Domain Abuse: 2024
- Overview
- Definitions Matter
- Registrar Quarterly: 2024-01-01 to 2024-12-31 (All Domains)
- Registrar Quarterly: 2024-01-01 to 2024-12-31 (Active Domains)
- Domain Endings Quarterly: 2024-01-01 to 2024-31 (All Domains)
- Domain Endings Quarterly: 2024-01-01 to 2024-12-31 (Active Domains)
- .co.za ccTLD Quarterly: 2024-01-01 to 2024-12-31 (All Domains)
- .co.za ccTLD Quarterly: 2024-01-01 to 2024-12-31 (Active Domains)
- Note to registrars, registries and law enforcement
Overview
The below statistics shows the advance fee fraud related domain abuse per quarter for 2024 as recorded by Artists Against 419. This records abuse per registrar and ccTLD, exposing the registrars and registries that are problematic and where malicious domains find a foothold to target internet consumers. The details are broken down by Registrar and TLD/ccTLDs/free sub-domains. We do a comparison of malicious domains. We list All Domains per entity vs Active Domains for 2024. It’s our contention that no consumer facing registrar or registry can stop their services being abused. However they most certainly can, and should, mitigate malicious domains. As such the All vs Active comparison is indicative of a Registrar or Registry’s tolerance for fraud. We include a cumulative malicious domain count column in the Active Domains, showing how many malicious domains were active in total at each Registrar / Registry by the end of 2024.
The Australian Domain Name Authority (auDA) set a commendable example in 2024 by effectively protecting their registry from abuse. We recorded 73 abuse attempts, none of which remained online for more than a working day after being reported. One absusive domain was suspened in less than five hours on a Saturday! This swift action highlights auDA’s dedication to maintaining a secure and trustworthy domain environment for Australians.
In a continuation from previous years, the South African co.za ccTLD continued it’s pattern growing abuse to remain the second highest abused TLD/ccTLD, growing from 32 recorded malicious domains in 2017 to 637 in 2023, with a slight drop to 597 in 2024. We break this anomaly down by registrar to highlight where this abuse came from.
Definitions Matter
The Artists Against 419 definition of a malicious domain is in line with the ICANN GAC, ICANN CCT and the European Commission definitions. We only list a domain name as malicious in incidents where the domain name was deliberately registered by a bad actor to defraud consumers.
ICANN GAC says the following in the ICANN 46 Beijing Communique:
the domain name registration is being used to facilitate or promote malware, operation of botnets, phishing, piracy, trademark or copyright infringement, fraudulent or deceptive practices, counterfeiting or otherwise engaging in activity contrary to applicable law.
https://gac.icann.org/advice/communiques/public/gac-46-beijing-communique.pdf
ICANN GAC also has this to say in a Sept 2019 statement on DNS Abuse:
Noting that ICANN community findings demonstrated that “consensus exists on what constitutes DNS Security Abuse, or DNS Security Abuse of DNS infrastructure,” the CCT Review Team referred to DNS Abuse as “intentionally deceptive, conniving, or unsolicited activities that actively make use of the DNS and/or the procedures used to register domain names.”
