Threat Intelligence

Threat Intelligence / Recently Commented

eco and AV-Test Publish Monthly topDNS Reports for Internet Service Providers

Last Comment:

eco's topDNS initiative and AV-Test are publishing monthly reports to help ISPs detect and mitigate DNS abuse by analysing malware, phishing, and PUA trends, creating a long-term data foundation for industry-wide transparency. more

The Latest DNS Threat Landscape: Why CISOs Must Rethink Blocking Strategies

Last Comment:

Cybercriminals live by the tenet "If it ain't broke, don't fix it." They'll use the same tactics repeatedly until they no longer work, then switch things up. That's why CISOs and their security teams maintain constant vigilance. Underscoring this, recent analysis of global DNS activity found that new domains continue to be a major tactic for bad actors. more

An Overview of the Concept and Use of Domain-Name Entropy

Last Comment:

In this article, I present an overview of a series of 'proof-of-concept' studies looking at the application of domain-name entropy as a means of clustering together related domain registrations, and serving as an input into potential metrics to determine the likely level of threat which may be posed by a domain. more

Industry Updates

Hard Data on DDoS, DNS, and the Race for Resilience

Going DNS Deep Diving Into GhostCall and GhostHire

COLDRIVER’s MAYBEROBOT in the DNS Spotlight

Burrowing Into the Beamglea Campaign DNS Infrastructure

Chasing After RacoonO365 IoCs Using DNS and Domain Intelligence

Spelunking Into SVG Phishing: Amatera Stealer and PureMiner DNS Deep Dive

Global Domain Activity Trends Seen in Q3 2025

Scouring the DNS for Traces of the Hiddengh0st and Winos SEO Poisoning Campaign

Understanding DNSSEC: Best Practices and Implementation Challenges

False Positive Rate Reduced to 1.66% on WhoisXML API’s First Watch Malicious Domains Data Feed

Thumbing through the DNS Trail of the TAOTH Campaign

Deep Dive: 3 Lazarus RATs Caught in Our DNS Trap

Cross-Examining the CAPTCHAgeddon Brought on by ClickFix

A Deep Dive Into the GreedyBear Attack

WhoisXML API’s TLD RDAP Monitor Tracks RDAP Deployment Across 1,400+ TLDs

View More