The DomainTools Report: Spring 2023 Edition
Large-Scale Patterns of Malicious Online Infrastructure
In the Spring 2023 edition of the DomainTools Report, we again focus on concentrations of malicious activity by the six categories we last studied in the Fall of 2021 edition: Top Level Domain (TLD), IP Autonomous System Number (ASN), Name server ASN, Domain Registrar, Country of Hosting, and SSL Certificate Issuer. For each category, we provide a Top Ten list sorted by signal strength (a measure of the concentration of malicious activity). Many of the items on these lists will look familiar to practitioners, but the report holds some surprises as well.
We identify these “hotspots” of malicious activity in part to point investigators and researchers toward forensic data points that will be useful in helping make sense of Internet infrastructure of unknown quality or nature.
This paper includes:
- The methodology for the research
- A series of “Top Ten” tables for each of the six features studied
- Findings: expected, and unexpected, patterns in the data