Background with codes and fingerprint
Summer Supplement 2016
DomainTools Reports

The DomainTools Report Supplement: Malicious Domain Affix Patterns

In early 2016, DomainTools conducted research to unearth important patterns of malicious domains. This research focused on comparing things like neutral and malicious domains based on domain age, relative badness based on the entropy of domains, and analysis of domain registrars and “hot spots” of malicious domains. In the most recent DomainTools supplement, published in the summer of 2016, we looked at patterns in domain names themselves to calculate their “signal strength” as an indication of nefarious activity.

We analyzed a corpus of active domains across the Internet—that is, out of the approximately 300 million domain names that are currently registered, we examined approximately 255 million that are actively resolving in DNS—to explore whether certain patterns in prefixes or suffixes were correlated with higher rates of malicious or suspicious activity.

This white paper highlights:

  • How affixes are used by threat actors
  • Affixes in phishing domains
  • Affixes in malware domains
  • Affixes in spam domains

Related Content

A digital network visualization depicting glowing red nodes connected by lines with light rays shining downward against a dark blue background, symbolizing the economic benefits of DomainTools Internet Intelligence.
DomainTools Reports

The DomainTools Report: Spring 2024 Edition

Read more
DomainTools Internet Intelligence | ESG Economic Validation
DomainTools Reports

The DomainTools Report: Spring 2023 Edition

Download Now
DomainTools Report: Fall 2021 Edition Background
DomainTools Report

DomainTools Report: Fall 2021 Edition

Download Now
DomainTools Logo
Pricing Contact Login Support Request a Demo

© 2024 DomainTools

DomainTools® and DomainTools™ are owned by DomainTools, all rights reserved.

Privacy Policy    |    California Privacy Notice
Do Not Sell My Personal Information    |    Terms of Service    |    Sitemap