Namecheap and Public Domain Registry (PDR) continue be the primary registrars used by cybercriminals to register the domain names they use in BEC attacks. Agari noted that nearly three-quarters of maliciously registered domains — 73 percent — used in BEC attacks were registered at one of these two registrars. This is an increase from 55 percent in Q4 2020, and from 43% in Q3 2020.
RiskIQ analyzed 3,054 confirmed phishing URLs reported to APWG in Q1 2021. RiskIQ found that they were hosted on 2,134 unique second-level domains (and 35 were hosted on unique IP addresses, without domain names).
There are three types of top-level domains (TLDs) for purposes of this report:
The TLDs that had the most unique second-level domains used for phishing were:
Read more > PDF Attached / source (apwg & riskiq)
RiskIQ analyzed 3,054 confirmed phishing URLs reported to APWG in Q1 2021. RiskIQ found that they were hosted on 2,134 unique second-level domains (and 35 were hosted on unique IP addresses, without domain names).
There are three types of top-level domains (TLDs) for purposes of this report:
- “Legacy” generic TLDs, which existed before 2011. These include .COM, .ORG, and TLDs such as .ASIA and .BIZ. They represented about 48 percent of the domain names in the world, but represented 77.6% percent of the phishing domains in the sample set. There were 1,656 legacy gTLDs in the sample set. Most of those were in .COM, which had 1,535 domains in the set.
- The new generic top-level domains (nTLDs), such as .XYZ and .ICU, were released after 2011. The nTLDs represented about 8 percent of the domains in the world, and were about 8 percent of the domains in the sample set (173 domains).
- The country code domains (ccTLDs), such as .UK for the United Kingdom and .BR for Brazil. ccTLDs were about 43 percent of the domains in the world, but were only 14 percent of the domains in the Q3 sample set (305 domains).
The TLDs that had the most unique second-level domains used for phishing were:
Read more > PDF Attached / source (apwg & riskiq)
