Most Preferred Domains Used by Threat Actors

November 15, 2021

Security researchers in Palo Alto recently released some of the top-level domains (TLD) used by threat actors.

These top-level domains have been divided into several categories including Malware, Phishing, Command and control (c2), and Greyware. For malware distribution, most attackers use TLDs such as.ga, xyz, .cf, .tk, .org, and .ml. For phishing attacks, the threat scenarios mainly use .net, .pw, .top, .ga, and .icu.

Commonly used domains for Greyware include .org, .info, .co, .ru, .work, .net, and .club. For the C2 infrastructure, attackers mainly use .top, .gq, .ga, .ml, .cf, .info, .cn, and .tk. Unlike others, phishing offers an evenly distributed category with 99% of domains distributed over 92 different TLDs.

It seems surprising to many that the TLD domains of Tokelau, a small island in the Pacific are among the top ten of all malicious categories.

In its report, Palo Alto claims that such countries offer cheap or free domains to make money from ads, which exposes these domains to abuse by attackers.

For more information, read the original story in Bleeping Computer.

Top Stories

Related Articles

June 9, 2026 Hackers exploited Meta’s AI-powered support chatbot to gain control of Instagram accounts, including several high-profile profiles. Meta more...

June 5, 2026 Security researchers have disclosed a new denial-of-service attack called HTTP/2 Bomb that can overwhelm major web servers more...

May 20, 2026 The Cybersecurity and Infrastructure Security Agency, the arm of the U.S. government tasked with protecting critical infrastructure more...

May 11, 2026 Instructure has restored access to its Canvas learning platform after a cyberattack disrupted service for universities and more...

Picture of TND News Desk

TND News Desk

Staff writer for Tech Newsday.
Picture of TND News Desk

TND News Desk

Staff writer for Tech Newsday.

Jim Love

Jim is an author and podcast host with over 40 years in technology.

Share:
Facebook
Twitter
LinkedIn