ACM Digital library: Proceedings of the 2018 World Wide Web Conference
An event that is rarely considered by technical users and laymen alike is that of a domain name expiration. The massive growth in the registration of domain names is matched by massive numbers of domain expirations, after which domains are made available for registration again. While the vast majority of expiring domains are of no value, among the hundreds of thousands of daily expirations, there exist domains that are clearly valuable, either because of their lexical composition, or because of their residual trust.
In this paper, we investigate the dynamics of domain dropcatching where companies, on behalf of users, compete to register the most desirable domains as soon as they are made available and then auction them off to the highest bidder. Using a data-driven approach, we monitor the expiration of 28 million domains over the period of nine months, collecting domain features, WHOIS records, and crawling the registered domains on a regular basis to uncover the purpose for which they were re-registered (caught). Among others, we find that on average, only 10% of the expired (dropped) domains are caught with the vast majority of the re-registrations happening on the day they are released. We investigate the features that make some domains more likely to be caught than others and discover that a domain that was malicious at the time of its expiration is twice as likely to be caught than the average domain. Moreover, previously-malicious domains are significantly more likely to be reused for malicious purposes than previously benign domains. We identify three types of users who are interested in purchasing dropped domains, ranging from freelancers who purchase one or two domains to professionals who invest more than $115K purchasing dropped domains in only three months. Finally, we observe that less than 11% were used to host web content with the remaining domains used either by speculators, or by malicious actors.
Introduction
Data Collection
Implementation of DomainPanner
Registration of dropping domains
Domain Features
Characteristics of Registered Domains
Clustering Registrants
Domain Deletion
Post-registration usage
Domains Tainted by Malicious Activity
Subversion of Non-malicious Domains
Contents of Re-registered Domains
Concluding Remarks
...
read more
--------
2017 - Game of Registrars: An Empirical Analysis of Post-Expiration Domain Name Takeovers
read more
PDF Attached
An event that is rarely considered by technical users and laymen alike is that of a domain name expiration. The massive growth in the registration of domain names is matched by massive numbers of domain expirations, after which domains are made available for registration again. While the vast majority of expiring domains are of no value, among the hundreds of thousands of daily expirations, there exist domains that are clearly valuable, either because of their lexical composition, or because of their residual trust.
In this paper, we investigate the dynamics of domain dropcatching where companies, on behalf of users, compete to register the most desirable domains as soon as they are made available and then auction them off to the highest bidder. Using a data-driven approach, we monitor the expiration of 28 million domains over the period of nine months, collecting domain features, WHOIS records, and crawling the registered domains on a regular basis to uncover the purpose for which they were re-registered (caught). Among others, we find that on average, only 10% of the expired (dropped) domains are caught with the vast majority of the re-registrations happening on the day they are released. We investigate the features that make some domains more likely to be caught than others and discover that a domain that was malicious at the time of its expiration is twice as likely to be caught than the average domain. Moreover, previously-malicious domains are significantly more likely to be reused for malicious purposes than previously benign domains. We identify three types of users who are interested in purchasing dropped domains, ranging from freelancers who purchase one or two domains to professionals who invest more than $115K purchasing dropped domains in only three months. Finally, we observe that less than 11% were used to host web content with the remaining domains used either by speculators, or by malicious actors.
Introduction
Data Collection
Implementation of DomainPanner
Registration of dropping domains
Domain Features
Characteristics of Registered Domains
Clustering Registrants
Domain Deletion
Post-registration usage
Domains Tainted by Malicious Activity
Subversion of Non-malicious Domains
Contents of Re-registered Domains
Concluding Remarks
...
read more
--------
2017 - Game of Registrars: An Empirical Analysis of Post-Expiration Domain Name Takeovers
read more
PDF Attached
Attachments
Last edited:
