论文信息 - From Deletion to Re-Registration in Zero Seconds: Domain Registrar Behaviour During the Drop

From Deletion to Re-Registration in Zero Seconds: Domain Registrar Behaviour During the Drop

When desirable Internet domain names expire, they are often re-registered in the very moment the old registration is deleted, in a highly competitive and resource-intensive practice called domain drop-catching. To date, there has been little insight into the daily time period when expired domain names are deleted, and the race to re-registration that takes place. In this paper, we show that .com domains are deleted in a predictable order, and propose a model to infer the earliest possible time a domain could have been re-registered. We leverage this model to characterise at a precision of seconds how fast certain types of domain names are re-registered. We show that 9.5 % of deleted domains are re-registered with a delay of zero seconds. Domains not taken immediately by the drop-catch services are often re-registered later, with different behaviours over the following seconds, minutes and hours. Since these behaviours imply different effort and price points, our methodology can be useful for future work to explain the uses of re-registered domains.

Tobias Lauinger | William K. Robertson | Engin Kirda | Abdelberi Chaabane | Ahmet Salih Buyukkayhan

[1] Michael Ferdman,et al. Panning for gold.com: Understanding the Dynamics of Domain Dropcatching , 2018, WWW.

[2] Tobias Lauinger,et al. WHOIS Lost in Translation: (Mis)Understanding Domain Name Expiration and Re-Registration , 2016, Internet Measurement Conference.

[3] Paulo Salvador,et al. Analysis of the internet domain names re-registration market , 2011, WCIT.

[4] Scott Hollenbeck,et al. JSON Responses for the Registration Data Access Protocol (RDAP) , 2021, RFC.

[5] Tobias Lauinger,et al. Game of Registrars: An Empirical Analysis of Post-Expiration Domain Name Takeovers , 2017, USENIX Security Symposium.

[6] Nick Feamster,et al. Understanding the domain registration behavior of spammers , 2013, Internet Measurement Conference.

[7] Georg Carle,et al. The Abandoned Side of the Internet: Hijacking Internet Resources When Domain Names Expire , 2015, TMA.

[8] Wouter Joosen,et al. You are what you include: large-scale evaluation of remote javascript inclusions , 2012, CCS.

[9] Patrick D. McDaniel,et al. Domain-Z: 28 Registrations Later Measuring the Exploitation of Residual Trust in Domains , 2016, 2016 IEEE Symposium on Security and Privacy (SP).