Phishing Activity in Domain Registrars
August 1, 2020 - October 31, 2020
Phishers compose hostnames and URLs from domain names that they register purposely for phishing or from domain names that they have exploited in some way (e.g., by hijacking a domain registration account or by compromising a host such as a web site). They embed these URLs in the emails, texts, or social media posts that lure victims to phishing web sites.
To determine where gTLD domain names were purchased and managed, and where reported phishing domains are concentrated in registrars’ domain portfolios, we identify the domain name Registrar - the business entity that processed the domain name registration – of domain names reported for phishing activity from domain name registration data obtained via the Whois or RDAP services.
For the August to October 2020 period, we identified 98 domain registrars with 30,000 domains under management and at least 25 reported phishing domains.
Measurements of reported phishing domains can identify registrars where analyses of business practices, account security, or pricing might prove useful.
Table 1 shows the twenty domain name Registrars with the highest number of reported phishing domains under management.
Table 1 - Ranking of Domain Registrars by Phishing Domains (August to October 2020)
Registrars with a minimum of 30,000 domains and 25 phishing domains
| Rank | Registrar | Registrar IANA_ID | gTLD Domains under Management |
Phishing Domains ▼ | Phishing Domain Score |
| 1 | NameCheap, Inc. | 1068 | 10,707,889 | 14,383 | 13.43 |
| 2 | GoDaddy.com, LLC | 146 | 63,464,090 | 8,023 | 1.26 |
| 3 | NameSilo, LLC | 1479 | 3,531,106 | 7,434 | 21.05 |
| 4 | PDR Ltd. d/b/a PublicDomainRegistry.com | 303 | 4,955,491 | 3,994 | 8.06 |
| 5 | Tucows Domains Inc. | 69 | 10,332,030 | 2,431 | 2.35 |
| 6 | ALIBABA.COM SINGAPORE E-COMMERCE PRIVATE LIMITED | 3775 | 876,786 | 2,407 | 27.45 |
| 7 | Google LLC | 895 | 5,162,389 | 1,973 | 3.82 |
| 8 | Name.com, Inc. | 625 | 2,123,706 | 1,972 | 9.29 |
| 9 | Web Commerce Communications Limited dba WebNic.cc | 460 | 1,664,103 | 1,963 | 11.80 |
| 10 | GMO Internet, Inc. d/b/a Onamae.com | 49 | 5,160,503 | 1,616 | 3.13 |
| 11 | Wild West Domains, LLC | 440 | 2,756,680 | 1,572 | 5.70 |
| 12 | eNom, LLC | 48 | 5,211,996 | 1,470 | 2.82 |
| 13 | Wix.com Ltd. | 3817 | 1,150,887 | 1,105 | 9.60 |
| 14 | Jiangsu Bangning Science & technology Co. Ltd. | 1469 | 709,071 | 1,085 | 15.30 |
| 15 | Register.com, Inc. | 9 | 1,702,919 | 993 | 5.83 |
| 16 | Registrar of Domain Names REG.RU LLC | 1606 | 916,075 | 862 | 9.41 |
| 17 | Alibaba Cloud Computing Ltd. d/b/a HiChina (www.net.cn) | 1599 | 5,249,261 | 748 | 1.42 |
| 18 | Hosting Concepts B.V. d/b/a Openprovider | 1647 | 876,214 | 694 | 7.92 |
| 19 | Internet Domain Service BS Corp | 2487 | 374,763 | 556 | 14.84 |
| 20 | FastDomain Inc. | 1154 | 2,354,139 | 503 | 2.14 |
To allow comparison of large and small Registrars, we also rank Registrars based on a metric, phishing domain score, which is calculated by dividing the number of domain names reported for phishing that are sponsored by a registrar by the number of domains that the registrar has under management.
Registrar Phishing Score = (number of phishing domains/Registrar DUM) * 10,000
This score can be helpful to identify registrars where analyses of business practices, account security, or pricing might prove useful.
Table 2 shows the twenty domain registrars with the highest phishing domain score.
Table 2 - Ranking of Domain Registrars by Phishing Domain Score (August to October 2020)
Registrars with a minimum of 30,000 domains and 25 phishing domains
| Rank | Registrar | Registrar IANA_ID | gTLD Domains under Management |
Phishing Domains | Phishing Domain Score ▼ |
| 1 | ALIBABA.COM SINGAPORE E-COMMERCE PRIVATE LIMITED | 3775 | 876,786 | 2,407 | 27.45 |
| 2 | TLD Registrar Solutions Ltd. | 1564 | 81,218 | 184 | 22.66 |
| 3 | NameSilo, LLC | 1479 | 3,531,106 | 7,434 | 21.05 |
| 4 | CloudFlare, Inc. | 1910 | 215,767 | 373 | 17.29 |
| 5 | Domainshype.com, LLC | 1660 | 35,093 | 55 | 15.67 |
| 6 | Jiangsu Bangning Science & technology Co. Ltd. | 1469 | 709,071 | 1,085 | 15.30 |
| 7 | Internet Domain Service BS Corp | 2487 | 374,763 | 556 | 14.84 |
| 8 | NameCheap, Inc. | 1068 | 10,707,889 | 14,383 | 13.43 |
| 9 | NETIM SARL | 1519 | 36,928 | 49 | 13.27 |
| 10 | DomainPeople, Inc. | 65 | 225,463 | 288 | 12.77 |
| 11 | Atak Domain Hosting Internet ve Bilgi Teknolojileri Limited Sirketi d/b/a Atak Teknoloji | 1601 | 77,586 | 96 | 12.37 |
| 12 | Web Commerce Communications Limited dba WebNic.cc | 460 | 1,664,103 | 1,963 | 11.80 |
| 13 | Porkbun LLC | 1861 | 425,486 | 481 | 11.30 |
| 14 | BigRock Solutions Ltd. | 1495 | 278,105 | 276 | 9.92 |
| 15 | Wix.com Ltd. | 3817 | 1,150,887 | 1,105 | 9.60 |
| 16 | Registrar of Domain Names REG.RU LLC | 1606 | 916,075 | 862 | 9.41 |
| 17 | Name.com, Inc. | 625 | 2,123,706 | 1,972 | 9.29 |
| 18 | Ligne Web Services SARL dba LWS | 1630 | 101,426 | 93 | 9.17 |
| 19 | CV. Rumahweb Indonesia | 1675 | 114,201 | 94 | 8.23 |
| 20 | PDR Ltd. d/b/a PublicDomainRegistry.com | 303 | 4,955,491 | 3,994 | 8.06 |
Activity in Domain Registrars