June 2023: Domain Activity Highlights
Of the millions of domains registered on 1–30 June 2023, WhoisXML API researchers studied a randomized sample of 30,000 to determine commonalities in their registrant country, registrar, and TLD.
In addition, we examined the domains’ text string usage to uncover potentially emerging trends. This study’s findings and links to threat reports developed using DNS, IP, and domain intelligence sources are summarized below.
Zooming in on the June NRDs
TLD Distribution
The most used TLD extensions in June were a combination of major gTLDs and ngTLDs. The .com TLD extension remained the most used, accounting for 57% of the total domain registration volume. The rest of the top 10 TLD extensions were .top (4%), .xyz (3%), .net (3%), .online (3%), .org (3%), .cfd (3%), .shop (3%), .site (2%), and .info (2%) as shown in the chart below.
WHOIS Data Redaction
About 72% of the NRDs had redacted WHOIS records, similar to May, when we saw 73% of the new domains employ various redaction methods. Domains By Proxy remained the most common WHOIS privacy service provider, followed by Withheld for Privacy, Contact Privacy Inc., Whois Privacy Protection Service by onamae.com, Privacy Protect, PrivacyGuardian.org, and Private by Design LLC.
Several of the NRDs’ registrant organization fields also contained labels like Redacted for privacy and GDPR Masked.
About 19% of the NRDs’ owners left the registrant organization field blank, while 9% had unredacted WHOIS records.
Registrar Distribution
GoDaddy remained the top registrar in June 2023, accounting for 20% of the total domain registration volume. Namecheap took the second place with a 14% share, followed by Google (7%), GMO Internet (6%), Hostinger and Tucows (4% each), Alibaba and Gname.com (3% each), and PDR Ltd. and NameSilo (2% each).
The top 10 registrars accounted for 65% of the total registration volume. The rest of the domains were distributed across more than 300 other registrars.
Top Registrant Countries
About 41% of the June NRDs were registered in the U.S., while Iceland and Canada accounted for 14% and 11% of the total volume, respectively. The other countries that made it to the top 10 were China, Japan, the U.K., the Netherlands, Russia, Malaysia, and South Korea.
The top 10 registrant countries accounted for 87% of the total registration volume. The rest of the domains were distributed across more than 130 other countries.
Appearance of Common Strings among the SLDs
Internationalized domain name (IDN) usage continued, as xn remained among the most found text strings. Location-based terms like usa and jp and generic terms like services, live, and app were also commonly found among the NRDs. The word cloud below shows these and the other commonly used strings.
Cybersecurity through the DNS Lens
Below are some of the threat reports we published in June.
- Alleviating the Risks .zip and Similar Domain Extensions Could Pose via DNS Intelligence: WhoisXML API researchers searched the DNS for domains with ngTLD extensions that could be easily confused with file name extensions like .app, .cab, .cam, .mobi, .mov, .pub, .rip, and .win.
- Scanning for LockBit Ransomware DNS Traces: Our researchers performed an expansion analysis on 198 published indicators of compromise (IoCs) related to the LockBit ransomware, uncovering 6,000+ potentially related domains.
You can find more reports created in the past months here.
Feel free to contact us for more information about the products and capabilities used to analyze domain registration events or support other use cases.