Trends in domain enforcement over the 2025 holiday shopping season

The final quarter of each year is a key period in the brand protection world, covering the holiday shopping season generally, in addition to the specific events of Singles' Day (11/11), Black Friday and Cyber Monday (around the Thanksgiving weekend). Over such busy periods, infringers typically take advantage of elevated levels of online activity and spending, as an opportunity to create fake websites and generate revenue through activities such as the sale of counterfeit items^[1].

In this article, we consider the landscape of infringing websites over the period from October to December 2025, using a set of domain data obtained through takedown actions as a proxy for overall levels of infringements. Particular focus is given to the top-level domain names (TLDs, or domain extensions) of the websites in question, to determine whether certain extensions are generally more popular with infringers and could thereby be deemed higher risk.

In total, 29 distinct TLDs were represented in the dataset of enforced domains from Q4 2025, with the top ten as shown in Figure 1.

Figure 1: Top ten TLDs represented in the dataset of enforced domains from Q4 2025

Overview of the infringement landscape: The Usual Suspects

The landscape is dominated by .com infringements, which is unsurprising given the overall popularity (i.e. total number of registered domains) of .com generally. However, analysing whether certain TLDs show disproportionately greater use by infringers can provide additional insights. Accordingly, Table 1 compares the proportion of infringing sites with each TLD in the dataset with the total number of registered domains across the same TLD. These statistics also allow us to calculate a normalised 'rate' of infringement (i.e. a rudimentary 'threat score'), with a higher rate denoting a TLD which is disproportionately more popular with infringers.

Table 1: Comparison of the total numbers of enforced infringements for each of the top ten TLDs with the total number of registered domains across each TLD in question, plus the normalised 'rate' of infringement in each case

This analysis shows that certain TLDs do indeed show disproportionate levels of infringement, and might therefore be deemed higher risk (i.e. worthy of greater focus when reviewing results from domain monitoring services). High-risk examples in the top ten include the new-gTLD (generic) extensions .store, .shop and .space, and the country-specific extension (ccTLD) .in (for India). Some of the ccTLDs in the dataset are examples of extensions which have, to some degree, been 're-requisitioned' for more generic use^[4,5,6].  (e.g. .co - actually the code for Colombia - but which is frequently just utilised as an abbreviation for the term 'company'). 

The same information (i.e. a visualisation of the relationship between the numbers of enforced infringements and the total numbers of registered domains, for each of the top ten TLDs in the dataset) is represented in Figure 2. Broadly, those TLDs appearing above the dotted trendline exhibit disproportionately large numbers of infringements and thereby pose greater risk.

Figure 2: Comparison of the total numbers of enforced infringements for each of the top ten TLDs with the total number of registered domains across each TLD in question (logarithmic plot on both axes)

Key take-away points

These trends echo many of those identified in previous analyses, particularly the fact that new-gTLD extensions tend to be more commonly associated with infringements^[7,8,9]. In general, TLDs can differ in their level of attractiveness to infringers for a number of reasons, including the cost and ease of registration, the presence and nature of any IP protection programmes, and ease of enforcement. Within the set of new-gTLDs, .store and .shop particularly are familiar as targets in brand protection programmes, due to their obvious applicability to content related to e-commerce, which is especially relevant across the holiday shopping season.

For brand owners, there are a few clear take-aways from the data:

1. Prioritise monitoring of high-risk TLDs and 're-purposed' ccTLDs such as .co.
2. Consider defensive registrations for extensions with an e-commerce focus.
3. Increase enforcement readiness ahead of the holiday shopping season, when numbers of domain registrations (and fake websites) generally show a surge.

By planning early and targeting the riskiest areas, brands can reduce exposure during peak shopping periods.

References

[1] https://www.iamstobbs.com/opinion/its-beginning-to-look-a-lot-like-domain-patterns-in-the-approach-to-the-holiday-shopping-season-2024

[2] According to data from https://research.domaintools.com/statistics/tld-counts/, as of 06-Jan-2026

[3] Figures reflect the .au zone as a whole (i.e. not just .com.au)

[4] https://circleid.com/posts/a-review-of-the-2024-threat-landscape-and-implications-for-domain-security

[5] https://www.iamstobbs.com/insights/a-new-tld-to-.ad-to-the-collection

[6] 'Patterns in Brand Monitoring' (D.N. Barnett, Business Expert Press, 2025), Chapter 9: 'Domain landscape analysis'

[7] https://circleid.com/posts/towards-a-generalised-threat-scoring-framework-for-prioritising-results-from-brand-monitoring-programmes

[8] https://circleid.com/posts/20230117-the-highest-threat-tlds-part-2

[9] https://www.iamstobbs.com/insights/an-updated-view-of-bad-tlds

This article was first published on 15 January 2026 at:

https://www.iamstobbs.com/insights/trends-in-domain-enforcement-over-the-2025-holiday-shopping-season