Domain Abuse: 2020

Domain Abuse: 2020

Overview

The below statistics shows the advance fee fraud related domain abuse per quarter for 2020 as recorded by Artists Against 419. This documents abuse by registrar and ccTLD, exposing the registrars and registries that are problematic and where malicious domains find a foothold to target internet consumers.

The details are broken down by Registrar and  TLD/ccTLDs/free sub-domains (the previous Domain Endings in our reports). We do a comparison of malicious domains. We list All Domains per entity vs Active Domains for 2020. It’s our contention that no consumer facing registrar can stop their services being abused. However they most certainly can, and should, mitigate malicious domains. As such the All vs Active comparison is indicative of a Registrar or Registry’s tolerance for fraud.

We include a cumulative malicious domain count column in the Active Domains, showing how many malicious domains were active in total at each Registrar / Registry by the end of 2020.

In 2020, the South African co.za ccTLD saw much abuse causing gross consumer harm. This saw it becoming the second highest abused TLD/ccTLD. As such we break down this anomaly by registrar.

Definitions Matter

The Artists Against 419 definition of a malicious domain is in line with the ICANN GAC and ICANN CCT definitions. We only list a domain name as malicious in incidents where the domain name was deliberately registered to defraud consumers.

ICANN GAC says the following in the ICANN 46 Beijing Communique:

the domain name registration is being used to facilitate or promote malware, operation of botnets, phishing, piracy, trademark or copyright infringement, fraudulent or deceptive practices, counterfeiting or otherwise engaging in activity contrary to applicable law.

https://gac.icann.org/advice/communiques/public/gac-46-beijing-communique.pdf

ICANN GAC also has this to say in a Sept 2019 statement on DNS Abuse:

Noting that ICANN community findings demonstrated that “consensus exists on what constitutes DNS Security Abuse, or DNS Security Abuse of DNS infrastructure,” the CCT Review Team referred to DNS Abuse as “intentionally deceptive, conniving, or unsolicited activities that actively make use of the DNS and/or the procedures used to register domain names.”

https://gac.icann.org/file-asset/public/gac-statement-dns-abuse-final-18sep19.pdf

Despite these clear plain language definitions, some registrars fail to honor these definitions, instead trying to define their own (rather self serving) abuse definitions. In turn this gaming leads to much consumer harm with such registrars facilitating cyber crime and money laundering through inaction, further overwhelming already constrained law enforcement resources.


Abuse by Registrar

Registrar Quarterly: 2020-01-01 to 2020-12-31 (All Domains)

