Threat actors' 25 most preferred top-level domains account for 90% of all malicious domain names, while six of the leading TLDs are being manged by developing countries, according to BleepingComputer. Palo Alto Networks reported that while .com remains the most popular TLD, the .xyz, .icu, .rn, .cn, .uk, and .tk domains had the worst cumulative distribution of malware. Moreover, the .ga, .xyz, .cf, ,tk, .org, and .ml domains had the highest number of distributed malware. Threat actors involved in phishing attacks most commonly used the .net domain, followed by the .pw, .top, .ga, and .icu domains, while the .org, .info, .co, .ru, .work, .net, and .club domains were usually used for grayware distribution. "One of the most fascinating stories in the domain name world is how .tk, the ccTLD of a small Pacific island called Tokelau, became one of the most populous TLDs in the world. Domain registrations contributed at one point one-sixth of Tokelau's income," said the report.