Phishing Trends: November - January 2023

Contributed by Dave Piscitello, Interisle Consulting Group

Our quarterly Phishing Activity pages report where we observe phishing attacks by Top-level Domains, Domain Registrars, and Hosting Networks. Here, we share some insights from the phishing activity reported for the November - December 2023 period.

Is Freenom on the verge of a free fall?

Freenom’s 5 commercialzed ccTLDs have negatively affected ccTLD phishing reputation for some time. On March 7, 2023, Brian Krebs reported that, Sued by Meta, Freenom Halts Domain Registrations. In his article, Brian shares data from Interisle’s 2021 Phishing Landscape study, which is also cited in the lawsuit. Interisle’s 2022 Phishing Landscape study reported that “Phishing in the ccTLD category continues to be artificially swollen by phishing domains reported in five commercialized ccTLDs run by Freenom (.TK, .ML, .GA, .CF, .GQ), which offers free domain name registrations”.

Our data shows that certain neighborhoods – IP address prefixes, belonging to specific hosting network providers – are hotspots for phishing activity.

Would you want to host your website in one of these neighborhoods? Do you want your users to visit them?

The 75,518 IP addresses in these six neighborhoods represent 18% of all the addresses identified for phishing activity.

72% of domains reported for phishing were malicious domain name registrations

308,467 of the 426,364 unique
domains reported for phishing

NameSilo (1) and PDR (2)
had the most malicious
domain name registrations

Our November - January 2023 data show that Freenom’s ccTLDs continued to be attractive to phishers. Visit again when we publish our February - March 2023 phishing activity to see what effect the lawsuit has on phishing in the ccTLDs.