As the digital realm becomes increasingly interconnected, identifying and addressing the ccTLDs most commonly linked to malicious domains is crucial for enhancing website protection and online security. This forms a significant step towards the greater goal of safeguarding individuals and organizations from potential harm.
According to
recent data by the Spamhaus Project, the top 5 ccTLDs associated with the highest number of malicious domain detections in the last 30 days are:
- .st (São Tomé and Príncipe) — 4,400 malicious domains detected
- .ci (Côte d'Ivoire) — 1,320 malicious domains detected
- .cc (Cocos (Keeling) Islands) — 38,073 malicious domains detected
- .cn (China) — 48,152 domains detected
- .ng (Nigeria) — 2,926 malicious domains detected
This ranking is based on a bad reputation score, which is a number calculated by taking the total number of malicious domains ever detected, dividing it by the number of them detected within the last 30 days, and then multiplying with a logarithmic factor.
Nevertheless, these alarming figures greatly underscore the urgent need for collective action to combat the proliferation of malicious domains and mitigate the risks they pose to the global online community.
1. .st (Sáo Tomé and Principle) — A Small Island, A Significant ThreatThe .st ccTLD represents the tiny island nation of São Tomé and Príncipe. It has become a substantial hub for malicious domains, with a staggering 4,400 detections in the last 30 days. Cybersecurity experts have noted that .st domains are frequently employed in phishing campaigns and malware distribution. This enables cybercriminals to compromise systems and steal sensitive data.
2. .ci (Cóte d'Ivoire) — A West African Hotbed of Cyber ThreatsThe .ci ccTLD represents the West African nation of Côte d'Ivoire. It has also become a player in the realm of malicious domains, with 1,320 detections in the previous 30 days. Cybercriminals have leveraged .ci domains for a range of illicit activities, including phishing, malware distribution, and serving as command-and-control servers for botnets.
3. .cc (Cocos (Keeling) Islands) — A Remote Archipelago, A Cybercrime HotSpotThe .cc ccTLD represents the remote Cocos (Keeling) Islands in the Indian Ocean. It has surfaced as a momentous hotbed for malicious domains, with a staggering 38,073 detections in the last 30 days. Cybersecurity researchers have highlighted that .cc domains are also frequently employed in a wide range of malicious activities. This includes phishing campaigns, malware distribution, and serving as command-and-control servers for botnets.
4. .cn (China) — A Global Powerhouse, A Cyber Threat EpicenterThe .cn ccTLD represents mainland China. It has long been a significant player in malicious domains, with a staggering 48,152 detections in the last 30 days. Stakeholders and cybersecurity experts have recognized that .cn domains are frequently employed in malicious activities, including phishing campaigns, malware distribution, and serving as command-and-control servers for botnets.
5. .ng (Nigeria) — An Emerging Cyber Threat HubThe .ng ccTLD represents Nigeria. This has emerged as a new player in malicious domains, with 2,926 detections in the last 30 days. The number may seem relatively lower compared to some of the other ccTLDs on this list. However, it is important not to overlook the presence of .ng domains among the top most abused ccTLDs.