Most Preferred Domains Used by Threat Actors

Share post:

Security researchers in Palo Alto recently released some of the top-level domains (TLD) used by threat actors.

These top-level domains have been divided into several categories including Malware, Phishing, Command and control (c2), and Greyware. For malware distribution, most attackers use TLDs such, xyz, .cf, .tk, .org, and .ml. For phishing attacks, the threat scenarios mainly use .net, .pw, .top, .ga, and .icu.

Commonly used domains for Greyware include .org, .info, .co, .ru, .work, .net, and .club. For the C2 infrastructure, attackers mainly use .top, .gq, .ga, .ml, .cf, .info, .cn, and .tk. Unlike others, phishing offers an evenly distributed category with 99% of domains distributed over 92 different TLDs.

It seems surprising to many that the TLD domains of Tokelau, a small island in the Pacific are among the top ten of all malicious categories.

In its report, Palo Alto claims that such countries offer cheap or free domains to make money from ads, which exposes these domains to abuse by attackers.

For more information, read the original story in Bleeping Computer.

Featured Tech Jobs



Related articles

Kaspersky uncovers malware targeting iPhones running iOS 15.7 and below

Kaspersky has uncovered a sophisticated malware campaign specifically designed to infect iPhones running up to iOS 15.7 through...

WordPress fixes critical Jetpack plugin vulnerability

WordPress has addressed a critical flaw discovered in the Jetpack plugin, which had the potential to enable authors...

Akamai discovers Dark Frost botnet exploiting gaming platforms

Akamai's security intelligence response team recently has alerted the general public of Dark Frost, a botnet that has...

Become a member

New, Relevant Tech Stories. Our article selection is done by industry professionals. Our writers summarize them to give you the key takeaways