New study suggests 10% to 20% of domains are registered for bad purposes, but it might be even higher.
Every month, eight to ten million domain names are registered. How many of these are registered for malicious purposes?
It depends on who you ask, but most agree that it’s a substantial amount.
Today, Interisle issued a report showing that 10% of gTLD domains registered in 2025 have been added to blocklists, and almost all of these were registered for malicious purposes rather than being compromised. It suspects the actual number of domains registered by bad actors is around 20% of all registrations.
That might undercount the issue. WhoisXML API analyzes 8-10 million new registrations every month and generally estimates that about a quarter of them are registered for malicious purposes.
Interisle notes that much of the bad activity is in new top level domains. While 4.9% of .com domains and 4.0% of .org domains registered last year were added to blocklists, 35% of .top domains were.
The company also calls out .mobi, for which a whopping 63% of domains registered last year landed on blocklists.
Some smaller TLDs had even higher percentages of new registrations added to blocklists.
Bad actors love cheap domains. Research (pdf) published last year found that each dollar decrease in registration fees leads to a 49% increase in malicious domains.
Bad actors also like certain domain registrars.
According to Interisle, a third of registrations at Gname last year ended up on blocklists. But it wasn’t the worst: NiceNic was 88%, MainReg Inc was 86%, and Aceville was 83%.
Some of the better registrars, with under 5% added to blocklists, were GoDaddy, GMO, Newfold Digital, and Tucows.
Leave a Comment