Spamhaus Botnet threats: Most abused top-level domains, Q2 2021


This quarter, the Spamhaus researchers have observed a 12% reduction in newly observed botnet command and controllers (C&Cs), which is good news. However, it’s not good news for everyone; more than one industry-leading provider is suffering under the weight of active botnet C&Cs on their networks.

Spamhaus has spent the past quarter working with the FBI to assist with remediation efforts and reach out to those affected. To give you an understanding of the scale of the operation, here are some numbers:

  • 1.3 million compromised email accounts
  • 22,000 unique domains
  • 3,000 networks

See here the most abused top-level domains at Botnets, Q2 2021.


For Q2 2021, the gTLD .com once again made it at the top of our ranking. Moreover, the number of newly registered botnet C&C domains observed on .com increased by 166%, from 1,549 to 4,113!


With a vast 114% upsurge this quarter, it comes as no surprise that gTLD .xyz has replaced gTLD .top in the #2 spot.

Country code TLDs

Only two new ccTLDs were new to the Top 20 this quarter, with .br entering at #5 and .cn at #12. Meanwhile, three ccTLDs improved their reputation and departed the list; .us, .de & .la

You can read the complete Spamhaus report here.

Download the Spamhaus Botnet Report 2021 Q2 as PDF


About Konstantinos Zournas

Studied Computer Engineering and Computer Science in London, UK and now living in Athens, Greece. Love domains and building websites. Went online in 1995, learned about HTML in 1996 and about domains in 2002. Started publishing the blog in 2012.

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.