A Spamhaus report shows a significant increase in .xyz and .top domain abuse.

07 Nov 2025 02:42:59 PM

By：DN domain name editor

According to the latest 2025 Domain Reputation Report released by the cybersecurity organization Spamhaus Project, the abuse of the two new top-level domains (nTLDs), .xyz and .top, is increasing rapidly.

The report's data covers the period from April to September 2025. During this period, Spamhaus observed a total of 43.5 million "new" domains, averaging 7.3 million per month. This figure represents an 11.48% increase from the previous six months, the most significant increase in over two years. In August 2025, the number of newly registered domains exceeded 8 million, approximately 10% higher than the monthly average.

A Spamhaus report shows a significant increase in .xyz and .top domain abuse.

Spamhaus defines "new" domains as those newly registered or discovered and listed in its zero-reputation domain database for 24 hours. The report points out that these new domains are rarely used for legitimate purposes within 24 hours of registration, while cybercriminals typically register and delete such domains in large numbers for malicious activities.

In terms of domain name type distribution, general top-level domains (gTLDs) account for 75% of new domain names, while country code top-level domains (ccTLDs) account for only 25%. Within the gTLD category, .xyz and .top stand out, ranking among the top three "new" domain names with the highest global registration volume, representing increases of 103% and 94% respectively.

In contrast, the number of "new" domain names for the German country code top-level domain .de decreased by 34%. Meanwhile, several other domain names showed different trends: .ai domains grew by 39%, the newly launched .sbs domain ranked 14th, and the .bond domain continued its unusual trend—its new domain registrations exceeded the total number of registrations by 187%.

The report also analyzed the vocabulary characteristics used in "new" second-level domains. Common words included terms related to internet behavior such as "system," "engine," "search," "internal," "internet," and "information." These usage trends are believed to be related to the development of large-scale language models.