Our research team analyzed more than 21.5 million domains registered between 1 April and 30 June 2024, as seen in the Newly Registered Domains (NRDs) Data Feed. We detected that the number of NRDs slightly increased compared with the previous quarter, at 2.6%. The NRDs and malicious indicators of compromise (IoCs) detected in Q2, led us to uncover the following:

• The TLD type distribution of the Q2-registered domains
• The most popular generic top-level domain (gTLD) and country-code TLD (ccTLD) extensions
• The most popular registrars
• The top gTLDs and ccTLDs used by the malicious domains detected as IoCs in Q2

We also analyzed the top mail exchange (MX) fully qualified domain names (FQDNs) and their providers for a past period of 365 days using our passive DNS database file released in May 2024.

An overview of the key insights from the report is presented below. You may also access the complete Global Domain Activity Report: Q2 2024 here.

New Domain Registration Patterns

Domain registration patterns may reflect the health of the global digital market. Spikes in domain registration often signal growth in digitalization, with more businesses establishing their online presence. On the other hand, a decline could suggest a slowdown in business ventures or consolidation of existing domains, among other reasons.

That said, we noticed a slight increase in gTLD and ccTLD usage compared with Q1 2024. Specifically, there was a 6.6% increase in ccTLD domain registrations and a 1.4% increase in NRDs sporting gTLD extensions.

Ranking the most widely used gTLDs and ccTLDs for the quarter, we found that they were roughly the same as the Q1 top players. For gTLDs, .com continued to be prevalent, with other extensions like .xyz, .shop, .org, and .top lagging far behind. For ccTLDs, .cn emerged as the most used, replacing the previous quarter’s .uk.

Meanwhile, our registrar distribution analysis revealed that GoDaddy accounted for 17.6% of the total Q2 NRDs. Namecheap came second, while e-commerce hosting providers Squarespace and Alibaba still appeared in the top 10, as in Q1.

Global DNS Activity: Who Runs the Most Popular Mail Servers?

Leveraging passive DNS intelligence, our research team gathered and analyzed the top MX FQDNs of the MX resolutions for a past period of 365 days using our passive DNS database file released in May 2024 . We found that Google accounted for about 40.6% of the resolutions, being the registrant organization of 15 of the most used MX FQDNs.

We also examined the top 100 most used MX root domains from the same file and noted an irregularity compared with the top MX FQDNs. For one, an MX domain appeared in more than 213.5 million resolutions, but none of its mail servers made it to the top 100 MX FQDNs. A deeper investigation revealed that this MX domain could be involved in providing DNS tunneling services.

Confirmed Malicious Domains: What Were They Up To?

We also gleaned insights from the Threat Intelligence Data Feeds, specifically zooming in on 3.3 million malicious domains tagged as indicators of compromise (IoCs) in Q2 2024.

We then analyzed the IoCs’ TLD breakdown, which revealed that threat actors continued to utilize popular gTLDs like .com, .org, and .net, while also using less popular ones, such as .biz and .life.

The same was true for the ccTLDs. The malicious domains sported the .ru, .cn, .in, and .eu extensions, which also accounted for thousands of NRDs in Q2. However, the threat actors also favored ccTLD extensions with fewer NRD counts. For instance, more than 24,000 IoCs sported the .to extension. However, only 11 .to new domains were registered in Q2.

The Global Domain Activity Report: Q2 2024 provides high-level insights into domain registrations and DNS activity worldwide. The report sheds light on domain and DNS record preferences and usage patterns that can help inform business and cybersecurity decisions.

Don’t hesitate to download the full report or contact us for more information about accessing domain, DNS, and cyber threat intelligence for your organization.