Who are the

Bad Boys of the Internet.

How big internet companies are supporting scammers

0
Domains Analysed!

According to previous research the number of online scams increased by 40% last year. For 2021 a similar growth rate is expected due to the Corona pandemic.

Online scammers are no longer 15-year-old kids who set-up an online store but do not deliver.

In the past few years, professional crime syndicates have taken over running scam networks with hundreds of websites supporting investment scams, cryptocurrency schemes, romantic dating plots and subscription hoaxes. These networks often make millions of “sales” monthly at nearly zero costs.

Like in the physical world, every criminal has support. Offline, these are production plants, distribution companies, creative accountants, and lawyers (lots of them). Online, they need to register their domain name, host their websites, preferably in a country that does not prioritize fighting cybercrime.

Scamadviser analyzed 7 million domain names and discovered that some hosting companies, registrars (where you register a domain name), registries (the owners of extensions such as .com, .biz and .store) and countries seem to support scammers much more than others (see “About the Data” at the end of this article for more information).

Bad Registrars

Every scammer needs a domain name to promote his website. You can purchase a website name from a registrar. GoDaddy is one of the most used registrars (and hosting company) worldwide. In the table below you find that 3% of the websites which are registered at GoDaddy have a Trust Score equal or lower than 20 (on a scale from 1 to 100). This percentage is in line with the overall average.

However, this percentage is relatively low compared to other registrars. In the last 90 days, 36,000 websites registered on Alibaba were scanned by Scamadviser.com. Of these, 14.3% are considered dubious. This may be due to the very high number of online stores offering fakes or not delivering products with roots in China. However, American based companies like NameSilo (13.2%) and NameCheap (10.5%) likewise do not score well.

Registrar 

Hosted Domains 

Low Score Domains 

% Low Score Domains

GoDaddy.com

528,752

15,876

3.0%

NameCheap

119,754

12,546

10.5%

PublicDomainRegistry.com

92,461

3,074

3.3%

ENOM

91,405

1,650

1.8%

Network Solutions

82,531

532

0.6%

1&1 IONOS

49,002

483

1.0%

NameSilo

40,710

5,340

13.2%

Alibaba Cloud Computing

35,925

5,139

14.3%

FastDomain

33,624

552

1.6%

GMO INTERNET, INC.

29,825

1,039

3.5%

If we look at registrars with the lowest average Trust Score, mainly registrars with an Asian background pop-up. Some, like Shanghai Meicheng and Alibaba appear several times as they use different company entities.

Registrar 

Average Score 

Domains hosted 

shanghai meicheng technology information development

5

511

Shanghai Meicheng Technology Information

13

199

UNITEDKINGDOMDOMAINS

20

41

EIMS (Shenzhen) Culture & Technology

25

37

Shanghai Meicheng Technology Information Development

27

270

Hongkong Domain Name Information Management

28

4,144

EPIK

31

45

Media Elite Holding

31

1,728

ALIBABA.COM SINGAPORE E-COMMERCE

32

7,145

Alibaba Cloud Computing

33

2,422

Bad Hosting Companies

Apart from a domain name, each website needs an Internet Service Provider (ISP) to host its website. Based on an analysis of data gathered from mid-January to mid-April 2021, hosting company Cloudflare hosts the most domain names with a Trust Score lower than 20. However, of the largest hosting companies Namecheap performs by far the worst. Of the 47,841 websites analyzed, 8,433 or 17.6% can be considered scammy. Google and GoDaddy on the other hand perform remarkably well with only 1,7% and 2,0% of the websites researched can be considered malicious.

ISP 

Hosted Domains 

Low Score Domains 

% Low Score Domains

Cloudflare

326,325

11,905

3.7%

Google

175,561

2,975

1.7%

GoDaddy.com

105,755

2,127

2.0%

OVH

78,024

1,690

2.2%

Amazon Technologies

75,150

3,372

4.5%

Unified Layer

68,850

1,334

2.0%

WebsiteWelcome.com

64,214

1,140

1.8%

DigitalOcean

60,215

1,459

2.4%

Hetzner Online

52,249

1,204

2.3%

Namecheap

48,116

8,456

17.6%

Shopify

45,407

3,802

8.4%

There are hosting companies which perform far worse. However, they do not have the reach of the top players listed above. In the table below, the Internet Service Providers are listed with the lowest average Trust Score for the (minimal 20) domains they host.

ISP 

Average Score 

Domains hosted 

Vladimir Filippov

8

38

Coverage Technologies

9

611

GigaHostingServices

9

83

Sunshine Webhost Limited

9

23

XeVPS Hosting

9

61

World Hosting Farm Limited

10

23

Lijun Yang

10

33

DDoS-GUARD Ecuador

10

90

MBOX

13

48

Compevo AP

14

21

Bad Registries

The registrar does not own the domain name it sells to a person or company. Registrars are the ‘middleman’ between the user that licenses a website name and the registry. The registry owns the domain name and is in charge of the general administration of a top level domain such as .com, .biz or .store.

