Domain Intelligence
Analyzing the infrastructure behind the website to determine its legitimacy.
Phishing sites usually live on "burner" infrastructure. By analyzing the metadata of a domain, we can predict malicious intent before a specific URL has even been reported.
Domain Age
Legitimate services usually reside on domains that are years old. A login page hosted on a domain registered 2 hours ago is extremely suspicious.
SSL/TLS Analysis
Having a padlock icon isn't enough anymore. We check the Certificate Authority (CA). Free, automated certificates (like Let's Encrypt) on a financial login page raise the risk score.
Registrar Reputation
Certain registrars and hosting providers are known for loose abuse policies ("Bulletproof Hosting"). Traffic to these low-reputation ASNs is scrutinized more heavily.
DNS Popularity
Common sites have millions of DNS queries. A site with zero historical traffic that suddenly requests credentials is flagged as an anomaly.
The "Newly Registered Domain" (NRD) Rule
Arx creates a "probation period" for new domains. By default, any site registered within the last 30 days will show a caution warning if it presents a login form, regardless of whether it is confirmed malicious. This proactive policy stops Zero-Day attacks cold.