illustration of people in front of computers

Domain Risk Score Overview

Predict How Likely a Domain is to be Malicious

The Internet teems with malicious infrastructure, operated by threat actors who use domains to spread malware, lure victims to phishing sites, and flood inboxes with spam. Meanwhile, security teams face a barrage of alerts and events, often without the context to tell them which of these represent serious threats. Security analysts and threat hunters need a fast, reliable way to know which domains observed in their environment present the greatest threat. Compounding the challenge, threat actors often register and use new domains to inflict damage before the industry lists of known-malicious domains catch up and “convict” the domains.

Domain Risk Score from DomainTools uses predictive algorithms to flag dangerous domains soon after they are registered, helping security teams to block dangerous domains before they are weaponized, or to effectively and efficiently triage domain-based alerts from their security systems.

Machine Learning and Predictive Insights

Two distinct and complementary algorithms power Domain Risk Score. Proximity to Known Maliciousness evaluates how closely connected a domain is to other domains that have been identified as malicious. Threat Profile uses machine learning classifiers to analyze intrinsic properties of a domain, identifying patterns consistent with malware, phishing, spam, or neutral domains. The result is a reliable prediction of whether a domain is likely to be malicious, and if so, what kind of risk it represents.

Use Risk Score in DomainTools Iris to evaluate domains surfaced as part of an investigation. Or use the Risk Score API for automated alerting or blocking on suspicious domains in your environment. As part of an integration with a SIEM, threat intelligence platform, or orchestration tool, Domain Risk Score helps analysts prioritize alerts, focusing on the threats most likely to harm the organization.