It is known in “security folklore” that a domain registered at Directi usually spells bad news. However I know have some stats to show it. How these stats were generated:
- The malicious domains were taken from DNS-BH
- The benign domains were taken from Alexa
- The registrar for each domain was extracted
Of course, this is by no means a very precise results, because no estimation was done on the accuracy of either of the two lists. Also, a better metric would be to use the total number of domains registered at a registrar, however I don’t have that number. But the graphic nicely shows what has been known for a while: there is a large cluster of bad domains at Directi.