Scamadviser analyzed 7 million domain names and discovered that 3% of all websites have a Trust Score lower than 20, meaning that they are (very) likely a scam.
The company also discovered that some hosting companies, registrars (where you register a domain name) and registries (the owners of extensions such as .com, .biz and .store) do a much better job at preventing scammers from accessing their services than others (see “About the Data'' at the end of this article for more information).
Scamadviser calculated a Trust Score for each domain. In general, a website with a Trust Score lower than 20 is considered to have a high likelihood of being a scam. As you can see in the table below, some companies have a considerably lower-than-average percentage of Low Score Domains, such as Network Solutions and 1&@ IONOS, while others have more than three to four times the average.
| Registrar | Hosted Domains | Low Score Domains | % Low Score Domains |
| Network Solutions | 82,531 | 532 | 0.60% |
| 1&1 IONOS | 49,002 | 483 | 1.00% |
| FastDomain | 33,624 | 552 | 1.60% |
| ENOM | 91,405 | 1,650 | 1.80% |
| GoDaddy.com | 528,752 | 15,876 | 3.00% |
| PublicDomainRegistry.com | 92,461 | 3,074 | 3.30% |
| GMO INTERNET, INC. | 29,825 | 1,039 | 3.50% |
| NameCheap | 119,754 | 12,546 | 10.50% |
| NameSilo | 40,710 | 5,340 | 13.20% |
| Alibaba Cloud Computing | 35,925 | 5,139 | 14.30% |
Scammers make their ‘homes’ on the servers of website hosting companies. From our analysis, we can see that Google and GoDaddy perform remarkably well with only 1.7% and 2.0% of the websites researched being considered malicious, far below the industry average of 3%.
| ISP | Hosted Domains | Low Score Domains | % Low Score Domains |
| 175,561 | 2,975 | 1.70% | |
| WebsiteWelcome.com | 64,214 | 1,140 | 1.80% |
| GoDaddy.com | 105,755 | 2,127 | 2.00% |
| Unified Layer | 68,850 | 1,334 | 2.00% |
| OVH | 78,024 | 1,690 | 2.20% |
| Hetzner Online | 52,249 | 1,204 | 2.30% |
| DigitalOcean | 60,215 | 1,459 | 2.40% |
| Cloudflare | 326,325 | 11,905 | 3.70% |
| Amazon Technologies | 75,150 | 3,372 | 4.50% |
| Shopify | 45,407 | 3,802 | 8.40% |
| Namecheap | 48,116 | 8,456 | 17.60% |
The registry owns the domain name and is in charge of the general administration of a top-level domain such as .com, .biz or .store.
Not surprisingly, the most used extensions are .com, .net and .org. What is remarkable is the relatively low misuse of .cn (0.36%) and high misuse of .co (5.4%).
The Chinese country’s top-level domain seems hardly misused at all, probably as scammers still focus on victims outside of the Chinese market and prefer extensions more “Western” extensions. The .co extension is often misused by scammers as it gives potential scam victims the impression that it is a legit .com site.
| Registry | Hosted Domains | Low Score Domains | % Low Score Domains |
| cn | 72,014 | 190 | 0.36% |
| au | 30,503 | 366 | 1.20% |
| nl | 52,255 | 699 | 1.30% |
| it | 31,259 | 467 | 1.50% |
| pl | 25,431 | 392 | 1.50% |
| org | 105,805 | 1,753 | 1.70% |
| de | 82,464 | 1,552 | 1.80% |
| co.uk | 58,587 | 1,839 | 3.10% |
| net | 135,170 | 4,317 | 3.20% |
| com | 1,832,842 | 72,243 | 3.90% |
| ru | 78,952 | 3,457 | 4.40% |
| co | 25,024 | 1,342 | 5.40% |
Amongst the less well-known and used domain extensions, the .trade and .monster extensions have the highest average trust score. Often misused extensions are .ltd, .store, and .top.
The main reason for misuse is their low price. Certain registrars sell domains with the extension .ltd for $6.98, .top for $3.98 and .store for $1.88 per year!
| Registry | Average Score | Domains Hosted |
| monster | 49 | 182 |
| trade | 49 | 742 |
| top | 48 | 8,270 |
| store | 47 | 6,615 |
| casa | 44 | 328 |
| icu | 43 | 1,078 |
| cyou | 41 | 241 |
| uno | 36 | 326 |
| buzz | 32 | 676 |
| ltd | 29 | 2,537 |
With 3% of all websites having a Trust Score of less than 20 out of 100, cybercriminals have clearly established themselves on the Internet. The big question is: how to fight them?
Clearly some Internet companies are much better at keeping scam sites at bay than others. The trick seems to be fair pricing and well structured Know Your Customer (KYC) processes. The Danish .dk registry for example was able to reduce the number of online stores selling fakes by 80% in one year by just asking for an ID.
Unfortunately, forcing hosting providers, registries, and registrars to have more stringent KYC processes seems a lost cause. If there are a few “bad boys” in the market, scammers will just flock to these players.
Scamadviser is therefore betting on warning consumers via anti-virus software and internet filters about websites with low Trust Scores. Via its partners, the company is already reaching 1 billion users.
More than 100,000 consumers check Scamadviser.com every day and Scamadviser adds more than 1 million new websites to its database every month. Since 2012, Scamadviser has been developing an algorithm that gives every domain a Trust Score based on 40 different data sources.
The data analysis is based on 7 million recently scanned domains in Scamadviser’s database and its Trust Score. A domain with a Trust Score of 100 is very, very likely legit. A domain that scores a 1 is very, very likely a scam. The average Trust Score is 85 with 3% of all sites scoring less than 20.
A more comprehensive version of this report is available here.
