Domain Abuse: 2023
- Overview
- Definitions Matter
- Registrar Quarterly: 2023-01-01 to 2023-12-31 (All Domains)
- Registrar Quarterly: 2023-01-01 to 2023-12-31 (Active Domains)
- Domain Endings Quarterly: 2023-01-01 to 2023-31 (All Domains)
- Domain Endings Quarterly: 2023-01-01 to 2023-12-31 (Active Domains)
- .co.za ccTLD Quarterly: 2023-01-01 to 2023-12-31 (All Domains)
- .co.za ccTLD Quarterly: 2023-01-01 to 2023-12-31 (Active Domains)
- Note to registrars, registries and law enforcement
Overview
The below statistics shows the advance fee fraud related domain abuse per quarter for 2023 as recorded by Artists Against 419. This records abuse per registrar and ccTLD, exposing the registrars and registries that are problematic and where malicious domains find a foothold to target internet consumers. The details are broken down by Registrar and TLD/ccTLDs/free sub-domains. We do a comparison of malicious domains. We list All Domains per entity vs Active Domains for 2023. It’s our contention that no consumer facing registrar can stop their services being abused. However they most certainly can, and should, mitigate malicious domains. As such the All vs Active comparison is indicative of a Registrar or Registry’s tolerance for fraud. We include a cumulative malicious domain count column in the Active Domains, showing how many malicious domains were active in total at each Registrar / Registry by the end of 2023.
In a continuation from previous years, the South African co.za ccTLD continued it’s pattern growing abuse to remain the second highest abused TLD/ccTLD, growing from 32 recorded malicious domains in 2017 to 637 in 2023. We break this anomaly down by registrar to highlight where this abuse came from.
Definitions Matter
The Artists Against 419 definition of a malicious domain is in line with the ICANN GAC, ICANN CCT and the European Commission definitions. We only list a domain name as malicious in incidents where the domain name was deliberately registered by a bad actor to defraud consumers.
ICANN GAC says the following in the ICANN 46 Beijing Communique:
the domain name registration is being used to facilitate or promote malware, operation of botnets, phishing, piracy, trademark or copyright infringement, fraudulent or deceptive practices, counterfeiting or otherwise engaging in activity contrary to applicable law.
https://gac.icann.org/advice/communiques/public/gac-46-beijing-communique.pdf
ICANN GAC also has this to say in a Sept 2019 statement on DNS Abuse:
Noting that ICANN community findings demonstrated that “consensus exists on what constitutes DNS Security Abuse, or DNS Security Abuse of DNS infrastructure,” the CCT Review Team referred to DNS Abuse as “intentionally deceptive, conniving, or unsolicited activities that actively make use of the DNS and/or the procedures used to register domain names.”
https://gac.icann.org/file-asset/public/gac-statement-dns-abuse-final-18sep19.pdf
From the European Commission, we find:
