Tobias Lauinger
ABSTRACT
When desirable Internet domain names expire, they are often re-registered in the very moment the old registration is deleted, in a highly competitive and resource-intensive practice called domain drop-catching. To date, there has been little insight into the daily time period when expired domain names are deleted, and the race to re-registration that takes place. In this paper, we show that .com domains are deleted in a predictable order, and propose a model to infer the earliest possible time a domain could have been re-registered. We leverage this model to characterise at a precision of seconds how fast certain types of domain names are re-registered. We show that 9.5 % of deleted domains are re-registered with a delay of zero seconds. Domains not taken immediately by the drop-catch services are often re-registered later, with different behaviours over the following seconds, minutes and hours. Since these behaviours imply different effort and price points, our methodology can be useful for future work to explain the uses of re-registered domains.
- {n. d.}. Domain Meter. http://www.dnmeter.com/.Google Scholar
- {n. d.}. Verisign DomainScope. https://www.domainscope.com/.Google Scholar
- {n. d.}. Verisign Registration Data Access Protocol (RDAP) Pilot. https://rdap-pilot.verisignlabs.com/.Google Scholar
- 2015. JSON Responses for the Registration Data Access Protocol (RDAP). https://tools.ietf.org/html/rfc7483.Google Scholar
- 2016. Drop King. http://dropking.com/.Google Scholar
- Michael Cyger. 2016. A Drop Catching Programming Expert Discusses the Domain Name Expiration Process - With Chris Ambler. http://www.domainsherpa.com/wp-content/pdf/Chris-Ambler-Expiration-on-DomainSherpa.pdf.Google Scholar
- DropCatch. {n. d.}. How it Works: Daily Drop Overview. https://www.dropcatch.com/HowItWorks/Overview.Google Scholar
- Shuang Hao, Matthew Thomas, Vern Paxson, Nick Feamster, Christian Kreibich, Chris Grier, and Scott Hollenbeck. 2013. Understanding the Domain Registration Behavior of Spammers. In Proc. of ACM Internet Measurement Conference. Google ScholarDigital Library
- Ron Jackson. 2004. Inside a Drop Catcher's War Room: How Enom Arms Maker Chris Ambler Is Turning The Tide for Club Drop. http://www.dnjournal.com/columns/cover080504.htm.Google Scholar
- Tobias Lauinger, Abdelberi Chaabane, Ahmet Buyukkayhan, Kaan Onarlioglu, and William Robertson. 2017. Game of Registrars: An Empirical Analysis of Post-Expiration Domain Name Takeovers. In Proc. of Usenix Security Symposium. Google ScholarDigital Library
- Tobias Lauinger, Kaan Onarlioglu, Abdelberi Chaabane, William Robertson, and Engin Kirda. 2016. WHOIS Lost in Translation: (Mis)Understanding Domain Name Expiration and Re-Registration. In Proc. of ACM Internet Measurement Conference. Google ScholarDigital Library
- Chaz Lever, Robert J Walls, Yacin Nadji, David Dagon, Patrick McDaniel, and Manos Antonakakis. 2016. Domain-Z: 28 Registrations Later - Measuring the Exploitation of Residual Trust in Domains. In Proc. of IEEE Symposium on Security and Privacy.Google ScholarCross Ref
- Najmeh Miramirkhani, Timothy Barron, Michael Ferdman, and Nick Nikiforakis. 2018. Panning for gold.com: Understanding the Dynamics of Domain Dropcatching. In Proc. of World Wide Web Conference. Google ScholarDigital Library
- NamePros. 2015. DesktopCatcher software. https://www.namepros.com/threads/desktopcatcher-software.873819/.Google Scholar
- Nick Nikiforakis, Luca Invernizzi, Alexandros Kapravelos, Steven Van Acker, Wouter Joosen, Christopher Kruegel, Frank Piessens, and Giovanni Vigna. 2012. You Are What You Include: Large-scale Evaluation of Remote JavaScript Inclusions. In Proc. of ACM Conference on Computer and Communications Security. Google ScholarDigital Library
- Dan Ramirez. 2013. A New Twist On Drop Catching Technology - Focus on the Drop Order. http://www.domainafterlife.com/2013/08/a-new-twist-on-drop-catching-technology-focus-on-the-drop-order/.Google Scholar
- Paulo Salvador and António Nogueira. 2011. Analysis of the Internet Domain Names Re-registration Market. Procedia Computer Science 3 (2011), 325--335.Google ScholarCross Ref
- Johann Schlamp, Josef Gustafsson, Matthias Wählisch, Thomas C. Schmidt, and Georg Carle. 2015. The Abandoned Side of the Internet: Hijacking Internet Resources When Domain Names Expire. In Proc. of International Workshop on Traffic Monitoring and Analysis.Google ScholarCross Ref
Index Terms
- From Deletion to Re-Registration in Zero Seconds: Domain Registrar Behaviour During the Drop
Recommendations
WHOIS Lost in Translation: (Mis)Understanding Domain Name Expiration and Re-Registration
IMC '16: Proceedings of the 2016 Internet Measurement ConferenceInternet domain names expire when not renewed and may be claimed by a new owner. To date, despite existing work on abuses of residual trust after domain ownership changes, it is not well understood how often and how fast re-registrations occur, and the ...
Understanding the role of registrars in DNSSEC deployment
IMC '17: Proceedings of the 2017 Internet Measurement ConferenceThe Domain Name System (DNS) provides a scalable, flexible name resolution service. Unfortunately, its unauthenticated architecture has become the basis for many security attacks. To address this, DNS Security Extensions (DNSSEC) were introduced in ...
Email typosquatting
IMC '17: Proceedings of the 2017 Internet Measurement ConferenceWhile website domain typosquatting is highly annoying for legitimate domain operators, research has found that it relatively rarely presents a great risk to individual users. However, any application (e.g., email, ftp,...) relying on the domain name ...
Comments