Malicious Domain
A Malicious Domain is intentionally registered to engage in technical and/or content abuse.A domain is generally flagged as malicious if it is reported a very short time after registration, contains a brand name or misleading string, or is one of many registered in a batch.[1] PhishLabs analyzed 100,000 phishing sites from December 2020 to February 2021 and found that over 38% used compromised websites, 37% abused free hosting services, and only 24% used maliciously-registered domain names.[2] The shorter the time frame between domain registration and the use of the domain, the more likely the phishing site was maliciously registered. On average, VirusTotal shows 276K malicious URLs per week, roughly half of which are newly observed.[3]
It's important to distinguish between compromised and malicious domains because compromised domains are reported to domain owners or hosting providers whereas attack domains are handled by registrars and registries. A malicious domain could be blocked permanently by the registry or registrar while a compromised subdomain could be blocked temporarily at the subdomain level.