Phishing Activity in Domain Registrars
November 1, 2020 - January 31, 2021
Phishers compose hostnames and URLs from domain names that they register purposely for phishing or from domain names that they have exploited in some way (e.g., by hijacking a domain registration account or by compromising a host such as a web site). They embed these URLs in the emails, texts, or social media posts that lure victims to phishing web sites.
To determine where gTLD domain names were purchased and managed, and where reported phishing domains are concentrated in registrars’ domain portfolios, we identify the domain name Registrar - the business entity that processed the domain name registration – of domain names reported for phishing activity from domain name registration data obtained via the Whois or RDAP services.
For the November 1, 2020 - January 31, 2021 period, we identified 109 domain registrars with 30,000 domains under management and at least 25 reported phishing domains.
Measurements of reported phishing domains can identify registrars where analyses of business practices, account security, or pricing might prove useful. We currently collect domain registration data for generic Top-level Domains only; thus, the tables on this page present gTLD domains under management for each registrar.
Table 1 shows the twenty domain name Registrars with the highest number of reported phishing domains under management.
Ranking of Domain Registrars by Phishing Domains (November 2020 to January 2021)
Registrars with a minimum of 30,000 domains and 25 phishing domains
| Rank | Registrar | Registrar IANA_ID | gTLD Domains under Management |
Phishing Domains ▼ | Phishing Domain Score |
| 1 | NameCheap, Inc. | 1068 | 11,283,131 | 25,718 | 22.79 |
| 2 | NameSilo, LLC | 1479 | 3,434,955 | 8,456 | 24.62 |
| 3 | GoDaddy.com, LLC | 146 | 63,978,616 | 7,319 | 1.14 |
| 4 | PDR Ltd. d/b/a PublicDomainRegistry.com | 303 | 5,102,811 | 4,065 | 7.97 |
| 5 | Alibaba Cloud Computing Ltd. d/b/a HiChina (www.net.cn) | 1599 | 5,077,134 | 3,859 | 7.60 |
| 6 | Wild West Domains, LLC | 440 | 2,821,556 | 2,887 | 10.23 |
| 7 | Tucows Domains Inc. | 69 | 10,505,887 | 2,476 | 2.36 |
| 8 | Web Commerce Communications Limited dba WebNic.cc | 460 | 1,369,388 | 2,016 | 14.72 |
| 9 | Google LLC | 895 | 5,512,969 | 1,957 | 3.55 |
| 10 | eNom, LLC | 48 | 5,113,538 | 1,673 | 3.27 |
| 11 | GMO Internet, Inc. d/b/a Onamae.com | 49 | 4,867,552 | 1,666 | 3.42 |
| 12 | Name.com, Inc. | 625 | 2,164,002 | 1,631 | 7.54 |
| 13 | Wix.com Ltd. | 3817 | 1,429,275 | 1,576 | 11.03 |
| 14 | Hosting Concepts B.V. d/b/a Registrar.eu | 1647 | 1,036,508 | 1,431 | 13.81 |
| 15 | Register.com, Inc. | 9 | 1,698,442 | 1,255 | 7.39 |
| 16 | ALIBABA.COM SINGAPORE E-COMMERCE PRIVATE LIMITED | 3775 | 993,835 | 1,240 | 12.48 |
| 17 | Jiangsu Bangning Science & technology Co. Ltd. | 1469 | 642,425 | 1,128 | 17.56 |
| 18 | Registrar of Domain Names REG.RU LLC | 1606 | 865,777 | 1,071 | 12.37 |
| 19 | BigRock Solutions Ltd. | 1495 | 270,612 | 769 | 28.42 |
| 20 | Internet Domain Service BS Corp | 2487 | 388,964 | 652 | 16.76 |
Four Registrars with fewer than 30,000 gTLD registrations under management had more than 25 reported phishing domains: Shinjiru Technology Sdn Bhd (644 reported phishing domains in its 22,056 gTLD domains under management, DUM), Squarespace Domains LLC (93 reported phishing domains in its 15, 293 gTLD DUM), NICENIC INTERNATIONAL GROUP CO., LIMITED (84 reported phishing domains in its 23,758 gTLD DUM) and Center of Ukrainian Internet Names, UKRNAMES (38 reported phishing domains in its 15,489 gTLD DUM).
To allow comparison of large and small Registrars, we also rank Registrars based on a metric, phishing domain score, which is calculated by dividing the number of domain names reported for phishing that are sponsored by a registrar by the number of domains that the registrar has under management.
Registrar Phishing Score = (number of phishing domains/Registrar DUM) * 10,000
This score can be helpful to identify registrars where analyses of business practices, account security, or pricing might prove useful.
Table 2 shows the twenty domain registrars with the highest phishing domain score.
Ranking of Domain Registrars by Phishing Domain Score (November 2020 to January 2021)
Registrars with a minimum of 30,000 domains and 25 phishing domains
| Rank | Registrar | Registrar IANA_ID | gTLD Domains under Management |
Phishing Domains | Phishing Domain Score ▼ |
| 1 | TLD Registrar Solutions Ltd. | 1564 | 95,714 | 272 | 28.42 |
| 2 | BigRock Solutions Ltd. | 1495 | 270,612 | 769 | 28.42 |
| 3 | NameSilo, LLC | 1479 | 3,434,955 | 8,456 | 24.62 |
| 4 | CNOBIN INFORMATION TECHNOLOGY LIMITED | 3254 | 39,515 | 92 | 23.28 |
| 5 | NameCheap, Inc. | 1068 | 11,283,131 | 25,718 | 22.79 |
| 6 | Jiangsu Bangning Science & technology Co. Ltd. | 1469 | 642,425 | 1,128 | 17.56 |
| 7 | Internet Domain Service BS Corp | 2487 | 388,964 | 652 | 16.76 |
| 8 | OpenTLD B.V. | 1666 | 36,023 | 59 | 16.38 |
| 9 | Web Commerce Communications Limited dba WebNic.cc | 460 | 1,369,388 | 2,016 | 14.72 |
| 10 | Hosting Concepts B.V. d/b/a Registrar.eu | 1647 | 1,036,508 | 1,431 | 13.81 |
| 11 | Atak Domain Hosting Internet ve Bilgi Teknolojileri Limited Sirketi d/b/a Atak Teknoloji | 1601 | 98,701 | 136 | 13.78 |
| 12 | NETIM SARL | 1519 | 42,123 | 55 | 13.06 |
| 13 | MAT BAO CORPORATION | 1586 | 170,064 | 217 | 12.76 |
| 14 | ALIBABA.COM SINGAPORE E-COMMERCE PRIVATE LIMITED | 3775 | 993,835 | 1,240 | 12.48 |
| 15 | Registrar of Domain Names REG.RU LLC | 1606 | 865,777 | 1,071 | 12.37 |
| 16 | Wix.com Ltd. | 3817 | 1,429,275 | 1,576 | 11.03 |
| 17 | Wild West Domains, LLC | 440 | 2,821,556 | 2,887 | 10.23 |
| 18 | Ligne Web Services SARL dba LWS | 1630 | 109,308 | 106 | 9.70 |
| 19 | Domainshype.com, LLC | 1660 | 36,054 | 31 | 8.60 |
| 20 | PDR Ltd. d/b/a PublicDomainRegistry.com | 303 | 5,102,811 | 4,065 | 7.97 |
Activity in Domain Registrars