RegistrarQ1:TotalQ2:TotalQ3:TotalQ4:TotalPeriod:Total
NAMECHEAP, INC.2603923484881488
PDR LTD. D/B/A PUBLICDOMAINREGISTRY.COM3542561942411045
NAMESILO, LLC329210205230974
GODADDY.COM, LLC281847867357
REGISTRAR OF DOMAIN NAMES REG.RU11816424207
HOSTINGER, UAB30562345154
1API GMBH14244742127
HOSTING CONCEPTS B.V. DBA OPENPROVIDER51392212124
ENOM, INC.1695038113
UPPERLINK LIMITED6326212112
LIGNE WEB SERVICES SARL DBA LWS57333093
SHINJIRU MSC SDN BHD2431251191
INTERNET DOMAIN SERVICE BS CORP13458681
DOMAINS.CO.ZA444111574
NETEARTH ONE INC. D/B/A NETEARTH710411472
HOSTKING.CO.ZA312233169
WEB COMMERCE COMMUNICATIONS LIMITED DBA WEBNIC.CC1125132069
FREE SUBDOMAIN119222163
NAME.COM, INC.113272162
TUCOWS DOMAINS INC.16159747
OWNREGISTRAR, INC.45152246
TLDS L.L.C. D/B/A SRSPLUS7330040
INNOVADEUS PVT. LTD.3600137
BIGROCK SOLUTIONS LTD1362627
LAUNCHPAD.COM, INC.4015322
FASTDOMAIN INC.239721
WIX.COM LTD.4112421
WEB4AFRICA INC.4221220
PORKBUN, LLC196319
DOMAINSHYPE.COM, INC0512118
1&1 INTERNET651315
EPAG DOMAINSERVICES GMBH036413
ALIBABA CLOUD230712
DIAMATRIX C.C.254112
GOOGLE LLC263112
GRANSY S.R.O. D/B/A SUBREG.CZ370212
PSI-USA, INC. DBA DOMAIN ROBOT322411
DANESCO TRADING LTD.513110
101DOMAIN GRS LIMITED33039
IN2NET NETWORK INC.00639
SA WEBHOSTS20529
CNOBIN INFORMATION TECHNOLOGY LIMITED35008
NETWORK SOLUTIONS, LLC43018
ONE.COM A/S24208
WILD WEST DOMAINS, LLC43108
ZA DOMAINS14308
DYNADOT, LLC11327
NETIM SARL24017
ONLINENIC, INC.02327
URL SOLUTIONS, INC.33107
DOMAIN.COM, LLC04206
FREE DOMAIN22206
AXXESS DSL01225
HOSTAFRICA10315
INSTRA CORPORATION PTY LTD.31015
ONLINE SAS20035
AFRIHOST20114
DENIC11024
DOMAINPEOPLE, INC.11204
ERANET INTERNATIONAL LIMITED11024
MONIKER ONLINE SERVICES LLC10214
NOTFOUND02114
OPENTLD B.V.11204
P.A. VIET NAM COMPANY LIMITED00044
TURNCOMMERCE, INC. DBA NAMEBRIGHT.COM00404
WEBSPACEBAR00314
CRAZY DOMAINS FZ-LLC01023
DNC HOLDINGS, INC.00303
OVH SAS20013
REGIONAL NETWORK INFORMATION CENTER, JSC DBA RU-CENTER11103
REGISTER DOMAIN SA11103
REGISTER.COM, INC.20103
TLD REGISTRAR SOLUTIONS LTD.20013
AUTOMATTIC INC.11002
CRONON AG00202
FRIKKADEL10102
GANDI SAS10012
GKG.NET, INC.00112
KEY-SYSTEMS GMBH10012
SA DOMAIN00112
STALLION HOSTING02002
WEBAFRICA NETWORKS00112
XNEELO (PTY) LTD11002
123-REG LIMITED T/A 123-REG01001
AB NAME ISP10001
AMPLEHOSTING00101
ATAK DOMAIN HOSTING INTERNET VE BILGI TEKNOLOJILERI LIMITED SIRKETI D/B/A ATAK TEKNOLOJI00011
BEGET LLC00101
CENTER OF UKRAINIAN INTERNET NAMES DBA UKRNAMES10001
CV. JOGJACAMP00101
CV. RUMAHWEB INDONESIA00011
CYBERSMART LTD00101
DREAMHOST, LLC01001
EXABYTES NETWORK SDN BHD00101
HOSTING.UA10001
LEDL.NET GMBH10001
MESH DIGITAL LIMITED10001
NAME SRS AB10001
NAMEKING.COM INC.00011
PT ARDH GLOBAL INDONESIA00011
RADIX DOMAINS D/B/A RADIX.NG10001
REALTIME REGISTER B.V.00011
REGTIME LTD.10001
RIPE NETWORK COORDINATION CENTRE01001
SOLUCIONES CORPORATIVAS IP, SL10001
SYNERGY WHOLESALE PTY LTD00011
TEXO WEB HOSTING01001
VAUTRON RECHENZENTRUM AG01001
VEHOST.CO.ZA00101

Back to top


Registrar Quarterly: 2020-01-01 to 2020-12-31 (Active Domains)

