Wednesday, August 31, 2016

.xyz and .top domain names

It struck me that on many of the SANS ISC diaries [1] and the Malware Traffic Analysis blog posts [1] that many if not the majority of the malware analyzed was reaching out to .xyz or .top domain names. It appears they can go for less than $1/yr which may be a contributing factor to why they're so popular with the bad guys. Head over to and sort by “Cheapest Register.” It may not be correct to block them all, but in the current state of things it seems reasonable to possibly alert on or look at all emails and/or web traffic to these top level domains?

More about neonprimetime

Top Blogs of all-time
  1. pagerank botnet sql injection walk-thru
  2. DOM XSS 101 Walk-Through
  3. An Invoice email and a Hot mess of Java

Top Github Contributions
  1. Qualys Scantronitor 2.0

Copyright © 2016, this post cannot be reproduced or retransmitted in any form without reference to the original post.

No comments:

Post a Comment