A lawsuit brought against domain name registrar Freenom by social media company Meta has led to a significant drop in phishing websites tied to the provider, according to cybercrime research group Interisle Consulting Group. Meta sued Freenom in December 2022, alleging that the domain name registry ignored complaints about abusive, phishing websites while monetizing traffic to them. Interisle data showed that by the time of the suit, Freenom was responsible for over 60% of new phishing domains arising from country-code top-level domains. In the months surrounding the lawsuit, however, the percentage of phishing domains in those domains went below 15%, as Freenom’s role in hosting such domains fell sharply.
Freenom’s country-code top-level domains include country domains for the Central African Republic, Gabon, Equatorial Guinea, Mali, and Tokelau. While Freenom does not charge registration fees for domains within these domains, it reserves the right to take them back at any time and to redirect traffic to other websites. Reports from Freenom users have said that free domains have been removed from their control before being forwarded on to other sites. Even after receiving warnings of illegal use or phishing, Freenom has continued to license infringing domain names to those same customers, according to Meta’s complaint.
In 2021 and again last year, Interisle research found that Freenom’s five domains were on the Top Ten TLDs most abused by phishers. Meta’s complaint accused Freenom of shielding its customers’ identities despite evidence from the company’s own service that domain names were being used illegally.
Interisle monitors 12 major blocklists for spam, malware, and phishing, and it receives phishing-specific data from Spamhaus, Phishtank, OpenPhish, and the APWG Ecrime Exchange. It publishes historical data sets quarterly covering malware and phishing. Partner Dave Piscitello of Interisle said the time frame was too short to assess the lawsuit’s full impact, as different list providers may take domains down based on different policies, but Interisle’s data showed a significant reduction in phishing domains stemming from Freenom.
The lawsuit was the second in recent years to disrupt the phishing industry following a Meta suit against registrar Namecheap in 2020. Meta claimed that Namecheap had been involved in cybersquatting and trademark infringement. The parties settled in 2022, after which the number of new phishing domains using Namecheap fell by over 50%, according to Interisle.
Piscitello noted that the lawsuits have had little impact on the total number of phishing domains, which have continued to rise in volume. He said phishers were drawn to providers offering the least resistance and the lowest price per domain and referred to domain registrars’ promotions of cheap domains as leading to a simply cycle of phishers buying large numbers of such domains, exhausting them and then moving to another provider.