Domain Name System (DNS) abuse is any activity that makes use of domain names or the DNS protocol to carry out harmful or illegal activity.
European Commission, Directorate-General for Communications Networks, Content and Technology, Paulovics, I., Duda, A., Korczynski, M., Study on Domain Name System (DNS) abuse, Publications Office of the European Union, 2022, https://data.europa.eu/doi/10.2759/616244
Despite these clear plain language definitions, some registrars fail to honor these definitions, instead trying to define their own (rather self serving) abuse definitions. While the few mentioned abuse types recognized by a subsection of the registrar fraternity are certainly valid, these limited definitions vs annual IC3 statistics shows a disconnect. In turn this gaming leads to much consumer harm with such registrars facilitating cyber crime and money laundering through inaction, further overwhelming already constrained law enforcement resources. It’s also a known fact that many of these domain registrations are funded with stolen money.
Abuse by Registrar
Registrar Quarterly: 2023-01-01 to 2023-12-31 (All Domains)
| Registrar | Q1:Total | Q2:Total | Q3:Total | Q4:Total | Period:Total |
|---|---|---|---|---|---|
| NAMESILO, LLC | 161 | 329 | 259 | 292 | 1041 |
| NAMECHEAP, INC. | 322 | 245 | 234 | 168 | 969 |
| PDR LTD. D/B/A PUBLICDOMAINREGISTRY.COM | 94 | 81 | 113 | 64 | 352 |
| OWNREGISTRAR, INC. | 118 | 80 | 68 | 33 | 299 |
| 1API GMBH | 77 | 63 | 79 | 50 | 269 |
| HOSTINGER, UAB | 51 | 60 | 75 | 81 | 267 |
| GODADDY.COM, LLC | 59 | 62 | 45 | 47 | 213 |
| WEB COMMERCE COMMUNICATIONS LIMITED DBA WEBNIC.CC | 6 | 37 | 47 | 56 | 146 |
| DYNADOT, LLC | 6 | 57 | 40 | 27 | 130 |
| INTERNET DOMAIN SERVICE BS CORP | 8 | 5 | 90 | 11 | 114 |
| TUCOWS DOMAINS INC. | 11 | 24 | 31 | 47 | 113 |
| HOSTING CONCEPTS B.V. DBA OPENPROVIDER | 13 | 18 | 18 | 48 | 97 |
| DOMAINS.CO.ZA | 19 | 37 | 14 | 15 | 85 |
| GANDI SAS | 8 | 6 | 1 | 66 | 81 |
| KEY-SYSTEMS GMBH | 11 | 29 | 22 | 16 | 78 |
| DOMAINSHYPE.COM, INC | 49 | 0 | 0 | 15 | 64 |
| ENOM, INC. | 28 | 9 | 7 | 18 | 62 |
| CRAZY DOMAINS FZ-LLC | 23 | 4 | 19 | 10 | 56 |
| FREE SUBDOMAIN | 12 | 5 | 12 | 20 | 49 |
| HOSTAFRICA | 18 | 10 | 6 | 13 | 47 |
| DNS AFRICA LTD | 7 | 26 | 6 | 7 | 46 |
| UPPERLINK LIMITED | 8 | 3 | 31 | 1 | 43 |
| LAUNCHPAD.COM, INC. | 2 | 0 | 2 | 37 | 41 |
| LIQUIDNET LTD. | 0 | 0 | 0 | 41 | 41 |
| TRUEHOST CLOUD LIMITED | 11 | 12 | 7 | 11 | 41 |
| NETEARTH ONE INC. D/B/A NETEARTH | 8 | 5 | 12 | 13 | 38 |
| GRANSY S.R.O. D/B/A SUBREG.CZ | 2 | 11 | 8 | 16 | 37 |
| ATAK TEKNOLOJI | 25 | 3 | 3 | 5 | 36 |
| HOSTKING.CO.ZA | 13 | 5 | 6 | 12 | 36 |
| REGISTER DOMAIN SA | 8 | 8 | 9 | 7 | 32 |
| NICENIC | 8 | 7 | 4 | 12 | 31 |
| COSMOTOWN, INC. | 6 | 13 | 8 | 3 | 30 |
| WHOGOHOST LIMITED | 8 | 5 | 15 | 2 | 30 |
| NAME.COM, INC. | 7 | 4 | 7 | 10 | 28 |
| GMO | 0 | 2 | 17 | 5 | 24 |
| SA WEBHOSTS | 7 | 5 | 6 | 6 | 24 |
| FASTDOMAIN INC. | 2 | 1 | 13 | 6 | 22 |
| REALTIME REGISTER B.V. | 9 | 0 | 5 | 8 | 22 |
| SHINJIRU MSC SDN BHD | 2 | 4 | 5 | 8 | 19 |
| INSTRA CORPORATION PTY LTD. | 3 | 3 | 7 | 5 | 18 |
