ThreatSTOP Blog

Domain Ranking Services: How Do Illegitimate Domains Get High Ranks?

Written by ThreatSTOP Security Team | January 2, 2020

One of the highest priorities of any business looking to grow revenue and visibility is increasing its digital footprint and website traffic. With this, domain ranking is coveted. If someone is searching for something your business does, you want to be one of the first options listed, favored by the search engine’s algorithm.

However, domain ranking services can be manipulated. Anomali's report on China-Based APT Mustang Panda include domains found in the “Cisco Umbrella 1 Million,” a list of the top 1 million most popular domains. So, how do illegitimate domains actually get high ranks in these ranking services?

Let’s discuss one of the first and most used platforms available, Alexa. Included in its’ ranking algorithms’ data is the relative traffic of visitors to the ranked websites. It isn’t too complicated to manipulate domain ranking with services available to create traffic for websites like rankboostup.com and upmyrank.com. Cisco Umbrella’s well-known ranking platform algorithms are based on DNS traffic to their DNS resolvers. The calculation accounts for unique IP addresses visiting a domain in relation to other visited domains, best explained here.

This ranking can be manipulated by using cloud providers with a large pool of IP addresses for their server instances. After obtaining a server from these providers, someone can quickly change its' IP address and send DNS request(s) to DNS resolvers used by Cisco Umbrella. There are some limitations (by the cloud providers) to this manipulation, but some can be overridden using multiple servers and sending DNS requests to several domains, a strategy that is more efficient for malicious campaigns.

We don’t suggest that ranking services are unreliable, only that using them should be approached with caution.

 

Subscribe to our blog so you don't miss out on other posts from our experts around all things cyber security. For more information about ThreatSTOP and how our platform proactively and easily blocks threats using threat intelligence, check us out below.