Researchers at Palo Alto Networks took a deep dive into the TLDs commonly used by threat actors and why they are being chosen. The categories picked for analysis are malware, phishing, command and control (C2), and grayware: adware, “joke malware,” spyware.
Palo Alto Networks analyzed domains categorized by their Advanced URL Filtering service, and that met specific criteria. According to the analysis, .com domains top the list, as cybercriminals use it to establish legitimacy.
The Palo Alto Networks report mentions that .xyz, .icu, .ru, .cn, .uk, and tk fare the worse in the “cumulative distribution” category, meaning that most of the bad stuff circulating the web in terms of volume arrives from these TLDs.
“While the .xyz TLD is barely among the top 10 TLDs by total size, it is second only to the .com TLD in the number of phishing domains and has the highest number of grayware domains accommodated,” said the report.
More info at the source.