| SA DOMAIN | 0 | 3 | 1 | 14 | 18 |
| BIGROCK SOLUTIONS LTD | 3 | 1 | 9 | 4 | 17 |
| DREAMHOST, LLC | 7 | 4 | 1 | 5 | 17 |
| NETIM SARL | 1 | 8 | 4 | 4 | 17 |
| URL SOLUTIONS, INC. | 9 | 2 | 4 | 1 | 16 |
| LEXSYNERGY LIMITED | 12 | 1 | 2 | 0 | 15 |
| WEB4AFRICA INC. | 7 | 5 | 2 | 1 | 15 |
| WILD WEST DOMAINS, LLC | 1 | 3 | 1 | 10 | 15 |
| WIX.COM LTD. | 4 | 3 | 4 | 4 | 15 |
| PSI-USA, INC. DBA DOMAIN ROBOT | 0 | 0 | 5 | 9 | 14 |
| ERANET INTERNATIONAL LIMITED | 1 | 0 | 4 | 8 | 13 |
| 1&1 INTERNET | 5 | 1 | 1 | 5 | 12 |
| VEHOST.CO.ZA | 1 | 1 | 5 | 5 | 12 |
| EPAG DOMAINSERVICES GMBH | 2 | 3 | 2 | 3 | 10 |
| PORKBUN, LLC | 4 | 4 | 2 | 0 | 10 |
| ONLINENIC, INC. | 5 | 0 | 3 | 1 | 9 |
| SAV.COM, LLC | 2 | 4 | 0 | 2 | 8 |
| WEBAFRICA NETWORKS | 5 | 1 | 1 | 1 | 8 |
| EPIK INC. | 4 | 3 | 0 | 0 | 7 |
| FRIKKADEL | 2 | 0 | 1 | 3 | 6 |
| NETWORK SOLUTIONS, LLC | 1 | 1 | 1 | 3 | 6 |
| ALIBABA CLOUD | 0 | 4 | 0 | 1 | 5 |
| MONIKER ONLINE SERVICES LLC | 1 | 0 | 3 | 1 | 5 |
| DNC HOLDINGS, INC. | 0 | 1 | 1 | 2 | 4 |
| FREE DOMAIN | 0 | 1 | 3 | 0 | 4 |
| GNAME.COM | 4 | 0 | 0 | 0 | 4 |
| HOSTPINNACLE KENYA LIMITED | 0 | 0 | 4 | 0 | 4 |
| CLOUDFLARE, INC. | 0 | 0 | 3 | 0 | 3 |
| DENIC | 1 | 1 | 1 | 0 | 3 |
| GLOBAL DOMAIN GROUP LLC | 0 | 0 | 2 | 1 | 3 |
| GOOGLE LLC | 2 | 0 | 1 | 0 | 3 |
| HALOWEB.CO.ZA | 0 | 0 | 2 | 1 | 3 |
| REG-ROUTEAFRICA | 1 | 0 | 2 | 0 | 3 |
| REGTIME LTD. | 0 | 3 | 0 | 0 | 3 |
| 101DOMAIN GRS LIMITED | 0 | 0 | 0 | 2 | 2 |
| 123-REG LIMITED T/A 123-REG | 0 | 1 | 0 | 1 | 2 |
| AMPLEHOSTING | 0 | 1 | 1 | 0 | 2 |
| CENTER OF UKRAINIAN INTERNET NAMES DBA UKRNAMES | 1 | 0 | 0 | 1 | 2 |
| DOMAIN.COM, LLC | 0 | 0 | 0 | 2 | 2 |
| DOMAINPEOPLE, INC. | 0 | 2 | 0 | 0 | 2 |
| IN2NET NETWORK INC. | 0 | 1 | 0 | 1 | 2 |
| MAFF INC. | 0 | 0 | 0 | 2 | 2 |
| ONE.COM A/S | 1 | 1 | 0 | 0 | 2 |
| RAPHUS LTD | 0 | 0 | 0 | 2 | 2 |
| REGISTRAR OF DOMAIN NAMES REG.RU | 1 | 0 | 0 | 1 | 2 |
| SQUARESPACE DOMAINS | 0 | 0 | 0 | 2 | 2 |
| TLD REGISTRAR SOLUTIONS LTD. | 0 | 0 | 2 | 0 | 2 |
| AFRIHOST | 0 | 1 | 0 | 0 | 1 |
| AXXESS DSL | 1 | 0 | 0 | 0 | 1 |
| BLACKNIGHT INTERNET SOLUTIONS LTD. | 1 | 0 | 0 | 0 | 1 |
| CV. RUMAHWEB INDONESIA | 0 | 0 | 0 | 1 | 1 |
| DANESCO TRADING LTD. | 0 | 0 | 1 | 0 | 1 |
| DDD TECHNOLOGY PTE. LTD. | 0 | 0 | 1 | 0 | 1 |
| GKG.NET, INC. | 0 | 0 | 0 | 1 | 1 |
| HELLO INTERNET CORP. | 0 | 0 | 0 | 1 | 1 |
| ICPS | 0 | 1 | 0 | 0 | 1 |
| INTERNET INVEST, LTD. DBA IMENA.UA | 0 | 0 | 0 | 1 | 1 |
| JIANGSU BANGNING TECHNOLOGY CO., LTD. | 0 | 0 | 1 | 0 | 1 |
| METAREGISTRAR BV | 0 | 0 | 1 | 0 | 1 |
| NIVACITY | 0 | 0 | 1 | 0 | 1 |
| REBEL LTD | 0 | 0 | 1 | 0 | 1 |
| RED.ES | 0 | 1 | 0 | 0 | 1 |
| REGIONAL NETWORK INFORMATION CENTER, JSC DBA RU-CENTER | 0 | 0 | 1 | 0 | 1 |
| REGISTER.COM, INC. | 0 | 0 | 1 | 0 | 1 |
| REGISTERAM.COM LIMITED | 0 | 0 | 1 | 0 | 1 |
| SPACESHIP, INC. | 0 | 1 | 0 | 0 | 1 |
| UA.REGERY | 0 | 0 | 1 | 0 | 1 |
| UKIT | 1 | 0 | 0 | 0 | 1 |
| VAUTRON RECHENZENTRUM AG | 1 | 0 | 0 | 0 | 1 |
| VEBONIX.COM | 0 | 0 | 1 | 0 | 1 |
