An Inquiry into Hotspots of Malicious Online Domains
The DomainTools Report seeks to explore our stores of domain registration, hosting, and content-related data to surface patterns and trends that might be of interest to security practitioners, researchers, and anyone else interested in the suspicious or malicious use of online infrastructure. For this edition, we chose to go “back to basics,” and focus on concentrations of malicious activity by six categories of domain characteristics, several of which we also studied in earlier reports. While we have chosen various characteristics of domains to study over the years, the constant across all of these reports is our interest in providing insights into where malicious activity lurks on the Internet, with the aim of ultimately helping the community get better at staying ahead of those entities wishing to do harm online. We believe that, while many of the findings in this Report may be consistent with the expectations of practitioners, there are some surprises, too!
This report looks at concentrations of malicious activity by:
- Top Level Domain (TLD)
- IP Autonomous System Number (ASN)
- Nameserver ASN
- IP Geolocation
- Registrar
- SSL Certificate Authority (CA)