Who are the
Bad Boys of the Internet.
How big internet companies are supporting scammers
According to previous research the number of online scams increased by 40% last year. For 2021 a similar growth rate is expected due to the Corona pandemic.
Online scammers are no longer 15-year-old kids who set-up an online store but do not deliver.
In the past few years, professional crime syndicates have taken over running scam networks with hundreds of websites supporting investment scams, cryptocurrency schemes, romantic dating plots and subscription hoaxes. These networks often make millions of “sales” monthly at nearly zero costs.
Like in the physical world, every criminal has support. Offline, these are production plants, distribution companies, creative accountants, and lawyers (lots of them). Online, they need to register their domain name, host their websites, preferably in a country that does not prioritize fighting cybercrime.
Scamadviser analyzed 7 million domain names and discovered that some hosting companies, registrars (where you register a domain name), registries (the owners of extensions such as .com, .biz and .store) and countries seem to support scammers much more than others (see “About the Data” at the end of this article for more information).
Bad Registrars
Every scammer needs a domain name to promote his website. You can purchase a website name from a registrar. GoDaddy is one of the most used registrars (and hosting company) worldwide. In the table below you find that 3% of the websites which are registered at GoDaddy have a Trust Score equal or lower than 20 (on a scale from 1 to 100). This percentage is in line with the overall average.
However, this percentage is relatively low compared to other registrars. In the last 90 days, 36,000 websites registered on Alibaba were scanned by Scamadviser.com. Of these, 14.3% are considered dubious. This may be due to the very high number of online stores offering fakes or not delivering products with roots in China. However, American based companies like NameSilo (13.2%) and NameCheap (10.5%) likewise do not score well.
Registrar | Hosted Domains | Low Score Domains | % Low Score Domains |
GoDaddy.com | 528,752 | 15,876 | 3.0% |
NameCheap | 119,754 | 12,546 | 10.5% |
PublicDomainRegistry.com | 92,461 | 3,074 | 3.3% |
ENOM | 91,405 | 1,650 | 1.8% |
Network Solutions | 82,531 | 532 | 0.6% |
1&1 IONOS | 49,002 | 483 | 1.0% |
NameSilo | 40,710 | 5,340 | 13.2% |
Alibaba Cloud Computing | 35,925 | 5,139 | 14.3% |
FastDomain | 33,624 | 552 | 1.6% |
GMO INTERNET, INC. | 29,825 | 1,039 | 3.5% |
If we look at registrars with the lowest average Trust Score, mainly registrars with an Asian background pop-up. Some, like Shanghai Meicheng and Alibaba appear several times as they use different company entities.
Registrar | Average Score | Domains hosted |
shanghai meicheng technology information development | 5 | 511 |
Shanghai Meicheng Technology Information | 13 | 199 |
UNITEDKINGDOMDOMAINS | 20 | 41 |
EIMS (Shenzhen) Culture & Technology | 25 | 37 |
Shanghai Meicheng Technology Information Development | 27 | 270 |
Hongkong Domain Name Information Management | 28 | 4,144 |
EPIK | 31 | 45 |
Media Elite Holding | 31 | 1,728 |
ALIBABA.COM SINGAPORE E-COMMERCE | 32 | 7,145 |
Alibaba Cloud Computing | 33 | 2,422 |
Bad Hosting Companies
Apart from a domain name, each website needs an Internet Service Provider (ISP) to host its website. Based on an analysis of data gathered from mid-January to mid-April 2021, hosting company Cloudflare hosts the most domain names with a Trust Score lower than 20. However, of the largest hosting companies Namecheap performs by far the worst. Of the 47,841 websites analyzed, 8,433 or 17.6% can be considered scammy. Google and GoDaddy on the other hand perform remarkably well with only 1,7% and 2,0% of the websites researched can be considered malicious.
ISP | Hosted Domains | Low Score Domains | % Low Score Domains |
Cloudflare | 326,325 | 11,905 | 3.7% |
| 175,561 | 2,975 | 1.7% |
GoDaddy.com | 105,755 | 2,127 | 2.0% |
OVH | 78,024 | 1,690 | 2.2% |
Amazon Technologies | 75,150 | 3,372 | 4.5% |
Unified Layer | 68,850 | 1,334 | 2.0% |
WebsiteWelcome.com | 64,214 | 1,140 | 1.8% |
DigitalOcean | 60,215 | 1,459 | 2.4% |
Hetzner Online | 52,249 | 1,204 | 2.3% |
Namecheap | 48,116 | 8,456 | 17.6% |
Shopify | 45,407 | 3,802 | 8.4% |
There are hosting companies which perform far worse. However, they do not have the reach of the top players listed above. In the table below, the Internet Service Providers are listed with the lowest average Trust Score for the (minimal 20) domains they host.
ISP | Average Score | Domains hosted |
Vladimir Filippov | 8 | 38 |
Coverage Technologies | 9 | 611 |
GigaHostingServices | 9 | 83 |
Sunshine Webhost Limited | 9 | 23 |
XeVPS Hosting | 9 | 61 |
World Hosting Farm Limited | 10 | 23 |
Lijun Yang | 10 | 33 |
DDoS-GUARD Ecuador | 10 | 90 |
MBOX | 13 | 48 |
Compevo AP | 14 | 21 |
Bad Registries
The registrar does not own the domain name it sells to a person or company. Registrars are the ‘middleman’ between the user that licenses a website name and the registry. The registry owns the domain name and is in charge of the general administration of a top level domain such as .com, .biz or .store.