https://gac.icann.org/file-asset/public/gac-statement-dns-abuse-final-18sep19.pdf
From the European Commission, we find:
Domain Name System (DNS) abuse is any activity that makes use of domain names or the DNS protocol to carry out harmful or illegal activity.
European Commission, Directorate-General for Communications Networks, Content and Technology, Paulovics, I., Duda, A., Korczynski, M., Study on Domain Name System (DNS) abuse, Publications Office of the European Union, 2022, https://data.europa.eu/doi/10.2759/616244
Despite these clear plain language definitions, some registrars fail to honor these definitions, instead trying to define their own (rather self serving) abuse definitions. While the few mentioned abuse types recognized by a subsection of the registrar fraternity are certainly valid, these limited definitions vs annual IC3 statistics shows a disconnect. In turn this gaming leads to much consumer harm with such registrars facilitating cyber crime and money laundering through inaction, further overwhelming already constrained law enforcement resources. It’s also a known fact that many of these domain registrations are funded with stolen money.
Abuse by Registrar
Registrar Quarterly: 2024-01-01 to 2024-12-31 (All Domains)
| Registrar | Q1:Total | Q2:Total | Q3:Total | Q4:Total | Period:Total |
|---|---|---|---|---|---|
| NAMESILO, LLC | 172 | 258 | 222 | 111 | 763 |
| HOSTINGER, UAB | 116 | 145 | 144 | 197 | 602 |
| NAMECHEAP, INC. | 114 | 143 | 121 | 107 | 485 |
| PDR LTD. D/B/A PUBLICDOMAINREGISTRY.COM | 116 | 118 | 68 | 87 | 389 |
| 1API GMBH | 66 | 69 | 91 | 46 | 272 |
| WEB COMMERCE COMMUNICATIONS LIMITED DBA WEBNIC.CC | 66 | 29 | 52 | 99 | 246 |
| OWNREGISTRAR, INC. | 45 | 81 | 60 | 53 | 239 |
| COSMOTOWN, INC. | 40 | 95 | 38 | 46 | 219 |
| GODADDY.COM, LLC | 52 | 63 | 55 | 43 | 213 |
| DYNADOT, LLC | 43 | 32 | 97 | 5 | 177 |
| HOSTING CONCEPTS B.V. DBA OPENPROVIDER | 46 | 70 | 34 | 27 | 177 |
| TUCOWS DOMAINS INC. | 33 | 39 | 27 | 19 | 118 |
| ONLINENIC, INC. | 47 | 51 | 10 | 7 | 115 |
| GMO | 22 | 27 | 22 | 38 | 109 |
| HOSTAFRICA | 18 | 23 | 25 | 30 | 96 |
| WEST263 INTERNATIONAL LIMITED | 22 | 29 | 26 | 13 | 90 |
| REALTIME REGISTER B.V. | 16 | 26 | 23 | 16 | 81 |
| ATAK TEKNOLOJI | 3 | 36 | 7 | 24 | 70 |
| GLOBAL DOMAIN GROUP LLC | 44 | 7 | 12 | 6 | 69 |
| NAME.COM, INC. | 5 | 27 | 24 | 3 | 59 |
| FREE SUBDOMAIN | 15 | 10 | 17 | 13 | 55 |
| WILD WEST DOMAINS, LLC | 10 | 18 | 11 | 15 | 54 |
| PSI-USA, INC. DBA DOMAIN ROBOT | 22 | 14 | 3 | 3 | 42 |
| TRUEHOST CLOUD LIMITED | 1 | 11 | 13 | 17 | 42 |
| GNAME.COM | 28 | 2 | 6 | 5 | 41 |
| INSTRA CORPORATION PTY LTD. | 14 | 5 | 8 | 11 | 38 |
| KEY-SYSTEMS GMBH | 15 | 15 | 4 | 4 | 38 |
| DREAMHOST, LLC | 16 | 16 | 3 | 2 | 37 |
| BIGROCK SOLUTIONS LTD | 8 | 3 | 8 | 14 | 33 |
| SA WEBHOSTS | 13 | 2 | 5 | 13 | 33 |
| NICENIC | 13 | 8 | 4 | 7 | 32 |
| ENOM, INC. | 5 | 9 | 9 | 7 | 30 |
| GRANSY S.R.O. D/B/A SUBREG.CZ | 15 | 4 | 0 | 11 | 30 |
| WHOGOHOST LIMITED | 6 | 5 | 1 | 15 | 27 |
| SA DOMAIN | 7 | 2 | 15 | 2 | 26 |
| CRAZY DOMAINS FZ-LLC | 9 | 7 | 4 | 5 | 25 |
| UPPERLINK LIMITED | 2 | 17 | 3 | 3 | 25 |
| NETEARTH ONE INC. D/B/A NETEARTH | 21 | 1 | 1 | 1 | 24 |
| NETWORK SOLUTIONS, LLC | 2 | 7 | 10 | 3 | 22 |
| DOMAINS.CO.ZA | 5 | 6 | 4 | 5 | 20 |
| SAV.COM, LLC | 2 | 8 | 4 | 6 | 20 |
