It is known in “security folklore” that a domain registered at Directi usually spells bad news. However I know have some stats to show it. How these stats were generated:
- The malicious domains were taken from DNS-BH
- The benign domains were taken from Alexa
- The registrar for each domain was extracted
Of course, this is by no means a very precise results, because no estimation was done on the accuracy of either of the two lists. Also, a better metric would be to use the total number of domains registered at a registrar, however I don’t have that number. But the graphic nicely shows what has been known for a while: there is a large cluster of bad domains at Directi.
2 responses to “Why Directi should be kicked”
i guess your datas a lil outdated. check this report from knujon: http://www.knujon.com/registrars/ Also didnt they just take over EST so their numbers would be high for a while
Thanks for the link. As I said, the data might be skewed because of several reasons, including the fact that the domain list is incomplete. I don’t see any mention on the site you’ve provided about their data collection methodology, but I assume that they extract links from spam emails, so we have non-overlapping data sets.