Back to Top

Friday, February 13, 2009

Why Directi should be kicked


It is known in “security folklore” that a domain registered at Directi usually spells bad news. However I know have some stats to show it. How these stats were generated:

  • The malicious domains were taken from DNS-BH
  • The benign domains were taken from Alexa
  • The registrar for each domain was extracted

Of course, this is by no means a very precise results, because no estimation was done on the accuracy of either of the two lists. Also, a better metric would be to use the total number of domains registered at a registrar, however I don’t have that number. But the graphic nicely shows what has been known for a while: there is a large cluster of bad domains at Directi.


  1. Anonymous5:10 PM

    i guess your datas a lil outdated. check this report from knujon: Also didnt they just take over EST so their numbers would be high for a while

  2. Thanks for the link. As I said, the data might be skewed because of several reasons, including the fact that the domain list is incomplete. I don't see any mention on the site you've provided about their data collection methodology, but I assume that they extract links from spam emails, so we have non-overlapping data sets.