Home/Glossary/URL/Domain Defanging

URL/Domain Defanging

A technique to render URLs and IPs non-clickable by replacing characters, preventing accidental access to malicious sites.

Threat IntelligenceAlso called: "ioc defanging", "url sanitization"

Defanging makes indicators of compromise (IOCs) safe to share in emails, reports, and chat.

Common defanging patterns

  • hxxp:// instead of http://
  • example[.]com instead of example.com
  • 192.168.1[.]1 instead of 192.168.1.1
  • user@example[.]com instead of [email protected]

Why defang?

  • Prevent accidental clicks in threat intelligence reports.
  • Stop email scanners from following malicious links.
  • Protect analysts from visiting dangerous sites.
  • Avoid triggering security tools that crawl links.

Refanging

  • Reverse the process to get original IOC for investigation.
  • Tools can automate defanging/refanging for IOC extraction.

Related Tools

Explore More Threat Intelligence

View all terms

IP Reputation

A trustworthiness score assigned to IP addresses based on observed behavior, used to identify malicious traffic.

Read more →

Threat Intelligence

Evidence-based knowledge about existing or emerging threats used to inform security decisions and response.

Read more →
Back to glossary