To improve our detection of suspicious network activity, we developed a deep learning method to profile and detect malicious DNS traffic patterns. Based on these DNS profiles, we implemented multiple detection modules designed to identify suspicious domains from different perspectives. We explored how these DNS traffic patterns correlate with specific types of cyberattacks through various case studies. Our detector captured 170 emerging suspicious domains in May 2024, blocking approximately 374,000 malicious DNS requests every day.