Do Criminals “age” Domains?

It’s widely understood that criminals most often acquire domains through direct registration, use them shortly after acquisition, and repeat this process when they begin their next campaign(s). We call these malicious domain registrations.

It’s also been observed that some criminals acquired domain names months, even years before they were used in a campaign – through domain hijacking, by registering neglected domains, or registering and storing domains before using them – reasoning that old domains might evade detection systems that used domain age as a trust indicator.

Today, we’ll look at data that we recently ingested at our Cybercrime Information Center to understand which of these conventional wisdoms hold water.

https://interisle.substack.com/p/do-criminals-age-domains

#phishing #spam #cybercrime #domain

Phishing Domain Lifecycles

Phishers use a lot of domain names.

Our research shows that most phishing domains are registered by the phishers, often in bulk.

Phishers only have one purpose for these names: point them to fake pages and profit from victims lured there for as long as they can.

Investigators are constantly reporting phishing domains and these are blocklisted or shut down. Ideally, phishing domains have short lifetimes.

Is this conclusion fact or folklore?

Matt Piscitello begins a series of articles that look phishing domain lifecycles and lifetimes in https://interisle.substack.com/p/phishing-domain-lifecycles?r=59cehk

#phishing #domains #dnsabuse

Phishing in the 2020s: What Can be Done to Reduce Phishing Attacks?

In this post we’ll look at what users can do to avoid becoming victims of phishing and, importantly, what domain name, subdomain, and hosting providers need to be doing to prevent criminals from using their services for malicious activities.

https://interisle.substack.com/p/phishing-in-the-2020s-what-can-be

You'll find more detailed recommendations in our Phishing Landscape Study

https://interisle.net/phishinglandscape2025

#phishing #cybercrime #dnsabuse

Phishing in the 2020s: Where in the World Are Phishing Pages Hosted?

In this post, we look at the top countries where phishing pages have been hosted. Teaser: Of the thirty-two countries that have appeared in the top twenty over a 5-year period, ten have appeared every year.

https://interisle.substack.com/p/phishing-in-the-2020s-where-in-the

#phishing #hosting #cybercrime #ASN

subscribe: https://interisle.substack.com/subscribe

Phishing in the 2020s: Hosting Networks

In previous posts we looked at top-level domains and domain registrars that phishers most exploited over the past 5 years. In this post, we look at the hosting networks (ASNs) with the highest numbers of phishing attacks reported.

https://interisle.substack.com/p/phishing-in-the-2020s-hosting-networks

#phishing #ASN #hosting #cybercrime #dnsabuse #cybersecurity

If you like what you've been reading, subscribe.

https://interisle.substack.com/subscribe

YouTube subscribers:

Jimmy Kimmel - 21M
Stephen Colbert - 10M
John Stewart - 13M

Donald Trump - 4M

Um...
Who's got lousy ratings?
Who's not funny?

#stopcensorship

Case study: How a single spam campaign affects service provider reputation

Matt Piscitello takes a close look at a spam campaign involving bulk registrations during the month of August 2025. He explains how #Interisle establishes evidence of bulk registration behavior, identifies what operators were affected, and discusses aspects of reputational harm resulting from the campaign.

https://interisle.substack.com/p/case-study-how-a-single-spam-campaign

#spam #bulkregistrations #dnsabuse #reputation #cybercrime #interisle

Cybercrime Activity Reported in August 2025

Interisle's monthly look at cybercrime activity during August 2025 is now posted. We point out anything that strikes us as particularly interesting in overall numbers as well as significant changes in ranking for Top Level Domains (TLDs), Registrars, and Hosting Networks.

https://interisle.substack.com/p/cybercrime-reported-in-august-2025

#cybercrime #malware #phishing #spam #dnsabuse

Phishing in the 2020s: Brand Used in Phishing Attacks

In this post, Interisle looks at well-known brand names that phishers embed in domain names that they register, in the hope of fooling users into believing that content actually comes from the brand owner.

https://interisle.substack.com/p/phishing-in-the-2020s-brand-used

#phishing #fraud #brandinfringement #impersonation #fakesitedomains

Phishing Landscape 2025 Report Released

Phishing Rises to New High of Nearly 2 Million Attacks over 12 Months According to New Interisle Report

Key report findings include:

Phishing attacks rose to 1.96 million a year, a 182% increase since 2021.

Domain Name Abuse Surges to New High: The total number of domain names used in phishing attacks rose 38% to over 1.5 million—the highest ever recorded.

Cybercriminal Domain Purchasing Soars: 77% of all domain names used in phishing attacks were maliciously registered by cybercriminals.

Bulk Registration Enables More Attacks: 37% of all phishing domains were acquired through bulk domain name registration services.

Over half of all phishing sites were hosted by U.S.-based companies. The U.S. has been the top hosting location for phishing for five consecutive years.

The report also examines how domain registration requirements and pricing affect phishing scores in gTLDs and ccTLDs.

https://interisle.substack.com/p/phishing-landscape-2025-report-released

#phishing #dnsabuse #dns #cybercrime