malicious report

CircleID is a website dedicated to providing in-depth analysis and commentary on the world of Internet infrastructure, policy, and technology. They recently released a report on the highest threat TLDs, which outlines the top domains with the most malicious activity.

What are the Highest Threat TLDs?

The highest threat TLDs are those that are most commonly used for malicious activity, including phishing attacks, malware delivery, command and control (C&C) activity, and other malicious activities. According to the CircleID report, the following TLDs were identified as posing the highest threat:

  • .ru – Russia
  • .tk – Tokelau
  • .cf – Central African Republic
  • .dev – decentralized web
  • .gq – Equatorial Guinea

The report found that these five TLDs accounted for more than 50% of all malicious activity.

How Are These TLDs Being Used?

The report found that the most common type of malicious activity involving these five TLDs was phishing. For example, the report found that most of the malicious .cf domains were being used to host websites with malicious code or links that were designed to steal users’ credentials. Additionally, .dev domains were typically used to host malicious C&C infrastructure.

Additionally, the report found that some of the malicious TLDs were also being used to host malicious content, such as malicious executables. This is particularly common for .ru and .tk domains.

What Can We Do to Protect Ourselves?

It is important to be aware of the risks posed by these five TLDs and take measures to protect ourselves. The report recommends a few steps to stay safe:

  • Be aware of emails, links, and websites associated with these five TLDs.
  • Regularly update security software and use an anti-virus program.
  • Avoid clicking suspicious links or downloading files from unknown sources.

Ultimately, it is important to remain aware and take steps to protect ourselves from malicious activities associated with these TLDs. The report provides a useful overview of the highest threat TLDs and the associated risks they pose.