Key findings and highlights<\/strong><\/h2>\n\n\n\nBetween January 1, 2023, and December 24, 2024, CSC analyzed the behavior of third-party domains targeting major online betting websites. Our research identified 5,000 unique domain registrations mimicking well-known sportsbooks. Due to domain expirations, about 3,400 of these domains remained active as of December 24.<\/p>\n\n\n\n
<\/div>\n\n\n\nIdentifying domain risks: Dormant, parked, and live unauthorized sites<\/strong><\/h3>\n\n\n\nUnderstanding how third parties register and use betting-related domains is key to assessing security risks. Some domains remain dormant, others are parked with placeholder content, and some resolve to live websites\u2014each category presenting different threats. Among the 3,400 third-party domains that were still registered, we found the following trends.<\/p>\n\n\n\n
\n- Dormant domains (55%)<\/strong> \u2013 While currently inactive, these domains can be activated at any time for phishing, malware distribution, or impersonation schemes. Of these dormant domains, 8% have mail exchange (MX) records configured, indicating potential for email phishing, and 19% have valid secure sockets layer (SSL) certificates, which can lend credibility to fraudulent sites.<\/li>\n\n\n\n
- Parked domains (17%)<\/strong> \u2013 These domains display placeholder content or ads but contain well-known betting brand names, suggesting that may be reserved for traffic diversion or future misuse.<\/li>\n\n\n\n
- Live unauthorized site (28%)<\/strong> \u2013 These domains actively host live content, with 13 attracting enough traffic to rank among the top one million websites globally\u2014despite no verified connection to the original betting brands.<\/li>\n<\/ul>\n\n\n\n<\/div>\n\n\n\n
Figure 1. Domain name activity<\/strong><\/h3>\n\n\n\n![\"\"](\"https:\/\/cscwebcontentstorage.blob.core.windows.net\/cscmarketing-cscdbs-media\/2025\/02\/Figure-1-Domain-Name-Activity-v.2.png\")
<\/figure>\n\n\n\n<\/div>\n\n\n\nCommon infrastructure in third-party betting domains: Registrars, SSL providers, and keyword trends<\/strong><\/h3>\n\n\n\nThreat actors don\u2019t always rely on obscure or offshore infrastructure\u2014many use mainstream domain registrars and SSL providers to lend legitimacy to their operations. While some third-party domains are registered through lesser-known services, others use well-established registrars and encryption providers, making them harder to distinguish from genuine sites.<\/p>\n\n\n\n
The table below highlights the most frequently used domain registrars and SSL providers associated with third-party domains, as well as the top keywords observed in these registrations. Understanding these patterns can help businesses anticipate emerging threats and refine their security strategies.<\/p>\n\n\n\n
Identifying domain risks: Dormant, parked, and live unauthorized sites<\/strong><\/h3>\n\n\n\nUnderstanding how third parties register and use betting-related domains is key to assessing security risks. Some domains remain dormant, others are parked with placeholder content, and some resolve to live websites\u2014each category presenting different threats. Among the 3,400 third-party domains that were still registered, we found the following trends.<\/p>\n\n\n\n
\n- Dormant domains (55%)<\/strong> \u2013 While currently inactive, these domains can be activated at any time for phishing, malware distribution, or impersonation schemes. Of these dormant domains, 8% have mail exchange (MX) records configured, indicating potential for email phishing, and 19% have valid secure sockets layer (SSL) certificates, which can lend credibility to fraudulent sites.<\/li>\n\n\n\n
- Parked domains (17%)<\/strong> \u2013 These domains display placeholder content or ads but contain well-known betting brand names, suggesting that may be reserved for traffic diversion or future misuse.<\/li>\n\n\n\n
- Live unauthorized site (28%)<\/strong> \u2013 These domains actively host live content, with 13 attracting enough traffic to rank among the top one million websites globally\u2014despite no verified connection to the original betting brands.<\/li>\n<\/ul>\n\n\n\n<\/div>\n\n\n\n
Figure 1. Domain name activity<\/strong><\/h3>\n\n\n\n<\/figure>\n\n\n\n<\/div>\n\n\n\nCommon infrastructure in third-party betting domains: Registrars, SSL providers, and keyword trends<\/strong><\/h3>\n\n\n\nThreat actors don\u2019t always rely on obscure or offshore infrastructure\u2014many use mainstream domain registrars and SSL providers to lend legitimacy to their operations. While some third-party domains are registered through lesser-known services, others use well-established registrars and encryption providers, making them harder to distinguish from genuine sites.<\/p>\n\n\n\n
The table below highlights the most frequently used domain registrars and SSL providers associated with third-party domains, as well as the top keywords observed in these registrations. Understanding these patterns can help businesses anticipate emerging threats and refine their security strategies.<\/p>\n\n\n\n
Figure 1. Domain name activity<\/strong><\/h3>\n\n\n\n<\/figure>\n\n\n\n<\/div>\n\n\n\nCommon infrastructure in third-party betting domains: Registrars, SSL providers, and keyword trends<\/strong><\/h3>\n\n\n\nThreat actors don\u2019t always rely on obscure or offshore infrastructure\u2014many use mainstream domain registrars and SSL providers to lend legitimacy to their operations. While some third-party domains are registered through lesser-known services, others use well-established registrars and encryption providers, making them harder to distinguish from genuine sites.<\/p>\n\n\n\n
The table below highlights the most frequently used domain registrars and SSL providers associated with third-party domains, as well as the top keywords observed in these registrations. Understanding these patterns can help businesses anticipate emerging threats and refine their security strategies.<\/p>\n\n\n\n
<\/figure>\n\n\n\n