RegistrarQ1:ActiveQ2:ActiveQ3:ActiveQ4:ActivePeriod:ActiveCumulative Active
NAMECHEAP, INC.15628828645611861461
NAMESILO, LLC70455993267334
GODADDY.COM, LLC141245761256313
REGISTRAR OF DOMAIN NAMES REG.RU5313922169198
HOSTINGER, UAB14402242118143
1API GMBH3224141107114
ENOM, INC.125433696166
HOSTING CONCEPTS B.V. DBA OPENPROVIDER272720118588
LIGNE WEB SERVICES SARL DBA LWS47333083119
SHINJIRU MSC SDN BHD152619117197
INTERNET DOMAIN SERVICE BS CORP745356981
UPPERLINK LIMITED31538116777
WEB COMMERCE COMMUNICATIONS LIMITED DBA WEBNIC.CC102012196168
HOSTKING.CO.ZA1719295659
NAME.COM, INC.01026205671
NETEARTH ONE INC. D/B/A NETEARTH2234145259
FREE SUBDOMAIN85171949219
DOMAINS.CO.ZA1273154649
OWNREGISTRAR, INC.1111213439
TUCOWS DOMAINS INC.612973472
LAUNCHPAD.COM, INC.301532122
TLDS L.L.C. D/B/A SRSPLUS119002020
WIX.COM LTD.39241818
FASTDOMAIN INC.11871720
WEB4AFRICA INC.312101621
PORKBUN, LLC14631414
EPAG DOMAINSERVICES GMBH03641316
PDR LTD. D/B/A PUBLICDOMAINREGISTRY.COM12191314
1&1 INTERNET33131065
ALIBABA CLOUD12071013
INNOVADEUS PVT. LTD.90011020
GRANSY S.R.O. D/B/A SUBREG.CZ2502915
PSI-USA, INC. DBA DOMAIN ROBOT3123910
DIAMATRIX C.C.0341812
GOOGLE LLC0521812
IN2NET NETWORK INC.006177
ZA DOMAINS043077
101DOMAIN GRS LIMITED120368
BIGROCK SOLUTIONS LTD000666
DANESCO TRADING LTD.401167
DYNADOT, LLC0132611
NETWORK SOLUTIONS, LLC3201619
WILD WEST DOMAINS, LLC2310611
ONE.COM A/S140055
ONLINENIC, INC.021259
URL SOLUTIONS, INC.230057
DOMAINPEOPLE, INC.112044
ONLINE SAS100344
P.A. VIET NAM COMPANY LIMITED000444
AFRIHOST200135
AXXESS DSL001233
CNOBIN INFORMATION TECHNOLOGY LIMITED030033
DENIC010237
DOMAIN.COM, LLC0210311
ERANET INTERNATIONAL LIMITED100233
HOSTAFRICA101133
MONIKER ONLINE SERVICES LLC002137
OPENTLD B.V.0120310
TLD REGISTRAR SOLUTIONS LTD.200135
CRONON AG002022
DNC HOLDINGS, INC.002023
FRIKKADEL101023
GKG.NET, INC.001122
OVH SAS100125
REGIONAL NETWORK INFORMATION CENTER, JSC DBA RU-CENTER011024
REGISTER DOMAIN SA101023
REGISTER.COM, INC.1010210
SA DOMAIN001122
TURNCOMMERCE, INC. DBA NAMEBRIGHT.COM002023
WEBAFRICA NETWORKS001127
WEBSPACEBAR002022
XNEELO (PTY) LTD110023
AB NAME ISP100011
AMPLEHOSTING001013
ATAK DOMAIN HOSTING INTERNET VE BILGI TEKNOLOJILERI LIMITED SIRKETI D/B/A ATAK TEKNOLOJI000111
AUTOMATTIC INC.100012
BEGET LLC001011
CRAZY DOMAINS FZ-LLC000116
CV. JOGJACAMP001012
CV. RUMAHWEB INDONESIA000111
CYBERSMART LTD001011
DOMAINSHYPE.COM, INC000111
DREAMHOST, LLC010012
EXABYTES NETWORK SDN BHD001011
FREE DOMAIN001015
GANDI SAS000112
INSTRA CORPORATION PTY LTD.000116
KEY-SYSTEMS GMBH000112
NAME SRS AB100011
NAMEKING.COM INC.000111
NETIM SARL000113
PT ARDH GLOBAL INDONESIA000113
REALTIME REGISTER B.V.000111
RIPE NETWORK COORDINATION CENTRE010011
SA WEBHOSTS000111
SOLUCIONES CORPORATIVAS IP, SL100011
STALLION HOSTING010011
SYNERGY WHOLESALE PTY LTD000111
123-REG LIMITED T/A 123-REG000000
CENTER OF UKRAINIAN INTERNET NAMES DBA UKRNAMES000001
HOSTING.UA000000
LEDL.NET GMBH000000
MESH DIGITAL LIMITED000002
NOTFOUND000000
RADIX DOMAINS D/B/A RADIX.NG000000
REGTIME LTD.000000
TEXO WEB HOSTING000000
VAUTRON RECHENZENTRUM AG000000
VEHOST.CO.ZA000000

