Domains That Begin With A Digit
Domains That Begin With A Digit: Risk Profiles for Selected ASNs
Risk management is central to modern operational cybersecurity practice, so naturally there’s great interest in reported domain risk scores. DomainTools currently computes proprietary risk scores for all effective 2nd-level domains, giving each domain a score from 0 to 100. Those risk scores can help users to decide if a given domain is safe or may be too risky.
While domain-by-domain risk scores are useful in their own right, could risk scoring could be extended to a larger aggregate, such as entire autonomous systems? Perhaps there are “safer” autonomous systems and “riskier” autonomous systems, just as there are safer and riskier registered domains?
We computed aggregate risk score for major autonomous systems (ASNs), looking specifically at registered domains that begin with a digit. Our findings from this work include:
- While it has been possible to register domains that begin with a digit for over three decades, domains that begin with a digit are still relatively uncommon. Hundreds of large autonomous systems we reviewed for potential inclusion in this study had fewer than 2,000 domains that begin with a digit in the address space they originated. Those ASNs were excluded.
- Of the remaining 174 ASNs which had address space with at least 2,000 domains that started with a digit, ASNs varied widely in their median risk score, having median scores running literally from 0 to 100. Violin plots provided a compelling and easy-to-grasp way to represent the distribution of risk scores seen for each ASN.
- Per-ASN risk subscore data was also provided to help the reader interpret each ASN’s summary risk score.
Details about the approach employed and a copy of the code used for the visualizations are provided for those interested in further exploring this new approach.