Registrar Quarterly: 2023-01-01 to 2023-12-31 (Active Domains)
| Registrar | Q1:Active | Q2:Active | Q3:Active | Q4:Active | Period:Active | Cumulative Active |
|---|---|---|---|---|---|---|
| NAMESILO, LLC | 101 | 211 | 205 | 264 | 781 | 909 |
| NAMECHEAP, INC. | 52 | 107 | 141 | 134 | 434 | 590 |
| PDR LTD. D/B/A PUBLICDOMAINREGISTRY.COM | 63 | 59 | 85 | 56 | 263 | 342 |
| 1API GMBH | 53 | 57 | 72 | 50 | 232 | 267 |
| OWNREGISTRAR, INC. | 53 | 50 | 60 | 29 | 192 | 242 |
| HOSTINGER, UAB | 26 | 49 | 53 | 62 | 190 | 215 |
| GODADDY.COM, LLC | 35 | 55 | 38 | 43 | 171 | 252 |
| WEB COMMERCE COMMUNICATIONS LIMITED DBA WEBNIC.CC | 6 | 30 | 42 | 55 | 133 | 170 |
| DYNADOT, LLC | 4 | 52 | 40 | 24 | 120 | 134 |
| INTERNET DOMAIN SERVICE BS CORP | 7 | 5 | 89 | 11 | 112 | 128 |
| HOSTING CONCEPTS B.V. DBA OPENPROVIDER | 10 | 14 | 13 | 48 | 85 | 136 |
| TUCOWS DOMAINS INC. | 5 | 11 | 21 | 45 | 82 | 127 |
| GANDI SAS | 1 | 3 | 0 | 64 | 68 | 68 |
| DOMAINS.CO.ZA | 8 | 32 | 13 | 12 | 65 | 81 |
| KEY-SYSTEMS GMBH | 6 | 24 | 21 | 8 | 59 | 61 |
| ENOM, INC. | 26 | 8 | 6 | 15 | 55 | 116 |
| FREE SUBDOMAIN | 11 | 3 | 10 | 20 | 44 | 228 |
| DNS AFRICA LTD | 6 | 24 | 5 | 7 | 42 | 42 |
| DOMAINSHYPE.COM, INC | 27 | 0 | 0 | 15 | 42 | 44 |
| HOSTAFRICA | 15 | 7 | 5 | 13 | 40 | 45 |
| LAUNCHPAD.COM, INC. | 1 | 0 | 2 | 37 | 40 | 45 |
| TRUEHOST CLOUD LIMITED | 10 | 12 | 7 | 11 | 40 | 42 |
| LIQUIDNET LTD. | 0 | 0 | 0 | 37 | 37 | 38 |
| GRANSY S.R.O. D/B/A SUBREG.CZ | 1 | 11 | 6 | 15 | 33 | 36 |
| HOSTKING.CO.ZA | 10 | 5 | 6 | 12 | 33 | 47 |
| UPPERLINK LIMITED | 3 | 1 | 22 | 1 | 27 | 41 |
| NICENIC | 5 | 3 | 4 | 12 | 24 | 35 |
| GMO | 0 | 2 | 15 | 5 | 22 | 25 |
| SA WEBHOSTS | 4 | 5 | 6 | 6 | 21 | 24 |
| ATAK TEKNOLOJI | 14 | 0 | 2 | 4 | 20 | 22 |
| COSMOTOWN, INC. | 4 | 9 | 4 | 3 | 20 | 27 |
| FASTDOMAIN INC. | 0 | 0 | 13 | 6 | 19 | 36 |
| REGISTER DOMAIN SA | 6 | 4 | 5 | 4 | 19 | 19 |
| NAME.COM, INC. | 1 | 2 | 5 | 10 | 18 | 31 |
| NETEARTH ONE INC. D/B/A NETEARTH | 3 | 4 | 7 | 4 | 18 | 25 |
| REALTIME REGISTER B.V. | 6 | 0 | 3 | 8 | 17 | 18 |
| SHINJIRU MSC SDN BHD | 2 | 3 | 4 | 8 | 17 | 41 |
| URL SOLUTIONS, INC. | 9 | 2 | 4 | 1 | 16 | 17 |
| SA DOMAIN | 0 | 1 | 1 | 13 | 15 | 16 |
| WHOGOHOST LIMITED | 4 | 2 | 8 | 1 | 15 | 17 |
| WILD WEST DOMAINS, LLC | 1 | 3 | 1 | 10 | 15 | 18 |
| CRAZY DOMAINS FZ-LLC | 5 | 2 | 3 | 4 | 14 | 20 |
| NETIM SARL | 0 | 5 | 4 | 4 | 13 | 13 |
| WIX.COM LTD. | 4 | 3 | 2 | 4 | 13 | 22 |
| BIGROCK SOLUTIONS LTD | 2 | 1 | 5 | 4 | 12 | 15 |
| ERANET INTERNATIONAL LIMITED | 1 | 0 | 3 | 8 | 12 | 14 |
| LEXSYNERGY LIMITED | 9 | 1 | 2 | 0 | 12 | 12 |
| PSI-USA, INC. DBA DOMAIN ROBOT | 0 | 0 | 5 | 7 | 12 | 15 |
| VEHOST.CO.ZA | 1 | 1 | 5 | 5 | 12 | 14 |
| DREAMHOST, LLC | 2 | 4 | 1 | 4 | 11 | 13 |
| EPAG DOMAINSERVICES GMBH | 2 | 3 | 2 | 3 | 10 | 42 |
| 1&1 INTERNET | 2 | 1 | 1 | 5 | 9 | 23 |
| WEB4AFRICA INC. | 2 | 4 | 2 | 0 | 8 | 11 |
| WEBAFRICA NETWORKS | 4 | 1 | 1 | 1 | 7 | 14 |
| ONLINENIC, INC. | 3 | 0 | 2 | 1 | 6 | 12 |
| SAV.COM, LLC | 0 | 4 | 0 | 2 | 6 | 9 |
| EPIK INC. | 3 | 2 | 0 | 0 | 5 | 5 |
