These are the top-level domains threat actors like the most

silversurfer

Level 85
Thread author
Verified
Helper
Top poster
Content Creator
Malware Hunter
Well-known
Aug 17, 2014
7,664
Out of over a thousand top-level domain choices, cyber-criminals and threat actors prefer a small set of 25, which accounts for 90% of all malicious sites.
Six out of the top 10 of these 25 top-level domains (TLD) are handled by authorities in developing countries, hosting a disproportionately large number of risky sites compared to their populations.
These stats are revealed in an in-depth analysis from researchers at Palo Alto Networks, who took a deep dive into the TLDs commonly used by threat actors and why they are being chosen. The categories picked for analysis are malware, phishing, command and control (C2), and grayware (adware, 'joke malware,' spyware).
TLDs with the highest volumes of malicious content distribution

Table 1: TLDs with the highest volumes of malicious content distribution
Source: Unit42