| FRIKKADEL | 3 | 3 | 13 | 0 | 19 |
| INTERNET DOMAIN SERVICE BS CORP | 6 | 6 | 3 | 2 | 17 |
| NAME SRS AB | 4 | 3 | 3 | 7 | 17 |
| SHINJIRU MSC SDN BHD | 11 | 5 | 1 | 0 | 17 |
| WIX.COM LTD. | 3 | 3 | 4 | 6 | 16 |
| GANDI SAS | 2 | 13 | 0 | 0 | 15 |
| NETIM SARL | 5 | 4 | 1 | 5 | 15 |
| ZACR | 7 | 3 | 5 | 0 | 15 |
| METAREGISTRAR BV | 5 | 3 | 1 | 5 | 14 |
| SPACESHIP, INC. | 1 | 3 | 1 | 9 | 14 |
| ERANET INTERNATIONAL LIMITED | 10 | 0 | 3 | 0 | 13 |
| INWX GMBH | 2 | 2 | 2 | 7 | 13 |
| TLD REGISTRAR SOLUTIONS LTD. | 1 | 10 | 2 | 0 | 13 |
| ALIBABA CLOUD | 0 | 11 | 1 | 0 | 12 |
| DOMAINSHYPE.COM, INC | 0 | 3 | 7 | 1 | 11 |
| SQUARESPACE DOMAINS | 2 | 1 | 4 | 4 | 11 |
| LAUNCHPAD.COM, INC. | 8 | 1 | 0 | 1 | 10 |
| LIGNE WEB SERVICES SARL DBA LWS | 0 | 0 | 9 | 1 | 10 |
| RAPHUS LTD | 2 | 4 | 3 | 1 | 10 |
| 1&1 INTERNET | 4 | 3 | 1 | 1 | 9 |
| HOSTKING.CO.ZA | 2 | 4 | 2 | 1 | 9 |
| ONE.COM A/S | 0 | 5 | 2 | 1 | 8 |
| VEBONIX.COM | 0 | 1 | 3 | 4 | 8 |
| PORKBUN, LLC | 1 | 3 | 2 | 1 | 7 |
| WEBSPACEBAR | 2 | 5 | 0 | 0 | 7 |
| CLOUDFLARE, INC. | 2 | 0 | 2 | 2 | 6 |
| INSLYHOST.COM | 2 | 1 | 2 | 1 | 6 |
| EPAG DOMAINSERVICES GMBH | 0 | 1 | 2 | 2 | 5 |
| FASTDOMAIN INC. | 2 | 0 | 2 | 1 | 5 |
| LINK, FOR TECHNOLOGY & GENERAL TRADING LTD. | 0 | 0 | 0 | 5 | 5 |
| REGIONAL NETWORK INFORMATION CENTER, JSC DBA RU-CENTER | 0 | 0 | 5 | 0 | 5 |
| 123-REG LIMITED T/A 123-REG | 0 | 4 | 0 | 0 | 4 |
| CENTER OF UKRAINIAN INTERNET NAMES DBA UKRNAMES | 3 | 1 | 0 | 0 | 4 |
| DNS AFRICA LTD | 1 | 2 | 0 | 1 | 4 |
| DOMAIN.COM, LLC | 2 | 0 | 1 | 0 | 3 |
| HELLO INTERNET CORP. | 3 | 0 | 0 | 0 | 3 |
| HOSTPINNACLE KENYA LIMITED | 0 | 0 | 3 | 0 | 3 |
| JOKER.COM | 2 | 1 | 0 | 0 | 3 |
| LIQUIDNET LTD. | 1 | 1 | 1 | 0 | 3 |
| REGISTER DOMAIN SA | 0 | 1 | 1 | 1 | 3 |
| VEHOST.CO.ZA | 2 | 0 | 1 | 0 | 3 |
| WEB4AFRICA INC. | 0 | 1 | 1 | 1 | 3 |
| AXXESS DSL | 1 | 0 | 1 | 0 | 2 |
| CV. JOGJACAMP | 1 | 0 | 1 | 0 | 2 |
| DENIC | 1 | 0 | 1 | 0 | 2 |
| DNSPOD, INC. | 0 | 0 | 0 | 2 | 2 |
| HALOWEB.CO.ZA | 2 | 0 | 0 | 0 | 2 |
| KOUMING | 1 | 0 | 1 | 0 | 2 |
| MONIKER ONLINE SERVICES LLC | 0 | 1 | 0 | 1 | 2 |
| REGISTER.COM, INC. | 2 | 0 | 0 | 0 | 2 |
| TONIC.TO | 1 | 0 | 0 | 1 | 2 |
| WEBAFRICA NETWORKS | 0 | 0 | 2 | 0 | 2 |
| ZA DOMAINS | 2 | 0 | 0 | 0 | 2 |
| AFRIHOST | 1 | 0 | 0 | 0 | 1 |
| ARUBA SPA | 0 | 0 | 1 | 0 | 1 |
| BIZCN.COM, INC. | 0 | 0 | 0 | 1 | 1 |
| CNOBIN INFORMATION TECHNOLOGY LIMITED | 1 | 0 | 0 | 0 | 1 |
| COMBELL | 0 | 0 | 0 | 1 | 1 |
| DANESCO TRADING LTD. | 0 | 0 | 1 | 0 | 1 |
| DDD TECHNOLOGY PTE. LTD. | 0 | 0 | 1 | 0 | 1 |
| DIGITALBES | 0 | 0 | 0 | 1 | 1 |
| EASYDNS TECHNOLOGIES, INC. | 1 | 0 | 0 | 0 | 1 |
| EPIK INC. | 0 | 1 | 0 | 0 | 1 |
| EURODNS S.A. | 1 | 0 | 0 | 0 | 1 |
| GKG.NET, INC. | 1 | 0 | 0 | 0 | 1 |
| HOGANHOST.COM.NG | 0 | 1 | 0 | 0 | 1 |
| HOSTNOWNOW | 0 | 0 | 0 | 1 | 1 |
| HOSTOPIA CANADA CORP. | 1 | 0 | 0 | 0 | 1 |
| ICENETWORKS | 1 | 0 | 0 | 0 | 1 |
| INTERNET INVEST, LTD. DBA IMENA.UA | 0 | 1 | 0 | 0 | 1 |
| INTERNETX GMBH | 0 | 0 | 0 | 1 | 1 |
| KENYAWEBEXPERTS.CO.KE | 0 | 1 | 0 | 0 | 1 |
| LCN.COM LTD | 0 | 0 | 0 | 1 | 1 |
| NETCETERA | 0 | 0 | 1 | 0 | 1 |
| NETREGISTRY WHOLESALE PTY LTD | 0 | 0 | 0 | 1 | 1 |
| NUXIT | 0 | 0 | 0 | 1 | 1 |
| ONLINE SAS | 0 | 0 | 1 | 0 | 1 |
| OVH SAS | 0 | 0 | 0 | 1 | 1 |
| PAKNIC (PRIVATE) LIMITED | 0 | 1 | 0 | 0 | 1 |
