Domain Tasting
Domain tasting, in the context of cybersecurity, is an abusive practice where individuals or organizations register domain names for a short period (usually within the five-day grace period) to test their traffic potential and profitability. During this period, the registrant monitors the traffic and revenue generated by the domain, often through pay-per-click advertising. If the domain doesn't meet their expectations, they let it expire before the grace period ends, incurring no cost. However, if the domain proves profitable, they keep it and use it for various purposes, including legitimate businesses or malicious activities like phishing or spreading malware.
ThreatNG offers valuable capabilities to help organizations proactively address potential risks associated with domain tasting:
External Discovery and Assessment:
ThreatNG can analyze newly registered domains, including those that might have been tasted, to identify suspicious patterns. This analysis includes checking the domain's registration details, website content, and associated infrastructure. For example, ThreatNG can identify potentially risky domains, such as those with no website content or those redirecting to known phishing sites.
ThreatNG can be configured to send alerts when new domains that exhibit suspicious characteristics are registered, such as those with very little content or those that redirect to known malicious sites. This allows organizations to monitor potentially risky domains and take action if necessary proactively.
ThreatNG's Domain Intelligence module can be used to investigate suspicious domains, including those that might have been tasted. By analyzing the domain's history, registration details, and associated infrastructure, ThreatNG can help identify potential threats.
Working with Complementary Solutions:
ThreatNG can integrate with threat intelligence platforms to enrich its data with information about known domain tasting activities and malicious domains. This allows ThreatNG to identify potentially risky domains more effectively. ThreatNG can also integrate with anti-phishing solutions to provide additional protection against phishing attacks that might originate from domains that were previously tasted.
Examples of ThreatNG Helping:
ThreatNG can identify a newly registered domain with no website content and redirect it to a known phishing site. This allows organizations to block the domain and protect users from potential phishing attacks. ThreatNG can also discover if a domain that was previously tasted is now being used to host malware, allowing organizations to take action to block the domain and protect users from malware infections.
Examples of ThreatNG Working with Complementary Solutions:
ThreatNG can integrate with a threat intelligence platform to receive alerts about newly registered domains associated with known domain tasting activities. This allows organizations to monitor these domains and take action if necessary proactively. ThreatNG can also integrate with an anti-phishing solution to provide additional protection against phishing attacks that might originate from domains that were previously tasted.
