AtData logo

The Dangers of Dangerous Domains

Mar 30, 2023   |   4 min read

Knowledge Center  ❯   Blog

We all know the internet is full of potential dangers. As consumers, we avoid the obvious pitfalls by not clicking on the unknown, following up directly when we see something suspicious, and not sending out our banking information to a long-lost prince who is in a bind. But, there are land mines hiding in plain sight in the form of dangerous domains, and AtData assists in protecting companies from allowing them into their databases.

Many of our clients use our API to clean, correct, and protect their data. As we regularly process our thousands of clients’ email data, our system identifies unusual and anomalous behavior across billions of monthly data points. Our engineering team will then further research this activity and flag accordingly. The information then becomes a part of our knowledge base for our network.

What exactly are dangerous domains?

That boils down to what exactly a domain is, and how it can be used for malicious intent. The top-level domain (TLD) is the part of a website’s core address after the period – .com, .net, .org for example. Think of these as a town. If we dive in further, we need to find a specific house, we get to the second-level domain (2LD) which is usually what comes right before the period – so in “”, it would be “google”. Now these can be further broken down into the individual rooms in the house, or third-level domains (3LD), but we’ll focus on the top two.

So, what makes them potentially dangerous? The problem is there is activity out there that utilizes domains for malicious intent. Websites that could contain phishing, malware, or unwanted software. Emails sent attempting to gather personal or banking information. And as businesses, we have additional concerns coming from spamtraps and honeypots – tools that email service providers utilize to catch non-compliant spammers.

Let’s Dig Into Some Potentially Dangerous Domain Uses

There are, unfortunately, new dangerous domains created regularly, and old safe domains that get taken over and become unsafe. By avoiding dangerous domains, you can help protect yourself, your company, and your data from potential threats.

Examples of How AtData Stopped Dangerous Domains

For example, a large FinTech client experienced over 1,200 calls to our API originating from a single domain in an unusual timeframe. Our system was able to flag the activity which was corroborated by our engineering team. The affected service was deactivated, the offending IP addresses blocked, and service re-enabled with minimal downtime.

Another example was a specific domain that we first saw on August 15th, 2022. Within 15 days we processed 3,216 validations of the domain from a variety of customers across our network and saw 2,225 unique usernames tied to the domain. The sudden appearance with a high velocity of activity tends to point to bot activity which is usually not good. We were able to identify the malicious activity, flag, and block accordingly, so all of our clients benefit.

How is AtData Able to Confidently Identify Dangerous Domains

AtData’s strength is in working closely with our client base. Our robust, historical dataset across thousands of partners and clients has allowed us to fine tune monitoring for unusual behavior patterns or anomalies. Where activity would not be apparent to a single organization, we are able to detect across the entirety of our network and data.

Want to learn how AtData can help you? Contact us today to start the conversation!

Talk with an Email Expert