Back to top


Abuse by TLD, ccTLD and Free Sub-Domain

Domains by TLD: Quarterly 2020-01-01 to 2020-12-31 (All Domains)

Domain EndQ1:TotalQ2:TotalQ3:TotalQ4:TotalPeriod:Total
com12171279125311744923
co.za3382106103324
org26234838135
net19314232124
us450291699
online919114180
info152020964
co.uk2085841
eu858526
co354517
site715215
uk900110
wixsite.com30249
wordpress.com02507
biz11046
pe.hu00066
services14016
best50005
blogspot.com12115
ltd12115
pw21025
site123.me01405
store03205
zohosites.com11035
cc04004
de11024
in03104
xyz02114
business.site10203
cf12003
nl02103
org.za00303
pl12003
ca11002
club11002
co.ua10012
com.au10102
glitch.me20002
in.net00022
me01012
page.tl00022
shop01102
webs.com10012
world00202
000webhostapp.com00011
220.2.14101001
3-a.net10001
agency01001
asia00011
btempurl.com01001
cash10001
center01001
com.my00101
com.ng10001
com.nu00011
com.ua10001
contact.page00101
delivery01001
dtempurl.com00011
dx.am00101
es01001
farm00011
ga00101
gallery01001
giize.com01001
gq00101
group10001
health00101
home.blog00101
icu01001
live00101
my00101
ph10001
press00011
pro00101
rf.gd00101
simdif.com00101
tech00011
tk10001
top10001
trade00011
vps.ovh.ca00101
webnode.com01001
webself.net10001
website10001
websites.co.in00011
weebly.com00101
yolasite.com00101

Back to top


Domains by TLD: Quarterly 2020-01-01 to 2020-12-31 (Active Domains)

Domain EndQ1:ActiveQ2:ActiveQ3:ActiveQ4:ActivePeriod:ActiveCumulative Active
com38666279483126733488
co.za13537796239267
org913352784111
net619312581118
us12616135660
co.uk84472331
eu44852127
info75601825
co1125911
wixsite.com3014839
online1032611
pe.hu000667
best500055
blogspot.com1211531
zohosites.com110356
biz100347
uk400045
wordpress.com0040420
de0102311
nl021036
org.za003033
pl120033
site123.me012036
business.site0020218
co.ua100122
ltd001122
me010124
page.tl000228
pw110024
shop011022
site200023
store011022
webs.com100128
220.2.141010011
3-a.net100011
agency010011
asia000111
ca010012
cc010013
center010011
club100011
com.au001011
com.my001011
contact.page001011
delivery010011
dtempurl.com000111
dx.am001012
es010011
farm000111
ga001011
group100012
health001011
home.blog001011
my001011
ph100011
rf.gd001016
services100011
vps.ovh.ca001011
webnode.com010013
webself.net100015
websites.co.in000111
weebly.com001015
xyz000111
yolasite.com001018
000webhostapp.com000002
btempurl.com000000
cash000000
cf000003
com.ng000001
com.nu000000
com.ua000000
gallery000000
giize.com000000
glitch.me000000
gq000000
icu000000
in000000
in.net000000
live000001
press000000
pro000000
simdif.com000000
tech000000
tk000000
top000000
trade000000
website000001
world000000

