Interisle Study Finds Malicious Actors Accounted for 10-20% of New Domain Name Registrations in 2025

Cybercriminals rely on a steady supply of cheap, disposable domain names to conduct attacks, which they can easily obtain in volume in the current market

BOSTON, MA, UNITED STATES, June 1, 2026 /EINPresswire.com/ -- A new analysis by Interisle Consulting Group finds that cybercriminals registered a significant share of new domain name registrations in 2025, representing a substantial percentage of the generic Top-Level Domain (gTLD) market. The study establishes that malicious actors purchased at least 10 percent of all newly registered gTLD domains in 2025, with projections indicating that the actual share may be closer to 20 percent.

In 2025, nearly 85 million gTLD domains were newly registered. As of mid-May 2026, 8.5 million of those domains — 10 percent — had been added to blocklists for malicious activity. Applying conservative projections for additional future blocklisting and associated domains registered by criminals not identified by blocklists, the study estimates that bad actors may have purchased 16.8 million domains, or 20 percent of gTLD registrations.

“Cybercriminal demand represents a significant share of new domain registrations, particularly where domain names are cheap and easy to acquire,” said Greg Aaron, Interisle partner and study co-author. “Abuse is also highly concentrated in certain places. Some gTLD registries and registrars had more than half — and in some cases up to 80 percent — of their 2025 new registrations blocklisted.” Five registrars accounted for 50 percent of all blocklisted gTLD domains created in 2025, while several registries received hundreds of thousands to a million or more malicious registrations each.

Cybercriminals rely on a steady supply of cheap, disposable domain names to conduct attacks, which they can easily obtain in mass quantities in the current market. “Market dynamics and certain industry practices that reward volume sales are contributing to the abuse problem,” said Karen Rose, Interisle partner and study co-author. “The exorbitant costs and consequences of cybercrime facilitated by these domains, however, are borne by victims, businesses, and society at large.”

The study notes that abuse at this scale is not inevitable, however. “Some registries and registrars grew without attracting outsized levels of abuse, indicating that provider practices and abuse prevention and mitigation choices can affect the quality of business,” Rose added.

Interisle concludes that more effective abuse prevention and mitigation policies and enforceable contractual measures are needed to reduce cybercriminals’ access to domain names while supporting sustainable business from legitimate customers, particularly since new open gTLDs will be introduced in 2027 and beyond.

The full report, Malicious Registrations in the Domain Name Market: An Analysis of 2025 gTLD Registrations and Cybercriminal Demand, is available at https://interisle.net/cybercriminaldomaindemand. It includes detailed methodology, case studies, and registrar- and gTLD-level data.

About Interisle Consulting Group

Interisle Consulting Group is an independent consulting and research firm specializing in Internet and telecommunications technology, policy, and security. The firm’s work is used by policymakers, industry participants, and security professionals worldwide.

Karen Rose
Interisle Consulting Group
media@interisle.net
Visit us on social media:
Other

Legal Disclaimer:

EIN Presswire provides this news content "as is" without warranty of any kind. We do not accept any responsibility or liability for the accuracy, content, images, videos, licenses, completeness, legality, or reliability of the information contained in this article. If you have any complaints or copyright issues related to this article, kindly contact the author above.