| INSTRA CORPORATION PTY LTD. | 1 | 3 | 0 | 1 | 5 | 22 |
| MONIKER ONLINE SERVICES LLC | 1 | 0 | 3 | 1 | 5 | 11 |
| NETWORK SOLUTIONS, LLC | 0 | 1 | 1 | 3 | 5 | 9 |
| DNC HOLDINGS, INC. | 0 | 1 | 1 | 2 | 4 | 5 |
| FRIKKADEL | 2 | 0 | 1 | 1 | 4 | 5 |
| GNAME.COM | 4 | 0 | 0 | 0 | 4 | 4 |
| PORKBUN, LLC | 1 | 1 | 2 | 0 | 4 | 10 |
| ALIBABA CLOUD | 0 | 2 | 0 | 1 | 3 | 15 |
| GLOBAL DOMAIN GROUP LLC | 0 | 0 | 2 | 1 | 3 | 3 |
| HALOWEB.CO.ZA | 0 | 0 | 2 | 1 | 3 | 3 |
| REG-ROUTEAFRICA | 1 | 0 | 2 | 0 | 3 | 3 |
| 101DOMAIN GRS LIMITED | 0 | 0 | 0 | 2 | 2 | 4 |
| 123-REG LIMITED T/A 123-REG | 0 | 1 | 0 | 1 | 2 | 2 |
| AMPLEHOSTING | 0 | 1 | 1 | 0 | 2 | 5 |
| CLOUDFLARE, INC. | 0 | 0 | 2 | 0 | 2 | 2 |
| DOMAIN.COM, LLC | 0 | 0 | 0 | 2 | 2 | 7 |
| GOOGLE LLC | 1 | 0 | 1 | 0 | 2 | 8 |
| HOSTPINNACLE KENYA LIMITED | 0 | 0 | 2 | 0 | 2 | 3 |
| IN2NET NETWORK INC. | 0 | 1 | 0 | 1 | 2 | 2 |
| MAFF INC. | 0 | 0 | 0 | 2 | 2 | 2 |
| ONE.COM A/S | 1 | 1 | 0 | 0 | 2 | 2 |
| RAPHUS LTD | 0 | 0 | 0 | 2 | 2 | 2 |
| REGTIME LTD. | 0 | 2 | 0 | 0 | 2 | 3 |
| SQUARESPACE DOMAINS | 0 | 0 | 0 | 2 | 2 | 2 |
| TLD REGISTRAR SOLUTIONS LTD. | 0 | 0 | 2 | 0 | 2 | 10 |
| AFRIHOST | 0 | 1 | 0 | 0 | 1 | 3 |
| CV. RUMAHWEB INDONESIA | 0 | 0 | 0 | 1 | 1 | 1 |
| DANESCO TRADING LTD. | 0 | 0 | 1 | 0 | 1 | 2 |
| DENIC | 0 | 1 | 0 | 0 | 1 | 4 |
| DOMAINPEOPLE, INC. | 0 | 1 | 0 | 0 | 1 | 2 |
| FREE DOMAIN | 0 | 0 | 1 | 0 | 1 | 1 |
| HELLO INTERNET CORP. | 0 | 0 | 0 | 1 | 1 | 1 |
| ICPS | 0 | 1 | 0 | 0 | 1 | 4 |
| INTERNET INVEST, LTD. DBA IMENA.UA | 0 | 0 | 0 | 1 | 1 | 2 |
| JIANGSU BANGNING TECHNOLOGY CO., LTD. | 0 | 0 | 1 | 0 | 1 | 1 |
| METAREGISTRAR BV | 0 | 0 | 1 | 0 | 1 | 1 |
| NIVACITY | 0 | 0 | 1 | 0 | 1 | 1 |
| REBEL LTD | 0 | 0 | 1 | 0 | 1 | 1 |
| RED.ES | 0 | 1 | 0 | 0 | 1 | 1 |
| REGIONAL NETWORK INFORMATION CENTER, JSC DBA RU-CENTER | 0 | 0 | 1 | 0 | 1 | 1 |
| REGISTER.COM, INC. | 0 | 0 | 1 | 0 | 1 | 10 |
| REGISTERAM.COM LIMITED | 0 | 0 | 1 | 0 | 1 | 1 |
| REGISTRAR OF DOMAIN NAMES REG.RU | 0 | 0 | 0 | 1 | 1 | 5 |
| UKIT | 1 | 0 | 0 | 0 | 1 | 1 |
| VEBONIX.COM | 0 | 0 | 1 | 0 | 1 | 1 |
| AXXESS DSL | 0 | 0 | 0 | 0 | 0 | 3 |
| BLACKNIGHT INTERNET SOLUTIONS LTD. | 0 | 0 | 0 | 0 | 0 | 0 |
| CENTER OF UKRAINIAN INTERNET NAMES DBA UKRNAMES | 0 | 0 | 0 | 0 | 0 | 3 |
| DDD TECHNOLOGY PTE. LTD. | 0 | 0 | 0 | 0 | 0 | 0 |
| GKG.NET, INC. | 0 | 0 | 0 | 0 | 0 | 0 |
| SPACESHIP, INC. | 0 | 0 | 0 | 0 | 0 | 0 |
| UA.REGERY | 0 | 0 | 0 | 0 | 0 | 0 |
| VAUTRON RECHENZENTRUM AG | 0 | 0 | 0 | 0 | 0 | 0 |
Abuse by TLD, ccTLD and Free Sub-Domain
Domains by TLD: Quarterly 2023-01-01 to 2023-12-31 (All Domains)
| Domain End | Q1:Total | Q2:Total | Q3:Total | Q4:Total | Period:Total |
|---|---|---|---|---|---|
| com | 943 | 1020 | 1035 | 1020 | 4018 |
| co.za | 170 | 157 | 159 | 151 | 637 |
| org | 54 | 37 | 43 | 55 | 189 |
| net | 29 | 31 | 54 | 18 | 132 |
| online | 23 | 20 | 24 | 23 | 90 |
| com.au | 20 | 3 | 28 | 18 | 69 |
| co.uk | 6 | 6 | 12 | 17 | 41 |
| us | 9 | 9 | 3 | 16 | 37 |
| education | 0 | 0 | 0 | 28 | 28 |
| de | 8 | 7 | 5 | 1 | 21 |
