Websites often link to external resources, but when these third-party domains expire, threat actors can quickly re-register them to host malicious payloads, enabling broken link hijacking attacks. This security vulnerability leaves enterprise users vulnerable to cross-site scripting (XSS) and malware when they access seemingly legitimate business sites.

The Advanced DNS Security and Advanced DNS Security Resolver service now proactively identifies and blocks DNS requests directed at these expired, high-risk domains, ensuring protection before a network connection is ever established. This detection capability is available with the latest cloud update, providing comprehensive security at the DNS resolution layer and filling a critical gap left by existing solutions like static blacklists.

Unlike reactive web proxies, this system analyzes real-time domain registration data alongside DNS query patterns. By mitigating access to potentially harmful external resources at the DNS layer, you eliminate a significant security risk and protect your employees from inadvertently connecting to malicious sites.

Dangling Web and App domains are considered grayware and carry a default action and log severity level of Block and Low, respectively. Additionally, the UTID for this specific domain type is 109,004,101, and can be used to identify such domains in the logs.