In other study results, it appears that using hacked domains as launch pads for attacks is increasing. Some 14.5% of phishing attacks came from what APWG called malicious domains registered by phishers themselves. That is down from 18.5% in the second half of last year, the period for the group's previous Global Phishing Survey. "Virtually all the rest were hacked or "compromised" domains belonging to innocent site owners," the study says.

Of the malicious domains, 43% were launchpads for the Avalanche attack.

Two top level domains - .pe (Peru) and .th (Thailand) – score highest in a measure of how many second and third level domains within them are used to launch phishing attacks. The average score across all domains was 6.9, and .pe scored 20 while .th scored 16.

Overall, attacks came from 30,131 domains distributed among 171 top level domains. Half (50.3%) of these domains fell within the .com top level domain, 8.5% within .net and 5.6 within .org. The next three most often used top level domains were .eu, .ru and .de, all with less than 3%.