Why Directi should be kicked


It is known in “security folklore” that a domain registered at Directi usually spells bad news. However I know have some stats to show it. How these stats were generated:

  • The malicious domains were taken from DNS-BH
  • The benign domains were taken from Alexa
  • The registrar for each domain was extracted

Of course, this is by no means a very precise results, because no estimation was done on the accuracy of either of the two lists. Also, a better metric would be to use the total number of domains registered at a registrar, however I don’t have that number. But the graphic nicely shows what has been known for a while: there is a large cluster of bad domains at Directi.

2 responses to “Why Directi should be kicked”

  1. Thanks for the link. As I said, the data might be skewed because of several reasons, including the fact that the domain list is incomplete. I don’t see any mention on the site you’ve provided about their data collection methodology, but I assume that they extract links from spam emails, so we have non-overlapping data sets.

Leave a Reply

Your email address will not be published. Required fields are marked *