Researchers are trying to stay a step ahead of the game by predicting which domains will be used for malicious purposes. Malicious domains tend to cluster together, showing up in large groups at certain hosting providers. Researchers at Palo Alto Networks have been looking at the behaviors of the attackers that use these methods. They found that one domains are identified as malicious and blacklisted by reputation services, the attackers will abandon them. The formula takes into account the domain name, the gTLD it uses, changes in IP address for the domain and the price for a domain transfer.
Source: https://threatpost.com/researchers-work-to-predict-malicious-domains/108531/