| wixsite.com | 5 | 3 | 4 | 6 | 18 |
| co | 5 | 4 | 5 | 3 | 17 |
| info | 2 | 3 | 6 | 5 | 16 |
| live | 1 | 6 | 6 | 0 | 13 |
| shop | 0 | 3 | 5 | 3 | 11 |
| store | 1 | 1 | 1 | 8 | 11 |
| university | 0 | 0 | 0 | 11 | 11 |
| business.site | 1 | 0 | 2 | 7 | 10 |
| cc | 6 | 2 | 1 | 1 | 10 |
| site | 3 | 1 | 4 | 0 | 8 |
| me | 0 | 0 | 3 | 4 | 7 |
| blog | 0 | 2 | 4 | 0 | 6 |
| club | 0 | 5 | 0 | 0 | 5 |
| co.ke | 0 | 0 | 5 | 0 | 5 |
| eu | 0 | 2 | 2 | 1 | 5 |
| ltd | 0 | 4 | 1 | 0 | 5 |
| nl | 1 | 3 | 0 | 0 | 4 |
| sbs | 1 | 1 | 1 | 1 | 4 |
| uk | 2 | 0 | 0 | 2 | 4 |
| biz | 3 | 0 | 0 | 0 | 3 |
| cf | 0 | 0 | 3 | 0 | 3 |
| co.tz | 1 | 0 | 2 | 0 | 3 |
| es | 2 | 1 | 0 | 0 | 3 |
| icu | 2 | 0 | 0 | 1 | 3 |
| one | 0 | 0 | 1 | 2 | 3 |
| trade | 0 | 3 | 0 | 0 | 3 |
| weebly.com | 1 | 0 | 1 | 1 | 3 |
| world | 0 | 1 | 1 | 1 | 3 |
| yolasite.com | 1 | 0 | 0 | 2 | 3 |
| cfd | 2 | 0 | 0 | 0 | 2 |
| co.nz | 1 | 0 | 0 | 1 | 2 |
| dog | 1 | 0 | 1 | 0 | 2 |
| fr | 2 | 0 | 0 | 0 | 2 |
| in.net | 2 | 0 | 0 | 0 | 2 |
| nz | 0 | 0 | 1 | 1 | 2 |
| org.za | 1 | 0 | 0 | 1 | 2 |
| se | 0 | 0 | 1 | 1 | 2 |
| top | 1 | 0 | 1 | 0 | 2 |
| website | 0 | 0 | 2 | 0 | 2 |
| wordpress.com | 0 | 0 | 0 | 2 | 2 |
| xyz | 0 | 0 | 2 | 0 | 2 |
| zohosites.com | 0 | 0 | 1 | 1 | 2 |
| 3-a.net | 0 | 0 | 1 | 0 | 1 |
| army | 0 | 0 | 1 | 0 | 1 |
| art | 0 | 0 | 0 | 1 | 1 |
| au | 0 | 0 | 0 | 1 | 1 |
| blogspot.com | 0 | 0 | 1 | 0 | 1 |
| bond | 0 | 0 | 1 | 0 | 1 |
| business | 0 | 0 | 0 | 1 | 1 |
| click | 0 | 1 | 0 | 0 | 1 |
| com | 0 | 0 | 1 | 0 | 1 |
| com.ng | 0 | 0 | 1 | 0 | 1 |
| com.ua | 0 | 0 | 1 | 0 | 1 |
| company | 1 | 0 | 0 | 0 | 1 |
| es.tl | 1 | 0 | 0 | 0 | 1 |
| godaddysites.com | 0 | 1 | 0 | 0 | 1 |
| gold | 1 | 0 | 0 | 0 | 1 |
| help | 0 | 1 | 0 | 0 | 1 |
| homes | 1 | 0 | 0 | 0 | 1 |
| ink | 1 | 0 | 0 | 0 | 1 |
| international | 0 | 1 | 0 | 0 | 1 |
| io | 0 | 0 | 0 | 1 | 1 |
| jimdofree.com | 0 | 1 | 0 | 0 | 1 |
| kz | 0 | 1 | 0 | 0 | 1 |
| life | 0 | 1 | 0 | 0 | 1 |
| link | 0 | 1 | 0 | 0 | 1 |
| marketing | 0 | 1 | 0 | 0 | 1 |
| ml | 0 | 1 | 0 | 0 | 1 |
| mozello.com | 0 | 0 | 1 | 0 | 1 |
| net.cn | 0 | 0 | 1 | 0 | 1 |
| page.tl | 1 | 0 | 0 | 0 | 1 |
| pro | 1 | 0 | 0 | 0 | 1 |
| pw | 1 | 0 | 0 | 0 | 1 |
| report | 0 | 1 | 0 | 0 | 1 |
| services | 0 | 0 | 0 | 1 | 1 |
| sitebeat.crazydomains.com | 1 | 0 | 0 | 0 | 1 |
| su | 1 | 0 | 0 | 0 | 1 |
| tech | 1 | 0 | 0 | 0 | 1 |
| unaux.com | 0 | 0 | 1 | 0 | 1 |
| webnode.page | 0 | 0 | 0 | 1 | 1 |
| webs.com | 1 | 0 | 0 | 0 | 1 |
Domains by TLD: Quarterly 2023-01-01 to 2023-12-31 (Active Domains)
| Domain End | Q1:Active | Q2:Active | Q3:Active | Q4:Active | Period:Active | Cumulative Active |
|---|---|---|---|---|---|---|
| com | 452 | 699 | 822 | 938 | 2911 | 3823 |
| co.za | 121 | 137 | 147 | 141 | 546 | 677 |
| org | 22 | 26 | 31 | 51 | 130 | 160 |
| net | 15 | 11 | 48 | 18 | 92 | 131 |
| education | 0 | 0 | 0 | 28 | 28 | 28 |
| us | 5 | 6 | 2 | 15 | 28 | 45 |
| co.uk | 2 | 3 | 6 | 12 | 23 | 32 |
| wixsite.com | 5 | 3 | 4 | 6 | 18 | 47 |
| live | 1 | 6 | 6 | 0 | 13 | 14 |
