Namecheap was most abused domain registrar in Botnets

Spamhaus has named Namecheap the most abused domain registrar in Botnets in Q3-2019.

The main problem here is that Namecheap is number one abused registrar by a very wide margin from the other registrars.

The amount of newly detected botnet command & control servers (C&Cs) reached an all-time high in July this year with more than 1,500 botnet C&Cs detected by Spamhaus Malware Labs. This is far in excess of the monthly average, set in the first half of this year, of 1,000 botnet C&Cs.

Report on the most abused domain registrars, Q3 2019

Namecheap: The US-based domain registrar ‘Namecheap’ continued to be the favorite place for malware authors to register their botnet C&C domains.

OpenProvider: The number of fraudulently registered domain names registered through the Dutch domain registrar ‘OpenProvider’ (aka ‘Hosting Concepts’) almost doubled from 188 in Q2 to 344 in Q3, placing them at #3 in the chart.

Register.com: Great work by ‘register.com’, who looks to have improved processes, as they no longer appeared on our Top 20 most abused domain registrars in Q3. This is in stark comparison to Q1, where they accounted for 22% of the total number of registered domains used for botnet C&Cs.

Newcomers: Newcomers to our chart of most abused domain registrars were the German based domain registrar ‘Key Systems’ and the French registrar ‘OVH’.

(An article on the most abused domain name extensions is coming in a couple of days.)

Sold.Domains

About Konstantinos Zournas

Konstantinos studied Computer Engineering and Computer Science in London and lives in Athens, Greece. He loves domains and building websites. He is online since 1995, learned about html in 1996 and got into domains in 2002. He started the OnlineDomain.com blog in 2012.

3 comments

  1. I have no doubt the title is well justified. From a personal experience, I have been flooded by spam coming from domains registered at NameCheap. Most are either .ICU or .Best domains as I’ve reported on DomainGang, and all my complaints and submissions of these domains – that use Cloudflare as a DNS proxy – come with a standard response.

    NameCheap apparently agrees to go as low as possible with retail domain registrations, e.g. $1.80 for .ICU domains. Scammers and spammers seize the opportunity to get disposable domains cheap and the circle continues. https://domaingang.com/domain-news/namecheap-and-cloudflare-domain-spam-is-currently-out-of-control/

    ICANN should have a process in place that penalizes such inability to eradicate spam. For what it’s worth, spam from .XYZ domains is very very low. Perhaps NameCheap should collaborate with the .XYZ Registry to figure out how they achieve this.

    • Konstantinos Zournas

      Yes I watched the twitter thread between you and Namecheap. I too get a lot of spam from .icu domains.

      To be fair you are comparing a registrar Namecheap with a registry .xyz. Maybe the .icu registry must do something about this mess…

      • The problem isn’t just .ICU or just .Best, it’s the agreement between NameCheap and these registries (and probably others.) They hit rock bottom price-wise thus enabling spammers with their throwaway domains.

        I mentioned .XYZ because they do have technology disabling spammers quickly. NameCheap has done nothing as far as I see to stop spammers’ accounts.

        NameCheap also accepts Bitcoin which adds another layer of anonymity for the spammers, on top of the Cloudflare use.

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.