com: Excludes blogspot.com webs.com wixsite.com zohosites.com webnode.com wordpress.com btempurl.com giize.com yolasite.com weebly.com simdif.com dtempurl.com 000webhostapp.com

net: Excludes 3-a.net webself.net in.net

uk: Excludes co.uk

me: Excludes glitch.me site123.me

site: Excludes business.site

ca: Excludes vps.ovh.ca

my: Excludes com.my

in: Excludes websites.co.in

Back to top


The co.za ccTLD Abuse

In 2020, the .co.za was the most the second most abused TLD/ccTLD after .com. These statistics show where the abuse occurred.

.co.za ccTLD Quarterly: 2020-01-01 to 2020-12-31 (All Domains)

RegistrarQ1:TotalQ2:TotalQ3:TotalQ4:TotalPeriod:Total
1API GMBH13103941103
DOMAINS.CO.ZA444111574
HOSTKING.CO.ZA312223168
EPAG DOMAINSERVICES GMBH036413
SA WEBHOSTS20529
ZA DOMAINS14308
AXXESS DSL01225
HOSTAFRICA10315
HOSTING CONCEPTS B.V. DBA OPENPROVIDER01315
101DOMAIN GRS LIMITED21014
AFRIHOST20114
WEBSPACEBAR00314
NOTFOUND01113
REGISTER DOMAIN SA11103
FRIKKADEL10102
SA DOMAIN00112
STALLION HOSTING02002
WEBAFRICA NETWORKS00112
XNEELO (PTY) LTD11002
AMPLEHOSTING00101
CYBERSMART LTD00101
NETIM SARL10001
TEXO WEB HOSTING01001
VEHOST.CO.ZA00101
WEB4AFRICA INC.10001

.co.za ccTLD Quarterly: 2020-01-01 to 2020-12-31 (Active Domains)

RegistrarQ1:ActiveQ2:ActiveQ3:ActiveQ4:ActivePeriod:ActiveCumulative Active
1API GMBH3834408591
HOSTKING.CO.ZA1718295558
DOMAINS.CO.ZA1273154649
EPAG DOMAINSERVICES GMBH03641314
ZA DOMAINS043077
HOSTING CONCEPTS B.V. DBA OPENPROVIDER013044
101DOMAIN GRS LIMITED110134
AFRIHOST200135
AXXESS DSL001233
HOSTAFRICA101133
FRIKKADEL101023
REGISTER DOMAIN SA101023
SA DOMAIN001122
WEBAFRICA NETWORKS001127
WEBSPACEBAR002022
XNEELO (PTY) LTD110023
AMPLEHOSTING001013
CYBERSMART LTD001011
SA WEBHOSTS000111
STALLION HOSTING010011
WEB4AFRICA INC.100011
NETIM SARL000000
NOTFOUND000000
TEXO WEB HOSTING000000
VEHOST.CO.ZA000000

Back to top


Note to registrars, registries and law enforcement

Artists Against 419 does not just say it, we can also prove it. We record numerous attributes for each entry in our database. While some of these are publicly visible at https://db.aa419.org, we record additional evidence of maliciousness. These includes website snapshots with embedded EXIF data, source code of interesting pages, email headers and/or linking data.

We appreciate outreach from any registrar and registry alike where they are keen to understand the nature of this maliciousness and wish to mitigate. You are the parties either abused or used as an entry point for this fraud on the web. The choice is yours to be part of the solution or the problem. Remember, these domains are purchased with the proceeds of fraud to facilitate further fraud.

We may mitigate till the cows come home to protect consumers, but you are the parties that ultimately stop this illegal abuse.

We do not charge any fees for such cooperation.

Back to top