| PLANETHOSTER INC. | 0 | 0 | 1 | 0 | 1 |
| PURPLE IT LTD | 0 | 1 | 0 | 0 | 1 |
| REGISTER S.P.A. | 1 | 0 | 0 | 0 | 1 |
| REGISTER.IT SPA | 1 | 0 | 0 | 0 | 1 |
| REGISTRAR OF DOMAIN NAMES REG.RU | 1 | 0 | 0 | 0 | 1 |
| REGISTRAR.EU | 0 | 1 | 0 | 0 | 1 |
| ROUTE AFRICA | 0 | 0 | 1 | 0 | 1 |
| SAREK OY | 0 | 0 | 1 | 0 | 1 |
| SYNERGY WHOLESALE ACCREDITATIONS | 0 | 0 | 1 | 0 | 1 |
| URL SOLUTIONS, INC. | 1 | 0 | 0 | 0 | 1 |
| VERPEX LTD | 0 | 1 | 0 | 0 | 1 |
| WEBMANAGER.NG | 0 | 1 | 0 | 0 | 1 |
Registrar Quarterly: 2024-01-01 to 2024-12-31 (Active Domains)
| Registrar | Q1:Active | Q2:Active | Q3:Active | Q4:Active | Period:Active | Cumulative Active |
|---|---|---|---|---|---|---|
| NAMESILO, LLC | 93 | 218 | 199 | 94 | 604 | 851 |
| HOSTINGER, UAB | 49 | 106 | 113 | 161 | 429 | 486 |
| PDR LTD. D/B/A PUBLICDOMAINREGISTRY.COM | 37 | 85 | 60 | 75 | 257 | 369 |
| NAMECHEAP, INC. | 29 | 52 | 88 | 85 | 254 | 395 |
| 1API GMBH | 29 | 50 | 75 | 40 | 194 | 238 |
| WEB COMMERCE COMMUNICATIONS LIMITED DBA WEBNIC.CC | 33 | 17 | 48 | 82 | 180 | 246 |
| OWNREGISTRAR, INC. | 15 | 61 | 50 | 48 | 174 | 251 |
| COSMOTOWN, INC. | 27 | 58 | 35 | 45 | 165 | 173 |
| GODADDY.COM, LLC | 27 | 42 | 48 | 39 | 156 | 236 |
| HOSTING CONCEPTS B.V. DBA OPENPROVIDER | 27 | 58 | 30 | 26 | 141 | 199 |
| DYNADOT, LLC | 19 | 23 | 87 | 5 | 134 | 169 |
| GMO | 8 | 22 | 21 | 35 | 86 | 95 |
| HOSTAFRICA | 13 | 20 | 23 | 30 | 86 | 89 |
| TUCOWS DOMAINS INC. | 21 | 22 | 11 | 15 | 69 | 119 |
| REALTIME REGISTER B.V. | 10 | 22 | 18 | 15 | 65 | 66 |
| ONLINENIC, INC. | 5 | 33 | 9 | 5 | 52 | 56 |
| WILD WEST DOMAINS, LLC | 8 | 18 | 10 | 15 | 51 | 62 |
| FREE SUBDOMAIN | 12 | 8 | 17 | 13 | 50 | 253 |
| NAME.COM, INC. | 3 | 22 | 21 | 2 | 48 | 62 |
| WEST263 INTERNATIONAL LIMITED | 5 | 10 | 21 | 9 | 45 | 45 |
| GLOBAL DOMAIN GROUP LLC | 16 | 7 | 10 | 5 | 38 | 38 |
| TRUEHOST CLOUD LIMITED | 0 | 9 | 12 | 17 | 38 | 45 |
| ATAK TEKNOLOJI | 1 | 17 | 5 | 13 | 36 | 44 |
| DREAMHOST, LLC | 10 | 15 | 2 | 1 | 28 | 31 |
| NICENIC | 12 | 5 | 3 | 7 | 27 | 37 |
| ENOM, INC. | 4 | 8 | 8 | 6 | 26 | 80 |
| SA WEBHOSTS | 4 | 2 | 3 | 13 | 22 | 27 |
| UPPERLINK LIMITED | 0 | 17 | 3 | 2 | 22 | 39 |
| WHOGOHOST LIMITED | 4 | 3 | 1 | 14 | 22 | 30 |
| NETWORK SOLUTIONS, LLC | 2 | 6 | 9 | 3 | 20 | 29 |
| BIGROCK SOLUTIONS LTD | 3 | 1 | 6 | 9 | 19 | 23 |
| SAV.COM, LLC | 2 | 8 | 3 | 6 | 19 | 21 |
| FRIKKADEL | 3 | 2 | 13 | 0 | 18 | 19 |
| GRANSY S.R.O. D/B/A SUBREG.CZ | 5 | 2 | 0 | 10 | 17 | 31 |
| KEY-SYSTEMS GMBH | 4 | 5 | 4 | 4 | 17 | 33 |
| WIX.COM LTD. | 3 | 2 | 4 | 6 | 15 | 26 |
| ZACR | 7 | 3 | 5 | 0 | 15 | 15 |
| DOMAINS.CO.ZA | 1 | 5 | 3 | 5 | 14 | 31 |
| SHINJIRU MSC SDN BHD | 10 | 3 | 1 | 0 | 14 | 40 |
| INTERNET DOMAIN SERVICE BS CORP | 4 | 5 | 2 | 2 | 13 | 63 |
| NETEARTH ONE INC. D/B/A NETEARTH | 11 | 1 | 0 | 1 | 13 | 19 |
| GANDI SAS | 0 | 12 | 0 | 0 | 12 | 36 |
| NAME SRS AB | 2 | 0 | 3 | 7 | 12 | 12 |
| GNAME.COM | 1 | 1 | 6 | 3 | 11 | 11 |
| CRAZY DOMAINS FZ-LLC | 4 | 3 | 1 | 2 | 10 | 14 |
| ERANET INTERNATIONAL LIMITED | 8 | 0 | 2 | 0 | 10 | 15 |
| INWX GMBH | 0 | 1 | 2 | 7 | 10 | 11 |
| SPACESHIP, INC. | 0 | 1 | 1 | 8 | 10 | 10 |
| 1&1 INTERNET | 4 | 3 | 1 | 1 | 9 | 22 |
| DOMAINSHYPE.COM, INC | 0 | 3 | 5 | 1 | 9 | 24 |
| SQUARESPACE DOMAINS | 1 | 1 | 3 | 4 | 9 | 11 |
| HOSTKING.CO.ZA | 2 | 3 | 2 | 1 | 8 | 26 |
