The Dangers of Dangerous Domains

March 30, 2023
By AtData

We all know the internet is full of potential dangers. As consumers, we avoid the obvious pitfalls by not clicking on the unknown, following up directly when we see something suspicious, and not sending out our banking information to a long-lost prince who is in a bind. But, there are land mines hiding in plain sight in the form of dangerous domains, and AtData assists in protecting companies from allowing them into their databases. 

Many of our clients use our API to clean, correct, and protect their data. As we regularly process our thousands of clients’ email data, our system identifies unusual and anomalous behavior across billions of monthly data points. Our engineering team will then further research this activity and flag accordingly. The information then becomes a part of our knowledge base for our network.

What exactly are dangerous domains?

That boils down to what exactly a domain is, and how it can be used for malicious intent. The top-level domain (TLD) is the part of a website’s core address after the period - .com, .net, .org for example. Think of these as a town. If we dive in further, we need to find a specific house, we get to the second-level domain (2LD) which is usually what comes right before the period – so in “”, it would be “google”. Now these can be further broken down into the individual rooms in the house, or third-level domains (3LD), but we’ll focus on the top two.

So, what makes them potentially dangerous? The problem is there is activity out there that utilizes domains for malicious intent. Websites that could contain phishing, malware, or unwanted software. Emails sent attempting to gather personal or banking information. And as businesses, we have additional concerns coming from spamtraps and honeypots – tools that email service providers utilize to catch non-compliant spammers.

Let’s Dig Into Some Potentially Dangerous Domain Uses

  • Phishing: Phishing sites are designed to steal personal information, such as usernames, passwords, credit card numbers, and more. They often use deceptive tactics, such as mimicking legitimate websites, to trick users into entering their information. Because of the very high likelihood of money being involved, gambling sites are often used in attempts to scam people.
  • Malware: Malware sites are designed to spread malicious software, such as viruses, spyware, and adware. They can also be used to install malicious programs on your computer without your knowledge. Dark web sites are often used to spread malware, viruses, and other malicious software.
  • Bots: Websites and emails can be created rather rapidly utilizing bots as a means to disperse messaging or attempt access through web forms. The bots will look for vulnerabilities and often use email addresses containing dangerous domains or will originate from them.
  • Spamtraps, Honeypots: While these are not considered malicious, as a business it is in our best interest not to have these in our databases or email lists. Spamtraps are ways for email service providers (ESPs) to identify non-compliance by using email addresses that have not opted-in as traps. Honeypots are essentially those email addresses published onto websites somewhere or in a list to catch companies gathering information improperly.

There are, unfortunately, new dangerous domains created regularly, and old safe domains that get taken over and become unsafe. By avoiding dangerous domains, you can help protect yourself, your company, and your data from potential threats.

Examples of How AtData Stopped Dangerous Domains 

For example, a large FinTech client experienced over 1,200 calls to our API originating from a single domain in an unusual timeframe. Our system was able to flag the activity which was corroborated by our engineering team. The affected service was deactivated, the offending IP addresses blocked, and service re-enabled with minimal downtime.

Another example was a specific domain that we first saw on August 15th, 2022. Within 15 days we processed 3,216 validations of the domain from a variety of customers across our network and saw 2,225 unique usernames tied to the domain. The sudden appearance with a high velocity of activity tends to point to bot activity which is usually not good. We were able to identify the malicious activity, flag, and block accordingly, so all of our clients benefit.

How is AtData Able to Confidently Identify Dangerous Domains

  • Over 20 years of archived original source data.
  • Proprietary alerts, patterning, and anomaly detection built on the intellectual property from the merger of two email-centric data companies, TowerData and FreshAddress.
  • Billions of monthly activity signals processed across our proprietary network of thousands of businesses.
  • Experienced engineering research team that investigates anomalies for further improvements to our systems ability to identify activity.
  • Client services team that rapidly responds and coordinates with clients to become an extension of their business.

AtData’s strength is in working closely with our client base. Our robust, historical dataset across thousands of partners and clients has allowed us to fine tune monitoring for unusual behavior patterns or anomalies. Where activity would not be apparent to a single organization, we are able to detect across the entirety of our network and data.

Want to learn how AtData can help you? Contact us today to start the conversation!