| info | 0 | 2 | 5 | 4 | 11 | 15 |
| university | 0 | 0 | 0 | 11 | 11 | 11 |
| business.site | 1 | 0 | 2 | 7 | 10 | 23 |
| co | 3 | 2 | 3 | 2 | 10 | 13 |
| de | 2 | 3 | 4 | 1 | 10 | 18 |
| shop | 0 | 3 | 4 | 2 | 9 | 13 |
| cc | 4 | 1 | 1 | 1 | 7 | 9 |
| me | 0 | 0 | 3 | 4 | 7 | 17 |
| blog | 0 | 2 | 4 | 0 | 6 | 7 |
| club | 0 | 5 | 0 | 0 | 5 | 5 |
| eu | 0 | 2 | 2 | 1 | 5 | 11 |
| online | 1 | 1 | 0 | 3 | 5 | 14 |
| co.ke | 0 | 0 | 3 | 0 | 3 | 4 |
| co.tz | 1 | 0 | 2 | 0 | 3 | 3 |
| es | 2 | 1 | 0 | 0 | 3 | 3 |
| weebly.com | 1 | 0 | 1 | 1 | 3 | 14 |
| biz | 2 | 0 | 0 | 0 | 2 | 6 |
| fr | 2 | 0 | 0 | 0 | 2 | 3 |
| in.net | 2 | 0 | 0 | 0 | 2 | 2 |
| ltd | 0 | 1 | 1 | 0 | 2 | 2 |
| org.za | 1 | 0 | 0 | 1 | 2 | 2 |
| uk | 0 | 0 | 0 | 2 | 2 | 3 |
| wordpress.com | 0 | 0 | 0 | 2 | 2 | 23 |
| world | 0 | 1 | 0 | 1 | 2 | 2 |
| xyz | 0 | 0 | 2 | 0 | 2 | 2 |
| yolasite.com | 0 | 0 | 0 | 2 | 2 | 14 |
| zohosites.com | 0 | 0 | 1 | 1 | 2 | 8 |
| 3-a.net | 0 | 0 | 1 | 0 | 1 | 1 |
| army | 0 | 0 | 1 | 0 | 1 | 1 |
| au | 0 | 0 | 0 | 1 | 1 | 1 |
| blogspot.com | 0 | 0 | 1 | 0 | 1 | 24 |
| business | 0 | 0 | 0 | 1 | 1 | 1 |
| cf | 0 | 0 | 1 | 0 | 1 | 1 |
| click | 0 | 1 | 0 | 0 | 1 | 1 |
| com | 0 | 0 | 1 | 0 | 1 | 1 |
| com.au | 0 | 0 | 0 | 1 | 1 | 1 |
| com.ng | 0 | 0 | 1 | 0 | 1 | 3 |
| dog | 0 | 0 | 1 | 0 | 1 | 1 |
| es.tl | 1 | 0 | 0 | 0 | 1 | 1 |
| help | 0 | 1 | 0 | 0 | 1 | 1 |
| icu | 0 | 0 | 0 | 1 | 1 | 2 |
| ink | 1 | 0 | 0 | 0 | 1 | 1 |
| kz | 0 | 1 | 0 | 0 | 1 | 4 |
| marketing | 0 | 1 | 0 | 0 | 1 | 1 |
| net.cn | 0 | 0 | 1 | 0 | 1 | 1 |
| nl | 0 | 1 | 0 | 0 | 1 | 3 |
| nz | 0 | 0 | 1 | 0 | 1 | 1 |
| page.tl | 1 | 0 | 0 | 0 | 1 | 8 |
| report | 0 | 1 | 0 | 0 | 1 | 1 |
| sbs | 0 | 0 | 1 | 0 | 1 | 1 |
| se | 0 | 0 | 0 | 1 | 1 | 5 |
| services | 0 | 0 | 0 | 1 | 1 | 1 |
| sitebeat.crazydomains.com | 1 | 0 | 0 | 0 | 1 | 1 |
| su | 1 | 0 | 0 | 0 | 1 | 4 |
| top | 1 | 0 | 0 | 0 | 1 | 1 |
| webnode.page | 0 | 0 | 0 | 1 | 1 | 3 |
| webs.com | 1 | 0 | 0 | 0 | 1 | 4 |
| art | 0 | 0 | 0 | 0 | 0 | 0 |
| bond | 0 | 0 | 0 | 0 | 0 | 0 |
| cfd | 0 | 0 | 0 | 0 | 0 | 0 |
| co.nz | 0 | 0 | 0 | 0 | 0 | 0 |
| com.ua | 0 | 0 | 0 | 0 | 0 | 1 |
| company | 0 | 0 | 0 | 0 | 0 | 0 |
| godaddysites.com | 0 | 0 | 0 | 0 | 0 | 0 |
| gold | 0 | 0 | 0 | 0 | 0 | 0 |
| homes | 0 | 0 | 0 | 0 | 0 | 1 |
| international | 0 | 0 | 0 | 0 | 0 | 0 |
| io | 0 | 0 | 0 | 0 | 0 | 3 |
| jimdofree.com | 0 | 0 | 0 | 0 | 0 | 1 |
| life | 0 | 0 | 0 | 0 | 0 | 0 |
| link | 0 | 0 | 0 | 0 | 0 | 0 |
| ml | 0 | 0 | 0 | 0 | 0 | 0 |
| mozello.com | 0 | 0 | 0 | 0 | 0 | 0 |
| one | 0 | 0 | 0 | 0 | 0 | 0 |
| pro | 0 | 0 | 0 | 0 | 0 | 0 |
| pw | 0 | 0 | 0 | 0 | 0 | 0 |
| site | 0 | 0 | 0 | 0 | 0 | 1 |
| store | 0 | 0 | 0 | 0 | 0 | 0 |
| tech | 0 | 0 | 0 | 0 | 0 | 0 |
| trade | 0 | 0 | 0 | 0 | 0 | 0 |
| unaux.com | 0 | 0 | 0 | 0 | 0 | 0 |
| website | 0 | 0 | 0 | 0 | 0 | 0 |
The co.za ccTLD Abuse
In 2023, the .co.za ccTLD was once again the second most abused TLD after .com. These statistics shows via which sponsoring registrar this abuse occurred.
