You would think that phishing crooks who use throwaway domains would be smart enough to let the domains "age" a bit -- weeks or even months -- before using them to send out phishing attacks. But apparently not! Some send them out starting the same day or the next day. Pretty obvious.
Follow
There were (are?) some registries (or individual registrars? sadly I don't remember the details anymore) where you could get refunded if you returned the domain within something like a day of buying it. If they still exist, that might be one reason for this weird behaviour.
