Malicious Internet Activity Hot Spots According to DomainTools
2021 Malicious Activity Report
DNS and domain name-based predictive threat intelligence company DomainTools has used its database of more than 380 million currently registered domains to identify and report on which ones may constitute threats. Their first report dates from 2015 and this year they have tried to return to their origins.
DomainTools with the services it has can offer risk assessment, help profile attackers, guide online fraud investigations, and map cyber activity to the attacker's infrastructure. Thus, to make the right decision about the level of risk of threats to your organization, you have the Iris research platform.
Malicious sites have been identified in the report, checking domain names against various known industry blocklists along with a count of malicious hosted domains. Furthermore, it also uses a measure of "signal intensity" based on populations of known defective domains.
Malicious activity on domains
The report has revealed that certain top-level domains (TLDs) have a bad name among security teams. In this regard, the ones with the worst reputation are the newer generic domains such as .live, .top and .xyz.
On the other hand, the more traditional domains such as .com, .net to which we have to add country domains such as .es, .fr and .uk do not appear in the top 10 lists of suspicious web pages.
Domain geolocations and other findings
Apart from domains, the report also looked at IP geolocations. One fact that is revealed is that there are a large number of malicious domains hosted in Russia and the United States. However, in relation to the total number of domains registered in these locations they do not have a particularly important representation. On the other hand, places like Hong Kong and Seychelles have a large number of suspicious domains relative to all they have. Additionally, certain domain registers and certificate authorities also exhibit higher levels of sites engaged in malicious activity.
A curious fact is that most of the newly created domains every day show no signs of harmful activity. Instead, the report concludes that most of the malicious domains are the newer ones. In summary, thanks to the DomainTools report we have seen which domains are more likely to have malicious activity and also their geolocation.