Cybersecurity experts while examining a mass bot scam found something very interesting. They found out that a large number of bots were using a comparatively very small number of domain names. This implied a very high concentration of bots per domain name.
For around 850,000 fake bots/accounts, there were only around 1800 domain names. The experts analyzed that the perpetrators of the scam must be also deriving benefit from domain parking and monetization services.
Retailers could detect bad acting domain names by paying attention to certain patterns. There are some key features that are included in almost every domain name used by such bots. These include domain name resolving to an insecure web application, unusual and odd domain names and absence of SSL certificates.
Jason Kent, of Cequence Security talks about the issue in detail here.