Traffic to a destination TLD commonly associated with malware

ID:bad_tld

Data type:DNS, HTTP

Severity:

Informational

Description

AlphaSOC detected network traffic to a destination under a top-level domain (TLD) commonly associated with malware, phishing, or command and control (C2) communications.

Impact

Traffic to suspicious TLDs may indicate a successful malware infection or ongoing compromise attempts. Threat actors often leverage uncommon or newly introduced TLDs to host malicious infrastructure because these domains are typically cheaper and less scrutinized.

Severity

Severity	Condition
Informational	Traffic to a destination TLD commonly associated with malware

Investigation and Remediation

Inspect the domain that was flagged as a suspicious TLD and examine the associated traffic. If malware is confirmed, isolate the infected system, perform a malware scan, and block the domain at the network level.

Known False Positives

Traffic to a legitimate but less common TLD used by small countries or specific industries

Description​

Impact​

Severity​

Investigation and Remediation​

Known False Positives​

Description

Impact

Severity

Investigation and Remediation

Known False Positives