Protect your brand from shady sites | Heart Internet Blog – Focusing on all aspects of the web

With the wide range of Top-Level Domains (TLDs) now available, it only stands to reason that some would be dominated by particularly shady customers. Creating scam sites, launching malware, spamming, and more, these sites can wreak havoc with customers’ computers, and if it’s your brand name attached to one of these sites, then it’ll wreak havoc with your business as well.

The security firm Blue Coat just recently released a study where they studied the web requests from their 75 million users, seeing where their users went and what was on those sites. The report, “Do Not Enter”, lists the best and worst TLDs for “shady” websites, and suggests steps system administrators and IT professionals can take to avoid them.

Cover of the Do Not Enter report by Blue Coat

Blue Coat evaluated the websites their users went to, matching them to their list of “shady categories”, which includes spam, potentially unwanted software, malware, botnets, phishing, and scammer sites.

The 10 safest TLDs were:

Rank TLD Percentage of Shady Sites
1 .mil 0.24%
2 .jobs 0.36%
3 .ck 0.52%
4 .church 0.96%
5 .gov 0.96%
6 .gi 1.26%
7 .tel 1.60%
8 .kw 1.61%
9 .london 1.85%
10 .jp 1.95%

Of course, many of these domain extensions have been limited by the registries as to who can purchase and use them, such as .mil and .gov, which were reserved for the US military and government, respectively. But it is interesting to see both .jobs and .london on the list.

The 10 worst TLDs were:

Rank TLD Percentage of Shady Sites
1 .zip 100%
2 .review 100%
3 .country 99.97%
4 .kim 99.74%
5 .cricket 99.57%
6 .science 99.35%
7 .work 98.20%
8 .party 98.07%
9 .gq 97.68%
10 .link 96.68%

With tens of thousands of websites already existing for these domain extensions, you run the risk of your brand name already being part of this network.

Warning page from Chrome

How can you protect yourself from being affiliated with a suspicious website?

You don’t have to buy every domain name extension for your brand, but if your company focuses on a particular product or area, it might be wise to buy that extension. For example, if your business is a link between two communities, you’ll want to make sure that the .link extension for your site isn’t snatched up by a spammer.

You should also look at purchasing the domain name extensions that are listed as the “safest”, as it is likely that attackers will focus on those in the future. .jobs would be a convenient way to direct potential employees to your job listings, and if you’re based in London, a .london is a wise investment in general.

Of course, having that domain name will not protect you if your website isn’t protected. Make certain that your content management system is always updated to the most recent version, that your passwords are secure, and that you keep your important data protected either through not being accessible on the web or only accessible through an SSL certificate.

Many suspicious websites only become so after being hacked, so keep up to date with the latest security patches and fixes – not just for your computer, but for your website and server as well.

Just remember that it’s always easier to patch potential problems than it is to try and repair the damage after the fact. Make sure your brand is protected, and you can take comfort in knowing that you’ll never appear in one of these reports.


Please remember that all comments are moderated and any links you paste in your comment will remain as plain text. If your comment looks like spam it will be deleted. We're looking forward to answering your questions and hearing your comments and opinions!

Leave a reply

Comments are closed.

Drop us a line 0330 660 0255 or email