spamhaus_logo

New Top Abusers in Top-Level Domains

Share on twitter
Share on linkedin
Share on email

Spamhaus recently released their updated Q2 Botnet Threat Report. There is a lot of good data within the report detailing the heavy increase in Command and Control/Botnet threats as others have observed during 2020. We’ve spent some time detailing threats related to managing TLDs and so pertaining to this we will focus on a couple of points.

Key TLD Threat Observations*

.top has surged heavily in domains chosen for botnet operations now containing the second most number of known threats just behind all time most abused TLD, .com. Another TLD with a significant increase in known threats is .gq.

.de (Germany) is the only new country code top level domain to break into the top 20 most abused TLDs.

It’ worth noting that a few TLDs have made great progress in cleaning up their neighborhoods and these include .tw, .in, .top, .me, and .site all of which have dropped out of the top 20 in Spamhaus’s rankings.

Bad Networks*

The United States still hosts the largest amount of botnet C&Cs, demonstrating that geolocation alone is not enough to filter by, but Russia is working hard to challenge the US for that top spot. Also, there are a number of bad networks that show little interest in responding to reports. The worst being network providers many have not heard of. That being said, three well known cloud providers make it into the top 20 networks hosting C&C domains. It is of course worth noting that they host a significant number of sites each respectively.

You can read the full report from Spamhaus here.

 

*Spamhaus, it’s logo, and all content related to their research is Copyright The Spamhaus Project SLU. 

 

 

More To Explore

REvil C2 Domains

Kaseya REvil C2 Domain List

The number of infected devices and networks from the Kaseya REvil supply chain attack continue to mount. We have parsed out the complete list of domains

Have any questions? Just Ask