Analyzing 1M+ Malicious Domains | WhoisXML API

Threat Reports

Dissecting 1M+ Malicious Domains Under the DNS Lens

As domain names continue to serve as threat actors’ primary initial access vehicles, WhoisXML API researchers analyzed over 1 million malicious domains listed by Threat Intelligence Data Feed (TIDF) on 13 April 2023. Through our analysis, we:

  • Determined the distribution of the domains by threat type—phishing, malware distribution, spam, and other cyber attacks
  • Looked at their TLD distribution
  • Discovered the top registrars and ISPs that had control over them
  • Determined the locations of their IP resolutions and registrations
  • Analyzed the presence of cybersquatting domains imitating some of the most impersonated brands.

Download a sample of the threat research materials now or contact us to access the complete set of research materials.

Try our WhoisXML API for free
Get started