Not surprisingly, the most used extensions are .com, .net and .org. What is remarkable is the relatively high misuse of .co (5.4%) and low misuse of .cn (0.36%). The .co extension is often misused by scammers as it gives potential scam victims the impression that it is a legit .com site. The Chinese country’s top level domain seems hardly misused at all, probably as scammers still focus on victims outside of the Chinese market and prefer extensions more “Western” extensions.
Registry | Hosted Domains | Low Score Domains | % Low Score Domains |
com | 1,832,842 | 72,243 | 3.9% |
net | 135,170 | 4,317 | 3.2% |
org | 105,805 | 1,753 | 1.7% |
de | 82,464 | 1,552 | 1.8% |
ru | 78,952 | 3,457 | 4.4% |
cn | 72,014 | 190 | 0.36 |
co.uk | 58,587 | 1,839 | 3.1% |
nl | 52,255 | 699 | 1.3% |
it | 31,259 | 467 | 1.5% |
au | 30,503 | 366 | 1.2% |
pl | 25,431 | 392 | 1.5% |
co | 25,024 | 1,342 | 5.4% |
Amongst the less well-known and used domain extensions, the .ltd extension has the lowest average trust score. Other often misused top levels are .store, and .top. The main reason misuse is their low price. At Namecheap.com (one of the cheaper Registrars) you can get a .ltd for $ 6.98, . top for $ 3.98 and .store for $ 1.88 per year!
Registry | Average Score | Domains hosted |
ltd | 29 | 2,537 |
buzz | 32 | 676 |
uno | 36 | 326 |
cyou | 41 | 241 |
icu | 43 | 1,078 |
casa | 44 | 328 |
store | 47 | 6,615 |
top | 48 | 8,270 |
monster | 49 | 182 |
trade | 49 | 742 |
Bad Countries
Finally, it is interesting to see which countries host the most scammers. Most websites are using a server which is based in the United States. 3.8% of all websites hosted in this country have a Trust Score lower than 20. Slightly about the total average of 3%.
Countries like Hong Kong (8.2%), Senegal (6.0%), Singapore (5.9%) Canada (5.50%) and Russia (5.0%) are hosting the most scammers of the top 10 countries. Each country seems to have its own “specialization”. Where Hong Kong and Singapore are known for online stores selling fakes or not delivering, Senegal offers financial services and Russian scammers are heavily “investing” in cryptocurrency scams.
Country | Hosted Domains | Low Score Domains | % Low Score Domains |
United States | 1,407,912 | 53,479 | 3.8% |
Germany | 284,184 | 5,896 | 2.1% |
Great Britain | 152,504 | 2,866 | 1.9% |
Netherlands | 145,029 | 3,375 | 2.3% |
Hong Kong | 105,186 | 8,580 | 8.2% |
Canada | 89,868 | 4,897 | 5.5% |
Russia | 79,861 | 4,014 | 5.0% |
Japan | 79,366 | 2,111 | 2.7% |
France | 73,900 | 1,716 | 2.3% |
Senegal | 34,671 | 2,052 | 6.0% |
If you look at the countries which, on average, have the lowest Trust Scores, some less known nations pop-up. Some of these countries are known for investment and cryptocurrency scams such as Belize, the Seychelles, and Virgin Islands. Uganda is known for advance fee frauds while Ghana is building up a reputation for pet scams. In many cases, these countries may not even really host the scam sites. Their IP address is however being used to hide the real location of the malicous servers.
Country | Average Score | Domains hosted |
Belize | 40 | 1,636 |
Ecuador | 58 | 233 |
Panama | 59 | 416 |
Hong Kong | 61 | 191,250 |
Seychelles | 64 | 270 |
Uganda | 64 | 97 |
Virgin Islands | 65 | 33,959 |
Yemen | 69 | 30 |
Brunei | 72 | 71 |
Ghana | 72 | 147 |
How to Fix the Internet?
With 3% of all websites having a Trust Score of less than 20 out of 100, cybercriminals have clearly established themselves on the Internet. The big question is: how to fight them?
Cybercrime largely goes unpunished at this moment. Setting up a malicious website is cheap and very quickly to do. More importantly, the chance of getting caught is near to zero if the criminal operates outside his own country.
Of course, the organizations listed in this article are not criminal. However, their Know Your Customer (KYC) processes leave much to be desired. Some hosting providers, registries, and registrars have improved their KYC policies. The Danish .dk registry for example was able to reduce the number of online stores selling fakes with 80% in one year by just asking for an ID.
Unfortunately, forcing hosting providers, registries, and registrars to have more stringent KYC processes seems a lost cause. If there are a few “bad boys” in the market, scammers will just flock to these players.
Scamadviser is therefore betting on warning consumers via anti-virus software and internet filters about websites with low Trust Scores. Via its partners, the company is already reaching 1 billion users.
About the Data
More than 100.000 consumers check Scamadviser.com every day and Scamadviser adds more than 1 million new websites to its database every month. Since 2012, Scamadviser has been developing an algorithm which gives every domain a Trust Score based on 40 different data sources.
The data analysis is based on 7 million recently scanned domains in Scamadviser’s database and its Trust Score. A domain with a Trust Score of 100 is very, very likely legit. A domain that scores a 1 is very, very likely a scam. The average Trust Score is 85 with 3% of all sites scoring less than 20.
© 2021, Container Fraud Prevention. All rights reserved.
Read the full article on ScamAdvisor.com
Support ScamAdvisor.com on Social Media