the address displayed in the text of the link; and “Press and Hold” links on a mobile device (not just click) to verify it leads where it says it does.

  • Mason Cole

    Blue Coat’s “research” is very deeply flawed, at best, and provides no empirical evidence to support its claims. The report gives no underlying numbers for its assertions, and ignorantly names various new top-level domains — in one case, an unlaunched TLD — as “shady.” Regrettably, this is another attempt to cast doubt on the innovative, positive impact of new Internet identities. Blue Coat should, at minimum, disclose the methodology behind its study, as it assuredly is misleading.