Phishing Activity in Domain Registrars
May 1, 2029 - July 31, 2020
Phishers compose hostnames and URLs from domain names that they register purposely for phishing or from domain names that they have exploited in some way (e.g., by hijacking a domain registration account or by compromising a host such as a web site). They embed these URLs in the emails, texts, or social media posts that lure victims to phishing web sites.
To determine where gTLD domain names were purchased and managed, and where reported phishing domains are concentrated in registrars’ domain portfolios, we identify the domain name Registrar - the business entity that processed the domain name registration – of domain names reported for phishing activity from domain name registration data obtained via the Whois or RDAP services.
For the August to October 2020 period, we identified 99 domain registrars with 30,000 domains under management and at least 25 reported phishing domains.
Measurements of reported phishing domains can identify registrars where analyses of business practices, account security, or pricing might prove useful.
Table 1 shows the twenty domain name Registrars with the highest number of reported phishing domains under management.
Table 1. Ranking of Domain Registrars by Phishing Domains (May to July 2020)
Registrars with a minimum of 30,000 domains and 25 phishing domains
| Rank | Registrar | Registrar IANA_ID | gTLD Domains under Management |
Phishing Domains ▼ | Phishing Domain Score |
| 1 | GoDaddy.com, LLC | 146 | 62,905,725 | 10,949 | 1.74 |
| 2 | NameCheap, Inc. | 1068 | 10,134,100 | 7,839 | 7.74 |
| 3 | NameSilo, LLC | 1479 | 3,339,487 | 6,832 | 20.46 |
| 4 | PDR Ltd. d/b/a PublicDomainRegistry.com | 303 | 4,785,785 | 6,085 | 12.71 |
| 5 | Tucows Domains Inc. | 69 | 10,092,551 | 2,874 | 2.85 |
| 6 | Google LLC | 895 | 4,758,879 | 2,751 | 5.78 |
| 7 | ALIBABA.COM SINGAPORE E-COMMERCE PRIVATE LIMITED | 3775 | 805,564 | 2,496 | 30.98 |
| 8 | Wild West Domains, LLC | 440 | 2,745,974 | 1,696 | 6.18 |
| 9 | Chengdu West Dimension Digital Technology Co., Ltd. | 1556 | 3,615,911 | 1,522 | 4.21 |
| 10 | eNom, LLC | 48 | 5,353,635 | 1,504 | 2.81 |
| 11 | Name.com, Inc. | 625 | 2,102,370 | 1,156 | 5.50 |
| 12 | Hosting Concepts B.V. d/b/a Openprovider | 1647 | 790,418 | 1,075 | 13.60 |
| 13 | Jiangsu Bangning Science & technology Co. Ltd. | 1469 | 614,128 | 961 | 15.65 |
| 14 | Registrar of Domain Names REG.RU LLC | 1606 | 907,853 | 922 | 10.16 |
| 15 | GMO Internet, Inc. d/b/a Onamae.com | 49 | 5,349,159 | 858 | 1.60 |
| 16 | Web Commerce Communications Limited dba WebNic.cc | 460 | 2,052,240 | 782 | 3.81 |
| 17 | Alibaba Cloud Computing Ltd. d/b/a HiChina (www.net.cn) | 1599 | 5,575,014 | 759 | 1.36 |
| 18 | Wix.com Ltd. | 3817 | 806,111 | 725 | 8.99 |
| 19 | FastDomain Inc. | 1154 | 2,326,277 | 691 | 2.97 |
| 20 | OnlineNIC, Inc. | 82 | 656,887 | 648 | 9.86 |
To allow comparison of large and small Registrars, we also rank Registrars based on a metric, phishing domain score, which is calculated by dividing the number of domain names reported for phishing that are sponsored by a registrar by the number of domains that the registrar has under management.
Registrar Phishing Score = (number of phishing domains/Registrar DUM) * 10,000
This score can be helpful to identify registrars where analyses of business practices, account security, or pricing might prove useful.
Table 2 shows the twenty domain registrars with the highest phishing domain score.
Table 2. Ranking of Domain Registrars by Phishing Domain Score (May to July 2020)
Registrars with a minimum of 30,000 domains and 25 phishing domains
| Rank | Registrar | Registrar IANA_ID | gTLD Domains under Management |
Phishing Domains | Phishing Domain Score ▼ |
| 1 | ALIBABA.COM SINGAPORE E-COMMERCE PRIVATE LIMITED | 3775 | 805,564 | 2,496 | 30.98 |
| 2 | NameSilo, LLC | 1479 | 3,339,487 | 6,832 | 20.46 |
| 3 | Sav.com, LLC | 609 | 83,079 | 154 | 18.54 |
| 4 | DomainPeople, Inc. | 65 | 227,521 | 417 | 18.33 |
| 5 | Jiangsu Bangning Science & technology Co. Ltd. | 1469 | 614,128 | 961 | 15.65 |
| 6 | TLD Registrar Solutions Ltd. | 1564 | 82,980 | 116 | 13.98 |
| 7 | Hosting Concepts B.V. d/b/a Openprovider | 1647 | 790,418 | 1,075 | 13.60 |
| 8 | PDR Ltd. d/b/a PublicDomainRegistry.com | 303 | 4,785,785 | 6,085 | 12.71 |
| 9 | Innovadeus Pvt. Ltd. | 3812 | 30,837 | 39 | 12.65 |
| 10 | Domainshype.com, LLC | 1660 | 32,748 | 40 | 12.21 |
| 11 | NETIM SARL | 1519 | 33,986 | 41 | 12.06 |
| 12 | BigRock Solutions Ltd. | 1495 | 275,493 | 281 | 10.20 |
| 13 | Registrar of Domain Names REG.RU LLC | 1606 | 907,853 | 922 | 10.16 |
| 14 | Internet Domain Service BS Corp | 2487 | 348,926 | 351 | 10.06 |
| 15 | OnlineNIC, Inc. | 82 | 656,887 | 648 | 9.86 |
| 16 | CommuniGal Communication Ltd. | 418 | 49,197 | 48 | 9.76 |
| 17 | Wix.com Ltd. | 3817 | 806,111 | 725 | 8.99 |
| 18 | OpenTLD B.V. | 1666 | 40,578 | 32 | 7.89 |
| 19 | NetEarth One Inc. d/b/a NetEarth | 1005 | 141,900 | 110 | 7.75 |
| 20 | NameCheap, Inc. | 1068 | 10,134,100 | 7,839 | 7.74 |
Activity in Domain Registrars