Threat Research

Global Domain Activity Trends Seen in Q1 2025

CircleID
Global Domain Activity Trends Seen in Q1 2025

The Q1 2025 global domain activity report reveals a 3.9% decline in newly registered domains compared to the previous quarter, with .com remaining the dominant gTLD and .cc showing significant NRD volume-to-population incongruence. Additionally, malicious domains mostly used .com, .org, and .ru extensions among others as indicators of compromise for cyber threats. #NewlyRegisteredDomains #ccTLD #MaliciousDomains

Keypoints

  • The number of newly registered domains (NRDs) decreased by 3.9% from 24.4+ million in Q4 2024 to 23.4+ million in Q1 2025.
  • Generic top-level domains (gTLDs) accounted for 3.3 times the volume of country-code TLDs (ccTLDs) in Q1 2025.
  • .com remained the most popular gTLD whereas .de was the only ccTLD in the top 10 for new registrations.
  • GoDaddy led NRD registrations with a 14.9% market share, followed by Namecheap at 10.4% and Dynadot at 5.0%.
  • The .cc ccTLD of the Cocos (Keeling) Islands showed a pronounced NRD volume-to-population size incongruence with 221,075 NRDs despite only 593 residents.
  • Among 2.1+ million malicious domains identified as indicators of compromise (IoCs) in Q1 2025, .com dominated with 16.8%, followed by extensions like .org, .net, and ccTLDs .ru and .cn.
  • The report provides valuable insights for understanding domain registration trends and DNS activity relevant for business strategies and cybersecurity.

MITRE Techniques

  • [T1583.001] Domain Registration – Acquire Infrastructure by registering domains used for malicious activity and IoCs; ‘Threat actors continued to favor using .com domains over others, with the gTLD accounting for 16.8% of the total IoC volume.’
  • [T1071.004] DNS – Application Layer Protocol: DNS – Used to observe DNS activity and resolutions associated with domain infrastructure, citing ‘1.5+ billion name server (NS) resolutions for the past 365 days based on our passive DNS database file for April 2025.’

Indicators of Compromise

  • [Domain Names] Malicious domains tagged as IoCs in Q1 2025 – examples include .com, .org, .net, .ru, and .cn domains forming 16.8% of the total IoC volume.

 

Read more: https://circleid.com/posts/global-domain-activity-trends-seen-in-q1-2025

SHARE THIS STORY

WhatsAppX (Twitter)TelegramBlueskyFacebookLinkedInThreadsEmailPrint