Over the course of 90 days, researchers studied 660 million hostnames requested by 75 million users. 470 million of these hostnames only appeared for only one day, and 20% of the latter hostnames were found to be malicious. This indicates that a large portion of hostnames are used by cybercriminals to sling botnets, facilitate spam runs and launch attacks. The short lives of these hostnames allow malicious sites or emails to disappear to other hostnames before being discovered and blocked. Moreover, creating a massive amount of domains makes it difficult for security companies to filter all of them. However, not all one-day hostnames are used for malicious purposes, so the best practice to move forward with is real-time intelligence.