Spamhaus has named .com the most abused top-level domain name extension in Botnets in Q3-2019. But it is not that simple as some additional stats show.
The amount of newly detected botnet command & control servers (C&Cs) reached an all-time high in July this year with more than 1,500 botnet C&Cs detected by Spamhaus Malware Labs. This is far in excess of the monthly average, set in the first half of this year, of 1,000 botnet C&Cs.
Yesterday Namecheap was named most abused domain registrar in Botnets.
These are the stats from Spamhaus: (below you can see some additional stats)
Most abused top-level domains, Q3 2019
This quarter saw the number of country code top-level domains (ccTLDS) increase in the Top 20 list. Almost half of the TLDs were within the ccTDL name space: ‘.ru’, ‘.pw’, ‘.eu’, ‘.ga’, ‘.tk’, ‘.su’, ‘.ml’, ‘.cf’ and ‘.me.’
The leader of the chart remained the same, as in Q2; the generic top-level domain (gTLD) ‘.com.’ Meanwhile the number of fraudulent domain names registered within ccTLD ‘.ru’ almost halved from 731 domains in Q2 to 392 domains in Q3.
An interesting change to note is that in quarter three two more gTLDs joined ‘.com’ in Q3 in the top 3: ‘.net’ and ‘.info’.
(What domains do these statistics include? Remember that we only count domain names that have been registered fraudulently for the sole purpose of hosting a botnet C&C. These statistics do not include botnet C&Cs hosted on compromised websites or domain names.)
Some additional stats
Of course the absolute number of abused domain names is very important but I thought it would be interesting to see what percentage of each TLD is abused.
So I found how many domains are registered in each TLD (except for .su), combined the Spamhaus numbers and compiled the percentage of abused domains in Botnets in each TLD.
This gives a completely different ranking where .name is the most abused TLD followed closely by .pw. .Com is now ranked 16th because it is the number one TLD in terms of domain name registrations by far.