Block domains registered less than 30 days ago. Those domains are known to be favored by threat actors to launch malicious campaigns.
Block domains that, after having been dormant for a while, are suddenly becoming active. This behavior is more often than not a sign of malicious activity.
Block domains generated by Domain Generation Algorithms (DGAs) seen in various families of malware that can be used as rendezvous points with their command and control servers.
Block domains that impersonate other domains by abusing the large character set made available with the arrival of Internationalized Domain Names (IDN) — e.g. replacing the Latin letter "e" with the Cyrillic letter "е".
Block domains registered by malicious actors that target users who incorrectly type a website address into their browser — e.g. gooogle.com instead of google.com.
Prevent attackers from taking control of local devices through the Internet by automatically blocking DNS responses containing private IP addresses.
Dynamic DNS (or DDNS) services let malicious actors quickly set up hostnames for free and without any validation or identity verification. While legit DDNS hostnames are rarely accessed in every-day use, their malicious counterparts are heavily used in phishing campaigns — e.g. paypal‑login.duckdns.org.
Prevent the unauthorized use of one's devices to mine cryptocurrency.
Parked domains are single-page websites often laden with ads and devoid of any value. Parked domain monetization can sometimes get mixed up with suspicious practices and malicious content.
Block Top-level Domains (TLDs) known to be favored by threat actors because of their low price, the absence of vetting or the lack of legal recourse.