| LIGNE WEB SERVICES SARL DBA LWS | 0 | 0 | 7 | 1 | 8 | 11 |
| METAREGISTRAR BV | 1 | 2 | 0 | 4 | 7 | 7 |
| NETIM SARL | 2 | 1 | 0 | 4 | 7 | 8 |
| ONE.COM A/S | 0 | 5 | 2 | 0 | 7 | 8 |
| VEBONIX.COM | 0 | 0 | 3 | 4 | 7 | 7 |
| INSLYHOST.COM | 2 | 1 | 2 | 1 | 6 | 6 |
| PSI-USA, INC. DBA DOMAIN ROBOT | 1 | 4 | 1 | 0 | 6 | 10 |
| TLD REGISTRAR SOLUTIONS LTD. | 0 | 4 | 2 | 0 | 6 | 9 |
| CLOUDFLARE, INC. | 1 | 0 | 2 | 2 | 5 | 5 |
| EPAG DOMAINSERVICES GMBH | 0 | 1 | 2 | 2 | 5 | 46 |
| FASTDOMAIN INC. | 2 | 0 | 2 | 1 | 5 | 17 |
| LINK, FOR TECHNOLOGY & GENERAL TRADING LTD. | 0 | 0 | 0 | 5 | 5 | 5 |
| PORKBUN, LLC | 0 | 2 | 2 | 1 | 5 | 10 |
| RAPHUS LTD | 1 | 2 | 2 | 0 | 5 | 6 |
| REGIONAL NETWORK INFORMATION CENTER, JSC DBA RU-CENTER | 0 | 0 | 5 | 0 | 5 | 6 |
| SA DOMAIN | 2 | 1 | 1 | 1 | 5 | 9 |
| ALIBABA CLOUD | 0 | 2 | 1 | 0 | 3 | 7 |
| HELLO INTERNET CORP. | 3 | 0 | 0 | 0 | 3 | 4 |
| LAUNCHPAD.COM, INC. | 2 | 0 | 0 | 1 | 3 | 4 |
| WEB4AFRICA INC. | 0 | 1 | 1 | 1 | 3 | 6 |
| AXXESS DSL | 1 | 0 | 1 | 0 | 2 | 3 |
| CENTER OF UKRAINIAN INTERNET NAMES DBA UKRNAMES | 1 | 1 | 0 | 0 | 2 | 4 |
| CV. JOGJACAMP | 1 | 0 | 1 | 0 | 2 | 2 |
| DENIC | 1 | 0 | 1 | 0 | 2 | 4 |
| DNSPOD, INC. | 0 | 0 | 0 | 2 | 2 | 3 |
| DOMAIN.COM, LLC | 1 | 0 | 1 | 0 | 2 | 7 |
| JOKER.COM | 1 | 1 | 0 | 0 | 2 | 2 |
| LIQUIDNET LTD. | 0 | 1 | 1 | 0 | 2 | 4 |
| MONIKER ONLINE SERVICES LLC | 0 | 1 | 0 | 1 | 2 | 8 |
| REGISTER DOMAIN SA | 0 | 1 | 0 | 1 | 2 | 2 |
| TONIC.TO | 1 | 0 | 0 | 1 | 2 | 2 |
| VEHOST.CO.ZA | 1 | 0 | 1 | 0 | 2 | 10 |
| WEBAFRICA NETWORKS | 0 | 0 | 2 | 0 | 2 | 6 |
| ZA DOMAINS | 2 | 0 | 0 | 0 | 2 | 2 |
| ARUBA SPA | 0 | 0 | 1 | 0 | 1 | 1 |
| BIZCN.COM, INC. | 0 | 0 | 0 | 1 | 1 | 1 |
| COMBELL | 0 | 0 | 0 | 1 | 1 | 1 |
| DANESCO TRADING LTD. | 0 | 0 | 1 | 0 | 1 | 1 |
| DDD TECHNOLOGY PTE. LTD. | 0 | 0 | 1 | 0 | 1 | 1 |
| DIGITALBES | 0 | 0 | 0 | 1 | 1 | 1 |
| EASYDNS TECHNOLOGIES, INC. | 1 | 0 | 0 | 0 | 1 | 1 |
| EPIK INC. | 0 | 1 | 0 | 0 | 1 | 3 |
| HALOWEB.CO.ZA | 1 | 0 | 0 | 0 | 1 | 1 |
| HOGANHOST.COM.NG | 0 | 1 | 0 | 0 | 1 | 1 |
| HOSTNOWNOW | 0 | 0 | 0 | 1 | 1 | 1 |
| HOSTOPIA CANADA CORP. | 1 | 0 | 0 | 0 | 1 | 1 |
| HOSTPINNACLE KENYA LIMITED | 0 | 0 | 1 | 0 | 1 | 2 |
| ICENETWORKS | 1 | 0 | 0 | 0 | 1 | 1 |
| INSTRA CORPORATION PTY LTD. | 1 | 0 | 0 | 0 | 1 | 12 |
| INTERNET INVEST, LTD. DBA IMENA.UA | 0 | 1 | 0 | 0 | 1 | 3 |
| INTERNETX GMBH | 0 | 0 | 0 | 1 | 1 | 1 |
| KENYAWEBEXPERTS.CO.KE | 0 | 1 | 0 | 0 | 1 | 1 |
| KOUMING | 0 | 0 | 1 | 0 | 1 | 1 |
| NETREGISTRY WHOLESALE PTY LTD | 0 | 0 | 0 | 1 | 1 | 1 |
| NUXIT | 0 | 0 | 0 | 1 | 1 | 1 |
| ONLINE SAS | 0 | 0 | 1 | 0 | 1 | 1 |
| PAKNIC (PRIVATE) LIMITED | 0 | 1 | 0 | 0 | 1 | 1 |
| PLANETHOSTER INC. | 0 | 0 | 1 | 0 | 1 | 1 |
| REGISTRAR OF DOMAIN NAMES REG.RU | 1 | 0 | 0 | 0 | 1 | 2 |
| REGISTRAR.EU | 0 | 1 | 0 | 0 | 1 | 1 |
| ROUTE AFRICA | 0 | 0 | 1 | 0 | 1 | 1 |
| SAREK OY | 0 | 0 | 1 | 0 | 1 | 1 |
| URL SOLUTIONS, INC. | 1 | 0 | 0 | 0 | 1 | 1 |
| VERPEX LTD | 0 | 1 | 0 | 0 | 1 | 1 |
| 123-REG LIMITED T/A 123-REG | 0 | 0 | 0 | 0 | 0 | 0 |
| AFRIHOST | 0 | 0 | 0 | 0 | 0 | 1 |
| CNOBIN INFORMATION TECHNOLOGY LIMITED | 0 | 0 | 0 | 0 | 0 | 0 |
| DNS AFRICA LTD | 0 | 0 | 0 | 0 | 0 | 4 |
| EURODNS S.A. | 0 | 0 | 0 | 0 | 0 | 1 |
| GKG.NET, INC. | 0 | 0 | 0 | 0 | 0 | 0 |
| LCN.COM LTD | 0 | 0 | 0 | 0 | 0 | 0 |