.co.za ccTLD Quarterly: 2023-01-01 to 2023-12-31 (All Domains)
| Registrar | Q1:Total | Q2:Total | Q3:Total | Q4:Total | Period:Total |
|---|---|---|---|---|---|
| 1API GMBH | 73 | 56 | 77 | 46 | 252 |
| DOMAINS.CO.ZA | 18 | 33 | 14 | 15 | 80 |
| HOSTAFRICA | 18 | 10 | 6 | 13 | 47 |
| TRUEHOST CLOUD LIMITED | 11 | 12 | 6 | 11 | 40 |
| HOSTKING.CO.ZA | 13 | 5 | 6 | 12 | 36 |
| REGISTER DOMAIN SA | 8 | 8 | 9 | 7 | 32 |
| SA WEBHOSTS | 7 | 5 | 6 | 6 | 24 |
| DNS AFRICA LTD | 6 | 4 | 6 | 3 | 19 |
| PDR LTD. D/B/A PUBLICDOMAINREGISTRY.COM | 2 | 3 | 8 | 5 | 18 |
| SA DOMAIN | 0 | 3 | 1 | 13 | 17 |
| DYNADOT, LLC | 0 | 7 | 6 | 2 | 15 |
| VEHOST.CO.ZA | 1 | 1 | 5 | 5 | 12 |
| EPAG DOMAINSERVICES GMBH | 2 | 3 | 2 | 3 | 10 |
| WEBAFRICA NETWORKS | 5 | 1 | 1 | 1 | 8 |
| FRIKKADEL | 2 | 0 | 1 | 3 | 6 |
| KEY-SYSTEMS GMBH | 0 | 2 | 0 | 2 | 4 |
| HALOWEB.CO.ZA | 0 | 0 | 2 | 1 | 3 |
| WEB4AFRICA INC. | 1 | 0 | 1 | 1 | 3 |
| 1&1 INTERNET | 2 | 0 | 0 | 0 | 2 |
| AMPLEHOSTING | 0 | 1 | 1 | 0 | 2 |
| INSTRA CORPORATION PTY LTD. | 0 | 2 | 0 | 0 | 2 |
| RAPHUS LTD | 0 | 0 | 0 | 2 | 2 |
| AFRIHOST | 0 | 1 | 0 | 0 | 1 |
| AXXESS DSL | 1 | 0 | 0 | 0 | 1 |
| NIVACITY | 0 | 0 | 1 | 0 | 1 |
.co.za ccTLD Quarterly: 2023-01-01 to 2023-12-31 (Active Domains)
| Registrar | Q1:Active | Q2:Active | Q3:Active | Q4:Active | Period:Active | Cumulative Active |
|---|---|---|---|---|---|---|
| 1API GMBH | 51 | 52 | 72 | 46 | 221 | 254 |
| DOMAINS.CO.ZA | 8 | 28 | 13 | 12 | 61 | 75 |
| HOSTAFRICA | 15 | 7 | 5 | 13 | 40 | 44 |
| TRUEHOST CLOUD LIMITED | 10 | 12 | 6 | 11 | 39 | 41 |
| HOSTKING.CO.ZA | 10 | 5 | 6 | 12 | 33 | 47 |
| SA WEBHOSTS | 4 | 5 | 6 | 6 | 21 | 24 |
| REGISTER DOMAIN SA | 6 | 4 | 5 | 4 | 19 | 19 |
| PDR LTD. D/B/A PUBLICDOMAINREGISTRY.COM | 2 | 3 | 8 | 5 | 18 | 18 |
| DNS AFRICA LTD | 5 | 2 | 5 | 3 | 15 | 15 |
| DYNADOT, LLC | 0 | 7 | 6 | 2 | 15 | 15 |
| SA DOMAIN | 0 | 1 | 1 | 12 | 14 | 15 |
| VEHOST.CO.ZA | 1 | 1 | 5 | 5 | 12 | 14 |
| EPAG DOMAINSERVICES GMBH | 2 | 3 | 2 | 3 | 10 | 41 |
| WEBAFRICA NETWORKS | 4 | 1 | 1 | 1 | 7 | 14 |
| FRIKKADEL | 2 | 0 | 1 | 1 | 4 | 5 |
| KEY-SYSTEMS GMBH | 0 | 2 | 0 | 2 | 4 | 4 |
| HALOWEB.CO.ZA | 0 | 0 | 2 | 1 | 3 | 3 |
| AMPLEHOSTING | 0 | 1 | 1 | 0 | 2 | 5 |
| INSTRA CORPORATION PTY LTD. | 0 | 2 | 0 | 0 | 2 | 5 |
| RAPHUS LTD | 0 | 0 | 0 | 2 | 2 | 2 |
| WEB4AFRICA INC. | 1 | 0 | 1 | 0 | 2 | 3 |
| AFRIHOST | 0 | 1 | 0 | 0 | 1 | 3 |
| NIVACITY | 0 | 0 | 1 | 0 | 1 | 1 |
| 1&1 INTERNET | 0 | 0 | 0 | 0 | 0 | 0 |
| AXXESS DSL | 0 | 0 | 0 | 0 | 0 | 3 |
It should be noted that these domains are used in ways that are at odds with South Africa’s laws, namely the Consumer Protection Act of 2008 and also the new newer Cyber Crimes Act of 2020. They are also used in ways prohibited by the registry’s own terms as reflected it it’s own Anti-Abuse and Takedown Policy.
Note to registrars, registries and law enforcement
Artists Against 419 does not just say it, we can also prove it. We record numerous attributes for each entry in our database. While some of these are publicly visible at https://db.aa419.org, we record additional evidence of maliciousness. These includes website snapshots with embedded EXIF data, source code of interesting pages, email headers and/or linking data.
We appreciate outreach from any registrar and registry alike where they are keen to understand the nature of this maliciousness and wish to mitigate. You are the parties either abused or used as an entry point for this fraud on the web. We are more than happy to share data with you for mitigation purposes and we even have an API for you to use. The choice is yours to be part of the solution or the problem. Remember, these domains are purchased with the proceeds of fraud to facilitate further fraud.
We may mitigate till the cows come home to protect consumers, but you are the parties that ultimately stop this illegal abuse.
We do not charge any fees for such cooperation.