Jump to content

Malicious Domain: Difference between revisions

From ICANNWiki
Jessica (talk | contribs)
No edit summary
Jessica (talk | contribs)
No edit summary
Line 1: Line 1:
A '''Malicious Domain''' is intentionally registered to engage in [[DNS Abuse|technical and/or content abuse]].A domain is generally flagged as malicious if it is reported a very short time after registration, contains a brand name or misleading string, or is one of many registered in a batch.<ref>[https://www.icann.org/en/system/files/files/presentation-day2a-comar-korczynski-26may21-en.pdf COMAR Presentation, IDS 2021]</ref> PhishLabs analyzed 100,000 phishing sites from December 2020 to February 2021 and found that over 38% used compromised websites, 37% abused free hosting services, and only 24% used maliciously-registered domain names.<ref>[https://www.phishlabs.com/blog/most-phishing-attacks-use-compromised-domains-and-free-hosting/ Most Phishing Attacks Use Compromised Domains or Free Hosting, PhishLabs]</ref> The shorter the time frame between domain registration and the use of the domain, the more likely the phishing site was maliciously registered.
A '''Malicious Domain''' is intentionally registered to engage in [[DNS Abuse|technical and/or content abuse]].A domain is generally flagged as malicious if it is reported a very short time after registration, contains a brand name or misleading string, or is one of many registered in a batch.<ref>[https://www.icann.org/en/system/files/files/presentation-day2a-comar-korczynski-26may21-en.pdf COMAR Presentation, IDS 2021]</ref> PhishLabs analyzed 100,000 phishing sites from December 2020 to February 2021 and found that over 38% used compromised websites, 37% abused free hosting services, and only 24% used maliciously-registered domain names.<ref>[https://www.phishlabs.com/blog/most-phishing-attacks-use-compromised-domains-and-free-hosting/ Most Phishing Attacks Use Compromised Domains or Free Hosting, PhishLabs]</ref> The shorter the time frame between domain registration and the use of the domain, the more likely the phishing site was maliciously registered. On average, VirusTotal shows 276K malicious URLs per week, roughly half of which are newly observed.<ref>[https://nabeelxy.medium.com/compromised-vs-45bfaff68f66 Nabeel, Building Machine Learning Models to Identify Malicious Hosting Types]</ref>
 
It's important to distinguish between [[Compromised Domain|compromised]] and malicious domains because compromised domains are reported to domain owners or hosting providers whereas attack domains are handled by registrars and registries. A malicious domain could be blocked permanently by the registry or registrar while a compromised subdomain could be blocked temporarily at the subdomain level.


==References==
==References==

Revision as of 20:11, 2 March 2022

A Malicious Domain is intentionally registered to engage in technical and/or content abuse.A domain is generally flagged as malicious if it is reported a very short time after registration, contains a brand name or misleading string, or is one of many registered in a batch.[1] PhishLabs analyzed 100,000 phishing sites from December 2020 to February 2021 and found that over 38% used compromised websites, 37% abused free hosting services, and only 24% used maliciously-registered domain names.[2] The shorter the time frame between domain registration and the use of the domain, the more likely the phishing site was maliciously registered. On average, VirusTotal shows 276K malicious URLs per week, roughly half of which are newly observed.[3]

It's important to distinguish between compromised and malicious domains because compromised domains are reported to domain owners or hosting providers whereas attack domains are handled by registrars and registries. A malicious domain could be blocked permanently by the registry or registrar while a compromised subdomain could be blocked temporarily at the subdomain level.

References