| NETCETERA | 0 | 0 | 0 | 0 | 0 | 0 |
| OVH SAS | 0 | 0 | 0 | 0 | 0 | 1 |
| PURPLE IT LTD | 0 | 0 | 0 | 0 | 0 | 0 |
| REGISTER S.P.A. | 0 | 0 | 0 | 0 | 0 | 0 |
| REGISTER.COM, INC. | 0 | 0 | 0 | 0 | 0 | 7 |
| REGISTER.IT SPA | 0 | 0 | 0 | 0 | 0 | 0 |
| SYNERGY WHOLESALE ACCREDITATIONS | 0 | 0 | 0 | 0 | 0 | 0 |
| WEBMANAGER.NG | 0 | 0 | 0 | 0 | 0 | 0 |
| WEBSPACEBAR | 0 | 0 | 0 | 0 | 0 | 0 |
Abuse by TLD, ccTLD and Free Sub-Domain
Domains by TLD: Quarterly 2024-01-01 to 2024-12-31 (All Domains)
| Domain End | Q1:Total | Q2:Total | Q3:Total | Q4:Total | Period:Total |
|---|---|---|---|---|---|
| com | 1068 | 1238 | 981 | 858 | 4145 |
| co.za | 136 | 133 | 187 | 141 | 597 |
| org | 49 | 76 | 38 | 46 | 209 |
| online | 21 | 35 | 29 | 20 | 105 |
| us | 37 | 18 | 18 | 14 | 87 |
| net | 31 | 23 | 16 | 14 | 84 |
| com.au | 19 | 13 | 22 | 19 | 73 |
| shop | 7 | 15 | 13 | 8 | 43 |
| co.uk | 12 | 11 | 6 | 7 | 36 |
| wixsite.com | 5 | 5 | 12 | 11 | 33 |
| de | 7 | 11 | 3 | 7 | 28 |
| info | 3 | 10 | 8 | 6 | 27 |
| store | 2 | 10 | 4 | 7 | 23 |
| education | 1 | 16 | 0 | 0 | 17 |
| pro | 1 | 2 | 1 | 10 | 14 |
| eu | 4 | 3 | 2 | 4 | 13 |
| live | 2 | 5 | 2 | 4 | 13 |
| co | 2 | 2 | 2 | 6 | 12 |
| sbs | 0 | 0 | 0 | 12 | 12 |
| uk | 2 | 0 | 5 | 4 | 11 |
| xyz | 2 | 4 | 2 | 2 | 10 |
| site | 0 | 1 | 6 | 1 | 8 |
| es | 1 | 2 | 4 | 0 | 7 |
| ca | 2 | 2 | 1 | 1 | 6 |
| top | 1 | 0 | 4 | 1 | 6 |
| icu | 0 | 1 | 0 | 4 | 5 |
| biz | 1 | 3 | 0 | 0 | 4 |
| cc | 1 | 0 | 1 | 2 | 4 |
| co.ke | 0 | 1 | 3 | 0 | 4 |
| nl | 0 | 1 | 2 | 1 | 4 |
| weebly.com | 1 | 2 | 1 | 0 | 4 |
| com.ng | 0 | 2 | 0 | 1 | 3 |
| delivery | 1 | 0 | 1 | 1 | 3 |
| tech | 0 | 3 | 0 | 0 | 3 |
| wordpress.com | 2 | 0 | 1 | 0 | 3 |
| au | 0 | 0 | 2 | 0 | 2 |
| blog | 1 | 1 | 0 | 0 | 2 |
| business.site | 2 | 0 | 0 | 0 | 2 |
| cfd | 0 | 0 | 2 | 0 | 2 |
| company.site | 1 | 0 | 1 | 0 | 2 |
| epizy.com | 0 | 1 | 1 | 0 | 2 |
| farm | 0 | 0 | 0 | 2 | 2 |
| foundation | 0 | 0 | 1 | 1 | 2 |
| in | 1 | 0 | 1 | 0 | 2 |
| to | 1 | 0 | 0 | 1 | 2 |
| vip | 0 | 1 | 1 | 0 | 2 |
| webflow.io | 0 | 1 | 0 | 1 | 2 |
| webnode.page | 1 | 0 | 1 | 0 | 2 |
| website | 0 | 0 | 1 | 1 | 2 |
| army | 0 | 0 | 1 | 0 | 1 |
| at | 0 | 1 | 0 | 0 | 1 |
| bond | 0 | 0 | 1 | 0 | 1 |
| buzz | 1 | 0 | 0 | 0 | 1 |
| capital | 0 | 0 | 1 | 0 | 1 |
| cloud | 1 | 0 | 0 | 0 | 1 |
| club | 0 | 0 | 1 | 0 | 1 |
| cn | 0 | 0 | 1 | 0 | 1 |
| co.in | 1 | 0 | 0 | 0 | 1 |
| co.tz | 0 | 0 | 1 | 0 | 1 |
| 0 | 0 | 0 | 1 | 1 | |
| energy | 0 | 1 | 0 | 0 | 1 |
| expert | 1 | 0 | 0 | 0 | 1 |
| fr | 0 | 0 | 1 | 0 | 1 |
| group | 0 | 0 | 1 | 0 | 1 |
| in.net | 0 | 1 | 0 | 0 | 1 |
| institute | 0 | 0 | 1 | 0 | 1 |
| is | 1 | 0 | 0 | 0 | 1 |
| jp | 0 | 0 | 0 | 1 | 1 |
| la | 0 | 0 | 1 | 0 | 1 |
| lease | 0 | 1 | 0 | 0 | 1 |
| life | 0 | 0 | 1 | 0 | 1 |
| ltd | 0 | 0 | 0 | 1 | 1 |
| mailchimpsites.com | 1 | 0 | 0 | 0 | 1 |
| net.ng | 0 | 1 | 0 | 0 | 1 |
| onrender.com | 0 | 1 | 0 | 0 | 1 |
| org.za | 1 | 0 | 0 | 0 | 1 |
| pw | 1 | 0 | 0 | 0 | 1 |
| ru | 0 | 0 | 1 | 0 | 1 |
| se | 0 | 0 | 0 | 1 | 1 |
| services | 0 | 1 | 0 | 0 | 1 |
| space | 0 | 0 | 1 | 0 | 1 |
| uk.com | 0 | 0 | 1 | 0 | 1 |
| ukit.me | 0 | 0 | 0 | 1 | 1 |
| university | 0 | 1 | 0 | 0 | 1 |
| webnode.fr | 1 | 0 | 0 | 0 | 1 |
| websites.co.in | 1 | 0 | 0 | 0 | 1 |
Domains by TLD: Quarterly 2024-01-01 to 2024-12-31 (Active Domains)
