DETECTION OVERVIEW

Suspicious Top-level Domain

Risk Factors

Attackers might evade detection by cycling through numerous domain names for their malicious command-and-control (C&C) server. Instead of choosing a standard top-level domain (TLD) for their malicious server, attackers might choose non-standard TLDs. These TLDs are often free and can offer more anonymity than standard TLDs, such as .com, which are registered to owner accounts. Frequent visits to suspicious, non-standard TLDs can indicate malware on a device or malicious activity on the network.

Kill Chain

Caution

Risk Score

Attack Background

N/A

Mitigation Options

Configure all workstations to send queries to approved DNS servers that filter or block suspicious domains

Block inbound and outbound traffic from non-approved DNS servers or suspicious non-standard TLDs at the network perimeter

Professional Services

Partners

Partner Login

Partner Finder

View All Use Cases

View All Industries

View All Integrations

Attack Background

Mitigation Options

What else can RevealX do for you?

View our Periodic Table of use cases