Counterfeiting is a global issue - one that has become even more complex as this illegal activity has moved online. Cybercriminals create thousands of websites round-the-clock - at almost no cost - as part of their digital marketing strategy to lure unsuspecting shoppers. These fraudsters often stay one step ahead of law enforcement's countermeasures by using false identities and proxies to buy domain names in multiple countries. They are able to react quickly to takedown efforts. If need be, they can set up replacement websites within minutes thanks to an architecture of backup servers. To prevent scams or abuses, some typically monitor domain registrations and watch for new domain names. This way they hope to identify websites that could, in the future, be host to malicious activity. Unfortunately, this approach has several limitations that we will spell out in our presentation. For instance, the data source used – TLD zonefiles mainly – does not disclose subdomains when some potentially harmfull websites are hosted there. At the contrary, DNS requests disclose fully qualified domain names. In "Narcos, Counterfeiters and Scammers: An Approach to Visualize Illegal Markets," Andrew Lewman and Stevan Keraudy will present their new research which offers a more effective approach based on the analysis of billions of DNS requests that goes far beyond traditional zonefile studies. We will share our methodology, which includes an automatic detection, analysis and clustering of illegal websites in order to find relevant information on fraudsters and their online strategy. For a given example, we filtered data from over a billion DNS cache miss requests a day to a few thousand counterfeit websites. Among those, we identify several hundred of domain names that belong to the same illegal organization. We will present our results during the talk. To illustrate our method, we will present use cases on counterfeiters, narcos and scammers networks.