| Domain End | Q1:Active | Q2:Active | Q3:Active | Q4:Active | Period:Active | Cumulative Active |
|---|---|---|---|---|---|---|
| com | 462 | 857 | 868 | 768 | 2955 | 4213 |
| co.za | 66 | 100 | 148 | 133 | 447 | 608 |
| org | 25 | 50 | 31 | 35 | 141 | 185 |
| net | 16 | 17 | 14 | 12 | 59 | 106 |
| us | 12 | 13 | 13 | 9 | 47 | 61 |
| online | 15 | 19 | 8 | 1 | 43 | 51 |
| wixsite.com | 5 | 5 | 12 | 11 | 33 | 79 |
| shop | 3 | 9 | 8 | 6 | 26 | 26 |
| de | 6 | 9 | 3 | 7 | 25 | 34 |
| info | 2 | 5 | 7 | 5 | 19 | 23 |
| co.uk | 3 | 8 | 2 | 5 | 18 | 27 |
| education | 0 | 14 | 0 | 0 | 14 | 30 |
| pro | 1 | 1 | 1 | 10 | 13 | 13 |
| eu | 2 | 3 | 2 | 4 | 11 | 15 |
| co | 0 | 2 | 2 | 6 | 10 | 14 |
| live | 0 | 4 | 2 | 3 | 9 | 12 |
| es | 0 | 1 | 4 | 0 | 5 | 6 |
| store | 0 | 0 | 3 | 2 | 5 | 5 |
| top | 0 | 0 | 4 | 1 | 5 | 5 |
| uk | 0 | 0 | 2 | 3 | 5 | 7 |
| cc | 1 | 0 | 1 | 2 | 4 | 11 |
| nl | 0 | 1 | 2 | 1 | 4 | 5 |
| weebly.com | 1 | 2 | 1 | 0 | 4 | 16 |
| biz | 0 | 3 | 0 | 0 | 3 | 8 |
| delivery | 1 | 0 | 1 | 1 | 3 | 3 |
| tech | 0 | 3 | 0 | 0 | 3 | 3 |
| business.site | 2 | 0 | 0 | 0 | 2 | 20 |
| ca | 0 | 1 | 0 | 1 | 2 | 2 |
| co.ke | 0 | 1 | 1 | 0 | 2 | 3 |
| com.ng | 0 | 1 | 0 | 1 | 2 | 2 |
| company.site | 1 | 0 | 1 | 0 | 2 | 3 |
| in | 1 | 0 | 1 | 0 | 2 | 3 |
| site | 0 | 1 | 1 | 0 | 2 | 2 |
| to | 1 | 0 | 0 | 1 | 2 | 2 |
| vip | 0 | 1 | 1 | 0 | 2 | 2 |
| webflow.io | 0 | 1 | 0 | 1 | 2 | 3 |
| webnode.page | 1 | 0 | 1 | 0 | 2 | 4 |
| wordpress.com | 1 | 0 | 1 | 0 | 2 | 24 |
| army | 0 | 0 | 1 | 0 | 1 | 1 |
| at | 0 | 1 | 0 | 0 | 1 | 1 |
| blog | 0 | 1 | 0 | 0 | 1 | 2 |
| capital | 0 | 0 | 1 | 0 | 1 | 1 |
| club | 0 | 0 | 1 | 0 | 1 | 1 |
| cn | 0 | 0 | 1 | 0 | 1 | 2 |
| co.in | 1 | 0 | 0 | 0 | 1 | 1 |
| co.tz | 0 | 0 | 1 | 0 | 1 | 1 |
| 0 | 0 | 0 | 1 | 1 | 1 | |
| epizy.com | 0 | 0 | 1 | 0 | 1 | 1 |
| farm | 0 | 0 | 0 | 1 | 1 | 1 |
| foundation | 0 | 0 | 0 | 1 | 1 | 1 |
| fr | 0 | 0 | 1 | 0 | 1 | 2 |
| group | 0 | 0 | 1 | 0 | 1 | 1 |
| icu | 0 | 1 | 0 | 0 | 1 | 2 |
| in.net | 0 | 1 | 0 | 0 | 1 | 3 |
| is | 1 | 0 | 0 | 0 | 1 | 2 |
| jp | 0 | 0 | 0 | 1 | 1 | 1 |
| la | 0 | 0 | 1 | 0 | 1 | 1 |
| lease | 0 | 1 | 0 | 0 | 1 | 1 |
| life | 0 | 0 | 1 | 0 | 1 | 1 |
| ltd | 0 | 0 | 0 | 1 | 1 | 1 |
| net.ng | 0 | 1 | 0 | 0 | 1 | 1 |
| org.za | 1 | 0 | 0 | 0 | 1 | 1 |
| ru | 0 | 0 | 1 | 0 | 1 | 1 |
| se | 0 | 0 | 0 | 1 | 1 | 5 |
| space | 0 | 0 | 1 | 0 | 1 | 1 |
| ukit.me | 0 | 0 | 0 | 1 | 1 | 1 |
| university | 0 | 1 | 0 | 0 | 1 | 4 |
| website | 0 | 0 | 0 | 1 | 1 | 1 |
| websites.co.in | 1 | 0 | 0 | 0 | 1 | 2 |
| xyz | 0 | 0 | 1 | 0 | 1 | 1 |
| au | 0 | 0 | 0 | 0 | 0 | 0 |
| bond | 0 | 0 | 0 | 0 | 0 | 0 |
| buzz | 0 | 0 | 0 | 0 | 0 | 0 |
| cfd | 0 | 0 | 0 | 0 | 0 | 0 |
| cloud | 0 | 0 | 0 | 0 | 0 | 0 |
| com.au | 0 | 0 | 0 | 0 | 0 | 0 |
| energy | 0 | 0 | 0 | 0 | 0 | 0 |
| expert | 0 | 0 | 0 | 0 | 0 | 0 |
| institute | 0 | 0 | 0 | 0 | 0 | 0 |
| mailchimpsites.com | 0 | 0 | 0 | 0 | 0 | 0 |
| onrender.com | 0 | 0 | 0 | 0 | 0 | 0 |
| pw | 0 | 0 | 0 | 0 | 0 | 0 |
| sbs | 0 | 0 | 0 | 0 | 0 | 0 |
| services | 0 | 0 | 0 | 0 | 0 | 0 |
| uk.com | 0 | 0 | 0 | 0 | 0 | 0 |
| webnode.fr | 0 | 0 | 0 | 0 | 0 | 0 |
The co.za ccTLD Abuse
In 2024, the .co.za ccTLD was once again the second most abused TLD after .com. These statistics shows via which sponsoring registrar this abuse occurred.
