Sedo listed as top for phishing sites, which doesn’t make a lot of sense.
HostExploit has released its latest World Hosts Report (which has been renamed from its previous moniker “Bad Hosts”).
Domain name parking company Sedo shows up ranked #2 for phishing sites.
Now, you may be scratching your head and asking “how does a domain parking service get nailed for phishing?”.
It’s most likely due to old data. Parking companies get ensnared in this report because they park a lot of domains that were previously use for nefarious purposes. The owners let them expire or they are suspended, and then they later get pointed to parking company servers. The HostExploit sees the domain on a list, but doesn’t realize the activity occurred at a previous host.
That’s one of the reasons Oversee.net, owner of DomainSponsor, was previously ranked #1 on the overall list.
In fact, the report applauds eNom and Oversee for cleaning up their act:
So the over-riding good new is: it is possible for hosts to clean up. But what incentives are there to do so?
But what did Oversee.net do to clean up its act? It wasn’t perpetrating the “crimes”, it was merely parking domains that were previously used by bad actors. So really it just stopped registering/parking domains that had been used by bad actors in the past. (It also helped when Moniker was split off from Oversee.)
Update: I received this additional info from a HostExploit volunteer:
Sedo’s ranking overall of #229, but #2 in phishing, is due to a number of domains used for phishing in particular. These domains are currently parked, but in many cases the parking immediately follows a period of the domain being used for illicit activities. In some cases, domains are then un-parked after a period of inactivity and used again for illicit activities.
The result is that Sedo, ASN 47846 as a Tier 2 domain parking platform, clearly some users are ensuing phishing scams. Small registrars can do little about this, but a domain parker of the size
of Sedo is and should be expected to actively avoid providing services for such domains. As with other Tier 2 domain parking platforms, the question arises do they control ‘all’ domain records, i.e. not just the ‘A record’ but also, sub-domains, MX, etc.?Sedo should be seen in the context where several domain parking platforms have had their issues but two examples we have worked with following earlier high levels of reported badness hosted/re-directing to badness:
(a) ASN 33626 OVERSEE was # 1 in 2011 is now down to a very good #941 – mitigated with our help, but originally due to only parking the domain(s) ‘A record’, this allowed for users to maintain MX & sub domains elsewhere. Which although the A record was clean the MX & sub-domains were not. Resolved by changes in procedure for parking and changes to their TOS (terms of service)
(b) ASN 21740 eNom / DemandMedia, also an earlier #1, now down to a creditable # 1,148 following mitigation and improved abuse management.
Leave a Comment