TY - JOUR
T1 - Time-series measurement of parked domain names and their malicious uses
AU - Tomatsuri, Takayuki
AU - Chiba, Daiki
AU - Akiyama, Mitsuaki
AU - Uchida, Masato
N1 - Funding Information:
This work was supported in part by the Japan Society for the Promotion of Science through Grants-in-Aid for Scientific Research (C) (20K11800).
Publisher Copyright:
Copyright © 2021 The Institute of Electronics, Information and Communication Engineers
PY - 2021
Y1 - 2021
N2 - On the Internet, there are lots of unused domain names that are not used for any actual services. Domain parking is a monetization mechanism for displaying online advertisements in such unused domain names. Some domain names used in cyber attacks are known to leverage domain parking services after the attack. However, the temporal relationships between domain parking services and malicious domain names have not been studied well. In this study, we investigated how malicious domain names using domain parking services change over time. We conducted a large-scale measurement study of more than 66.8 million domain names that have used domain parking services in the past 19 months. We reveal the existence of 3,964 domain names that have been malicious after using domain parking. We further identify what types of malicious activities (e.g., phishing and malware) such malicious domain names tend to be used for. We also reveal the existence of 3.02 million domain names that utilized multiple parking services simultaneously or while switching between them. Our study can contribute to the efficient analysis of malicious domain names using domain parking services.
AB - On the Internet, there are lots of unused domain names that are not used for any actual services. Domain parking is a monetization mechanism for displaying online advertisements in such unused domain names. Some domain names used in cyber attacks are known to leverage domain parking services after the attack. However, the temporal relationships between domain parking services and malicious domain names have not been studied well. In this study, we investigated how malicious domain names using domain parking services change over time. We conducted a large-scale measurement study of more than 66.8 million domain names that have used domain parking services in the past 19 months. We reveal the existence of 3,964 domain names that have been malicious after using domain parking. We further identify what types of malicious activities (e.g., phishing and malware) such malicious domain names tend to be used for. We also reveal the existence of 3.02 million domain names that utilized multiple parking services simultaneously or while switching between them. Our study can contribute to the efficient analysis of malicious domain names using domain parking services.
KW - Domain parking
KW - Malicious domain names
KW - Time-series measurement
UR - http://www.scopus.com/inward/record.url?scp=85109601531&partnerID=8YFLogxK
UR - http://www.scopus.com/inward/citedby.url?scp=85109601531&partnerID=8YFLogxK
U2 - 10.1587/transcom.2020CQP0007
DO - 10.1587/transcom.2020CQP0007
M3 - Article
AN - SCOPUS:85109601531
VL - E104B
SP - 770
EP - 780
JO - IEICE Transactions on Communications
JF - IEICE Transactions on Communications
SN - 0916-8516
IS - 7
ER -