Spamhaus Botnet threats: Most abused top-level domains, Q2 2021

This quarter, the Spamhaus researchers have observed a 12% reduction in newly observed botnet command and controllers (C&Cs), which is good news. However, it’s not good news for everyone; more than one industry-leading provider is suffering under the weight of active botnet C&Cs on their networks.

Spamhaus has spent the past quarter working with the FBI to assist with remediation efforts and reach out to those affected. To give you an understanding of the scale of the operation, here are some numbers:

  • 1.3 million compromised email accounts
  • 22,000 unique domains
  • 3,000 networks

See here the most abused top-level domains at Botnets, Q2 2021.


For Q2 2021, the gTLD .com once again made it at the top of our ranking. Moreover, the number of newly registered botnet C&C domains observed on .com increased by 166%, from 1,549 to 4,113!


With a vast 114% upsurge this quarter, it comes as no surprise that gTLD .xyz has replaced gTLD .top in the #2 spot.

Country code TLDs

Only two new ccTLDs were new to the Top 20 this quarter, with .br entering at #5 and .cn at #12. Meanwhile, three ccTLDs improved their reputation and departed the list; .us, .de & .la

You can read the complete Spamhaus report here.

Download the Spamhaus Botnet Report 2021 Q2 as PDF


About Konstantinos Zournas

I studied Computer Engineering and Computer Science in London, UK and I am now living in Athens, Greece. I went online in 1995, started coding in 1996 and began buying domain names and creating websites in 2000. I started the blog in 2012.

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.