Cyber Threat Intelligence on the Up and Up
Blog Events

2016: RSA Conference and The DomainTools Report

If it feels like RSA snuck up on us this year, well, it actually did. The conference is more than a month earlier than last year’s late April edition. And at DomainTools, we’ve accomplished quite a bit in between RSA Conferences. Come by our booth (#3240) to see what we’ve been up to:

  • See our new threat investigation platform, Iris, in action
  • Get a copy of our new research reports
  • Learn how to apply domain and DNS intelligence in your SOC
  • The DomainTools Report, 2016 Edition

The DomainTools Report, 2016 Edition

In previous editions of The DomainTools Report, we examined attributes such as top level domain (TLD), Whois privacy providers, and registration behaviors of domain registrants strongly connected to high-volume malicious activity. In the 2016 Edition, we look at a new set of attributes about a domain, including several related to the age of the domain.



In one section, we examined the rates at which domains of various ages appeared on industry blocklists. The results tend to support at least some level of “age discrimination” against domains, as the data shows that young domains do appear on industry blocklists at substantially higher rates than domains that have been around for a while. In the first figure to the right, we charted the distribution of malicious domains over the past 100 quarters.



We noticed that there was a large drop-off in malicious domains after 18 months old. In using that as a crossover point, we calculated the percentages of malicious domains and neutral domains under vs over 18 months. Over 85% of all malicious domains are 18 months or younger, whereas nearly 64% of all neutral domains are 18 months or older.

Other Events

If you won’t be attending RSA, come meet us at any of these other future events: