Home / Industry

Fraud Protection Measures Against Malicious New Domains

Many domain names are registered each day and so become part of the Domain Name System (DNS). In fact, research shows that at least two new registrations are seen per second. Although most of these are done for commercial and other legitimate purposes, not everyone who registers a domain has good intentions.

Threat actors lurk in the background looking to carry out a variety of cybercriminal activities by registering deceitful domains (typically misspelled variations of domain targets) to take advantage of near-instant achievable profits. And though the majority of these shadow domains are abandoned shortly after to avoid detection, most times, the damage to a person or a business has already been done.

The Challenge with New Domains

The rapid increase in new domain registrations can be an especially big threat to enterprises today. For one, new domains basically comprise uncharted territory that needs to be observed first before they can be labeled “malicious.” That is why for a certain amount of time, they can be used as starting points for cyberattacks like cybersquatting and brand abuse without being detected.

The latest additions to generic top-level domains (gTLDs) also present a challenge for businesses. Despite giving website owners more naming options, companies have to watch out for more threat actor choices. They can register highly similar domains to those that organizations use, thanks to the newly created gTLDs. And although there are protective measures like the Uniform Domain Name Dispute Resolution Policy (UDRP), these processes can be time-consuming and a hassle to go through.

The good news is that the majority of these new malicious domains come with a short shelf life. The bad news: they only disappear if they are detected and categorized as “malicious.” They are usually taken down by registrars or flagged as harmful in blacklists. By then, the damage they have caused could already be extensive.

Since a domain name is essential in building up a company’s image, there is always a likelihood that attacks against it—whether from impersonation or phishing—can harm the related brand.

What Can Organizations Do to Stay Safe?

One way to proactively identify malicious domains, even those that use uncommon gTLDs, is gaining the ability to detect them in near real-time. For that, companies can use a threat intelligence platform, for instance, that lets them analyze suspicious domains or IP addresses before these can pose a threat. Such an enterprise-grade platform is one of the best approaches to remain secure.

Organizations can also enhance their domain research and monitoring capabilities. They can employ a brand-monitoring tool to keep track of keywords and their multitude variations that are related to their brands. With it, they can easily monitor for domains of potential interest as these are registered. This can alert them to potential typosquatting cases, thus allowing them to act immediately.

If enterprises already have security solutions and systems in place, they can incorporate other sources of reliable and accurate information with these such as data feeds or application programming interfaces (APIs). These tools will allow them to learn things like when a certain domain was registered, who owns it (or did so in the past), and who its registrar is. These key data points can then be used with other protocols to perhaps develop an automated cybersecurity system that can filter and block flagged malicious websites.

* * *

New domains will always be registered on a daily basis. And these may or may not come as potential threat sources. That is why it is up to companies to constantly enhance their cybersecurity measures by using all available threat intelligence sources that will give them insights to better protect their digital assets.

By WhoisXML API, A Domain Research, Whois, DNS, and Threat Intelligence API and Data Provider

Whois API, Inc. (WhoisXML API) is a big data and API company that provides domain research & monitoring, Whois, DNS, IP, and threat intelligence API, data and tools to a variety of industries.

Visit Page

Filed Under


Commenting is not available in this channel entry.
CircleID Newsletter The Weekly Wrap

More and more professionals are choosing to publish critical posts on CircleID from all corners of the Internet industry. If you find it hard to keep up daily, consider subscribing to our weekly digest. We will provide you a convenient summary report once a week sent directly to your inbox. It's a quick and easy read.

I make a point of reading CircleID. There is no getting around the utility of knowing what thoughtful people are thinking and saying about our industry.

Co-designer of the TCP/IP Protocols & the Architecture of the Internet



New TLDs

Sponsored byRadix

IPv4 Markets

Sponsored byIPv4.Global

Brand Protection

Sponsored byCSC


Sponsored byDNIB.com


Sponsored byVerisign

Domain Names

Sponsored byVerisign

Threat Intelligence

Sponsored byWhoisXML API