Here is a stat table of most used TLDs used for Phishing(FAKE PAGE which Leads to Hacking).
The last statistics set is about the top level domains which got used most for hosting phishing sites and malware. There are some interesting observations.
|#||Top-Level-Domain||%||Deviation in % from December 2009||Top-Level-Domain||%||Deviation in % from December 2009|
As you can see, there is significantly less malware hosted in China. This is the desired effect of the changes in the registration process for chinese domains which were coming into effect a short time ago in the middle of December 2009.
Many of these phishing and malware URLs now point directly to IP addresses instead to a proper full qualified domain name.