Blue Coat Systems, Inc, an enterprise security company, issued a report today of the 10 new gTLD’s that have the most “Shady Sites” (pdf) concluding that “more than 95% of websites in 10 new Top Level Domains (TLDs) are suspicious”
The report is already getting a lot of coverage in the mainstream media but there is a huge issue with the report that hasn’t been covered.
The new gTLD topping the list is .Zip which hasn’t even launched yet.
.Zip which is delegated to the root is owned by Google’s Charleston Road Registry has not launched yet.
I just pulled the zone file for .zip and there is only one domain name live which is nic.zip.
With that domain topping the list you have to question the whole study.
We should also note that one of the TLD’s on the Shady top 10 List is not a gTLD but a ccTLD (.gq) .
Also two new gTLD’s made the top 10 “Safest List” .London and .Church.
Now back to the study:
“Among the key findings in the report are that more than 95 percent of websites in 10 different TLDs are rated as suspicious, with that percentage increasing to 100% for the top two highest ranking TLDs, .Zip and .Review.
Blue Coat analyzed hundreds of millions of Web requests from more than 15,000 businesses and 75 million users to create “The Web’s Shadiest Neighborhoods,” a new report that combines research with tips and tricks for Web users and enterprise security and IT departments looking to avoid viruses and other malicious activity.
For this research, Blue Coat counted a domain as “shady” if it was rated in its database with a category such as:
Potentially Unwanted Software (PUS)
The Web’s Top 10 “TLDs with Shady Sites*”
Rank Top-Level Domain Name Percentage of Shady Sites
#1 .zip 100.00%
#2 .review 100.00%
#3 .country 99.97%
#4 .kim 99.74%
#5 .cricket 99.57%
#6 .science 99.35%
#7 .work 98.20%
#8 .party 98.07%
#9 .gq (Equatorial Guinea) 97.68%
#10 .link 96.98%
All stats are as of August 15, 2015
“”The report also reveals examples of nefarious activity taking place on shady websites of some of the top ranked Shady TLDs, including the fourth most seemingly dangerous neighborhood, .kim. Blue Coat researchers recently discovered websites serving up pages which mimic popular video and image sites and prompt unprotected visitors to unwittingly download malware.
Blue Coat suggests “Businesses should consider blocking traffic that leads to the riskiest TLDs. For example, Blue Coat has previously recommended that businesses consider blocking traffic to .work, .gq, .science, .kim and .country.”
“Users should use caution to click on any links that contain these TLDs if they encounter them in search results, e-mail, or social network environments.”
Danny Pryor says
I think calling the report a ‘study’ is being generous, to the point of dilution of the term, based on the information available.
Xavier Lemay says
.Review email spam is killing my inbox..
Antony Van Couvering says
I noticed that too. You wonder about these “security experts,” and you wonder whether to say anything about it. You just don’t want to give this stuff much oxygen, but I’m glad you reported this for the nonsense it is.
Mason Cole says
Preposterous “reporting.” Thanks for highlighting this for what it is, Mike.