Most Preferred Domains Used by Threat Actors

November 15, 2021

Security researchers in Palo Alto recently released some of the top-level domains (TLD) used by threat actors.

These top-level domains have been divided into several categories including Malware, Phishing, Command and control (c2), and Greyware. For malware distribution, most attackers use TLDs such as.ga, xyz, .cf, .tk, .org, and .ml. For phishing attacks, the threat scenarios mainly use .net, .pw, .top, .ga, and .icu.

Commonly used domains for Greyware include .org, .info, .co, .ru, .work, .net, and .club. For the C2 infrastructure, attackers mainly use .top, .gq, .ga, .ml, .cf, .info, .cn, and .tk. Unlike others, phishing offers an evenly distributed category with 99% of domains distributed over 92 different TLDs.

It seems surprising to many that the TLD domains of Tokelau, a small island in the Pacific are among the top ten of all malicious categories.

In its report, Palo Alto claims that such countries offer cheap or free domains to make money from ads, which exposes these domains to abuse by attackers.

For more information, read the original story in Bleeping Computer.

Most Preferred Domains Used by Threat Actors

Top Stories

New Deepfakes Can Mimic Heartbeats, Evading Detection Tools

RBC Pushes Employees Back to Office to Preserve ‘Winning Culture’

Microsoft Azure Closes Cloud Gap with AWS as AI and Enterprise Migrations Fuel Growth

Sleeper Supply Chain Attack Activates After 6 Years

Dell has another major round of layoffs

One of the biggest data breaches ever, billions of users affected

Related Articles

65% of Canadians Still Reusing Passwords Despite Identity Theft Fears, Okta Study

Ottawa Warns of China-Linked Hack on Canadian Telecom Gear

Copilot Exploit Shows How AI Agents Can Be Hijacked to Steal Corporate Data

Sleeper Supply Chain Attack Activates After 6 Years

Jim Love

Follow Us

Popular categories

Tech News Delivered