Cybercriminals continue to heavily abuse domains for phishing attacks. It has found that 96% used Generic (gTLD) or Country Code (ccTLD) Top-level Domains.
There were seven ccTLDs represented among the top 10 most abused TLDs. The seven had 83% of all phishing scams hosted on ccTLDs.
It should be noted that five of the seven ccTLDs can be registered for free:
.ML (Mali)
.TK (Tokelau)
.GA (Gabon)
.CF (the Central African Republic)
.GQ (Equatorial Guinea)