.co.za ccTLD Quarterly: 2024-01-01 to 2024-12-31 (All Domains)
| Registrar | Q1:Total | Q2:Total | Q3:Total | Q4:Total | Period:Total |
|---|---|---|---|---|---|
| 1API GMBH | 60 | 61 | 86 | 44 | 251 |
| HOSTAFRICA | 18 | 23 | 25 | 30 | 96 |
| TRUEHOST CLOUD LIMITED | 1 | 11 | 13 | 17 | 42 |
| SA WEBHOSTS | 13 | 2 | 5 | 13 | 33 |
| SA DOMAIN | 7 | 2 | 15 | 2 | 26 |
| PDR LTD. D/B/A PUBLICDOMAINREGISTRY.COM | 5 | 2 | 1 | 13 | 21 |
| DOMAINS.CO.ZA | 5 | 6 | 3 | 4 | 18 |
| FRIKKADEL | 2 | 3 | 13 | 0 | 18 |
| ZACR | 7 | 3 | 5 | 0 | 15 |
| RAPHUS LTD | 2 | 4 | 3 | 1 | 10 |
| HOSTKING.CO.ZA | 2 | 4 | 2 | 1 | 9 |
| DYNADOT, LLC | 0 | 2 | 6 | 0 | 8 |
| GRANSY S.R.O. D/B/A SUBREG.CZ | 0 | 0 | 0 | 8 | 8 |
| WEBSPACEBAR | 2 | 5 | 0 | 0 | 7 |
| INSLYHOST.COM | 2 | 1 | 2 | 1 | 6 |
| EPAG DOMAINSERVICES GMBH | 0 | 1 | 2 | 2 | 5 |
| REGISTER DOMAIN SA | 0 | 1 | 1 | 1 | 3 |
| VEHOST.CO.ZA | 2 | 0 | 1 | 0 | 3 |
| AXXESS DSL | 1 | 0 | 1 | 0 | 2 |
| HALOWEB.CO.ZA | 2 | 0 | 0 | 0 | 2 |
| KEY-SYSTEMS GMBH | 0 | 1 | 0 | 1 | 2 |
| WEB4AFRICA INC. | 0 | 1 | 0 | 1 | 2 |
| WEBAFRICA NETWORKS | 0 | 0 | 2 | 0 | 2 |
| ZA DOMAINS | 2 | 0 | 0 | 0 | 2 |
| AFRIHOST | 1 | 0 | 0 | 0 | 1 |
| EURODNS S.A. | 1 | 0 | 0 | 0 | 1 |
| GANDI SAS | 1 | 0 | 0 | 0 | 1 |
| HOSTING CONCEPTS B.V. DBA OPENPROVIDER | 0 | 0 | 0 | 1 | 1 |
| INSTRA CORPORATION PTY LTD. | 0 | 0 | 1 | 0 | 1 |
| REALTIME REGISTER B.V. | 0 | 0 | 0 | 1 | 1 |
.co.za ccTLD Quarterly: 2024-01-01 to 2024-12-31 (Active Domains)
| Registrar | Q1:Active | Q2:Active | Q3:Active | Q4:Active | Period:Active | Cumulative Active |
|---|---|---|---|---|---|---|
| 1API GMBH | 26 | 44 | 70 | 38 | 178 | 220 |
| HOSTAFRICA | 13 | 20 | 23 | 30 | 86 | 89 |
| TRUEHOST CLOUD LIMITED | 0 | 9 | 12 | 17 | 38 | 45 |
| SA WEBHOSTS | 4 | 2 | 3 | 13 | 22 | 27 |
| FRIKKADEL | 2 | 2 | 13 | 0 | 17 | 18 |
| PDR LTD. D/B/A PUBLICDOMAINREGISTRY.COM | 1 | 2 | 1 | 13 | 17 | 17 |
| ZACR | 7 | 3 | 5 | 0 | 15 | 15 |
| DOMAINS.CO.ZA | 1 | 5 | 2 | 4 | 12 | 27 |
| DYNADOT, LLC | 0 | 2 | 6 | 0 | 8 | 10 |
| GRANSY S.R.O. D/B/A SUBREG.CZ | 0 | 0 | 0 | 8 | 8 | 8 |
| HOSTKING.CO.ZA | 2 | 3 | 2 | 1 | 8 | 26 |
| INSLYHOST.COM | 2 | 1 | 2 | 1 | 6 | 6 |
| EPAG DOMAINSERVICES GMBH | 0 | 1 | 2 | 2 | 5 | 45 |
| RAPHUS LTD | 1 | 2 | 2 | 0 | 5 | 6 |
| SA DOMAIN | 2 | 1 | 1 | 1 | 5 | 9 |
| AXXESS DSL | 1 | 0 | 1 | 0 | 2 | 3 |
| KEY-SYSTEMS GMBH | 0 | 1 | 0 | 1 | 2 | 4 |
| REGISTER DOMAIN SA | 0 | 1 | 0 | 1 | 2 | 2 |
| VEHOST.CO.ZA | 1 | 0 | 1 | 0 | 2 | 10 |
| WEB4AFRICA INC. | 0 | 1 | 0 | 1 | 2 | 3 |
| WEBAFRICA NETWORKS | 0 | 0 | 2 | 0 | 2 | 6 |
| ZA DOMAINS | 2 | 0 | 0 | 0 | 2 | 2 |
| HALOWEB.CO.ZA | 1 | 0 | 0 | 0 | 1 | 1 |
| HOSTING CONCEPTS B.V. DBA OPENPROVIDER | 0 | 0 | 0 | 1 | 1 | 4 |
| REALTIME REGISTER B.V. | 0 | 0 | 0 | 1 | 1 | 1 |
| AFRIHOST | 0 | 0 | 0 | 0 | 0 | 1 |
| EURODNS S.A. | 0 | 0 | 0 | 0 | 0 | 0 |
| GANDI SAS | 0 | 0 | 0 | 0 | 0 | 0 |
| INSTRA CORPORATION PTY LTD. | 0 | 0 | 0 | 0 | 0 | 1 |
| WEBSPACEBAR | 0 | 0 | 0 | 0 | 0 | 0 |
It should be noted that these domains are used in ways that are at odds with South Africa’s laws, namely the Consumer Protection Act of 2008 and also the new newer Cyber Crimes Act of 2020. They are also used in ways prohibited by the registry’s own terms as reflected it it’s own Anti-Abuse and Takedown Policy.
Note to registrars, registries and law enforcement
Artists Against 419 does not only say it, we can also prove it. We record numerous attributes for each entry in our database. While some of these are publicly visible at https://db.aa419.org, we also record additional evidence of maliciousness. These includes website snapshots with embedded EXIF data, source code of interesting pages, email headers and/or linking data.
We appreciate outreach from any registrar and registry alike where they are keen to understand the nature of this maliciousness and wish to mitigate. You are the parties either abused or used as an entry point for this fraud on the web. We are more than happy to share data with you for mitigation purposes and we even have an API for you to use. The choice is yours to be part of the solution or part of passive crime facilitation. It may be worthwhile reading Towards an Understanding of Enablement in Online Non-delivery Fraud by Dr Jack Whittaker. Remember, these domains are purchased with the proceeds of fraud to facilitate further fraud.
We may mitigate till the cows come home to protect consumers, but you are the parties that ultimately stop this illegal abuse.
We do not charge any fees for such cooperation.