Not surprisingly, the most used extensions are .com, .net and .org. What is remarkable is the relatively high misuse of .co (5.4%) and low misuse of .cn (0.36%). The .co extension is often misused by scammers as it gives potential scam victims the impression that it is a legit .com site. The Chinese country’s top level domain seems hardly misused at all, probably as scammers still focus on victims outside of the Chinese market and prefer extensions more “Western” extensions.

Registry 

Hosted Domains 

Low Score Domains 

% Low Score Domains

com

1,832,842

72,243

3.9%

net

135,170

4,317

3.2%

org

105,805

1,753

1.7%

de

82,464

1,552

1.8%

ru

78,952

3,457

4.4%

cn

72,014

190

0.36

co.uk

58,587

1,839

3.1%

nl

52,255

699

1.3%

it

31,259

467

1.5%

au

30,503

366

1.2%

pl

25,431

392

1.5%

co

25,024

1,342

5.4%

Amongst the less well-known and used domain extensions, the .ltd extension has the lowest average trust score. Other often misused top levels are .store, and .top. The main reason misuse is their low price. At Namecheap.com (one of the cheaper Registrars) you can get a .ltd for $ 6.98, . top for $ 3.98 and .store for $ 1.88 per year!

Registry 

Average Score 

Domains hosted 

ltd

29

2,537

buzz

32

676

uno 

36

326

cyou

41

241

icu

43

1,078

casa

44

328

store

47

6,615

top

48

8,270

monster

49

182

trade

49

742

Bad Countries

Finally, it is interesting to see which countries host the most scammers. Most websites are using a server which is based in the United States. 3.8% of all websites hosted in this country have a Trust Score lower than 20. Slightly about the total average of 3%.

Countries like Hong Kong (8.2%), Senegal (6.0%), Singapore (5.9%) Canada (5.50%) and Russia (5.0%) are hosting the most scammers of the top 10 countries. Each country seems to have its own “specialization”. Where Hong Kong and Singapore are known for online stores selling fakes or not delivering, Senegal offers financial services and Russian scammers are heavily “investing” in cryptocurrency scams.

Country 

Hosted Domains 

Low Score Domains 

% Low Score Domains

United States

1,407,912

53,479

3.8%

Germany

284,184

5,896

2.1%

Great Britain

152,504

2,866

1.9%

Netherlands

145,029

3,375

2.3%

Hong Kong

105,186

8,580

8.2%

Canada

89,868

4,897

5.5%

Russia

79,861

4,014

5.0%

Japan

79,366

2,111

2.7%

France

73,900

1,716

2.3%

Senegal

34,671

2,052

6.0%

If you look at the countries which, on average, have the lowest Trust Scores, some less known nations pop-up. Some of these countries are known for investment and cryptocurrency scams such as Belize, the Seychelles, and Virgin Islands. Uganda is known for advance fee frauds while Ghana is building up a reputation for pet scams. In many cases, these countries may not even really host the scam sites. Their IP address is however being used to hide the real location of the malicous servers.

Country 

Average Score 

Domains hosted 

Belize

40

1,636

Ecuador

58

233

Panama

59

416

Hong Kong

61

191,250

Seychelles

64

270

Uganda

64

97

Virgin Islands

65

33,959

Yemen

69

30

Brunei

72

71

Ghana

72

147

How to Fix the Internet?

With 3% of all websites having a Trust Score of less than 20 out of 100, cybercriminals have clearly established themselves on the Internet. The big question is: how to fight them?

Cybercrime largely goes unpunished at this moment. Setting up a malicious website is cheap and very quickly to do. More importantly, the chance of getting caught is near to zero if the criminal operates outside his own country.

Of course, the organizations listed in this article are not criminal. However, their Know Your Customer (KYC) processes leave much to be desired. Some hosting providers, registries, and registrars have improved their KYC policies. The Danish .dk registry for example was able to reduce the number of online stores selling fakes with 80% in one year by just asking for an ID.

Unfortunately, forcing hosting providers, registries, and registrars to have more stringent KYC processes seems a lost cause. If there are a few “bad boys” in the market, scammers will just flock to these players.

Scamadviser is therefore betting on warning consumers via anti-virus software and internet filters about websites with low Trust Scores. Via its partners, the company is already reaching 1 billion users.  

About the Data

More than 100.000 consumers check Scamadviser.com every day and Scamadviser adds more than 1 million new websites to its database every month. Since 2012, Scamadviser has been developing an algorithm which gives every domain a Trust Score based on 40 different data sources.

The data analysis is based on 7 million recently scanned domains in Scamadviser’s database and its Trust Score.  A domain with a Trust Score of 100 is very, very likely legit. A domain that scores a 1 is very, very likely a scam. The average Trust Score is 85 with 3% of all sites scoring less than 20.

Container Fraud Prevention in Associasion with ScamAdviser.com Creating value through awareness and action.

© 2021, Container Fraud Prevention. All rights reserved.