Daily Threat Intelligence Report¶
This report contains following information
- Overall statistics
- Number of domains detected
- Number of domains detected by Google Safe Browsing
- IP address behind entry-level domains
- date of collection
- Top 10 domain statistics
- count (number of redirection paths that contain this domain)
- tier (1 is entry-level domain, 2 is intermediate hop, 3 is final landing domain)
- registar
- organization
- Top 10 IP statistics
- count
- location (city, country, region)
- hostname
- organization
- Consolidated redirection path
- green: tier one domain
- yellow: tier two domain
- red: tier three domain
| num_domain | num_links | num_full_url | num_safebrowsing_malicious | num_vt_malicious | date | ip | user_agent | |
|---|---|---|---|---|---|---|---|---|
| 0 | 92 | 89 | 161 | 0 | 43 | 2021-02-17 | 103.224.182.207 | Safari |
| tier | domain | count | registrar | name_servers | org | |
|---|---|---|---|---|---|---|
| 0 | tier_1 | boytoyfashion.com | 1 | GoDaddy.com, LLC | NS1.ABOVE.COM | None |
| 1 | tier_1 | animewapers.com | 1 | GoDaddy.com, LLC | NS1.ABOVE.COM | None |
| 2 | tier_1 | alldownloadgames.com | 1 | GoDaddy.com, LLC | NS1.ABOVE.COM | None |
| 3 | tier_1 | atcmia.com | 1 | GoDaddy.com, LLC | NS1.ABOVE.COM | None |
| 4 | tier_1 | alixepress.com | 1 | GoDaddy.com, LLC | NS1.ABOVE.COM | None |
| 5 | tier_1 | blacherreport.com | 1 | GoDaddy.com, LLC | NS1.ABOVE.COM | None |
| 6 | tier_1 | arphanetbr.com | 1 | GoDaddy.com, LLC | NS1.ABOVE.COM | None |
| 7 | tier_1 | allpose.com | 1 | GoDaddy.com, LLC | NS1.ABOVE.COM | None |
| 8 | tier_1 | boardsgalore.com | 1 | GoDaddy.com, LLC | NS1.ABOVE.COM | None |
| 9 | tier_1 | asignaturecommunity.com | 1 | GoDaddy.com, LLC | NS1.ABOVE.COM | None |
| 10 | tier_2 | 1redira.com | 12 | ABOVE.COM PTY LTD. | NS1.TRELLIAN.COM | REDACTED FOR PRIVACY |
| 11 | tier_2 | xml.sedodna.com | 8 | PSI-USA, Inc. dba Domain Robot | NS-1222.AWSDNS-24.ORG | None |
| 12 | tier_2 | click.expmediadirect.com | 8 | NAMECHEAP INC | NS1.LINODE.COM | WhoisGuard, Inc. |
| 13 | tier_2 | 0redirb.com | 7 | ABOVE.COM PTY LTD. | NS1.ABOVE.COM | REDACTED FOR PRIVACY |
| 14 | tier_2 | qqnhwxpz.ancientopossum.com | 6 | None | None | None |
| 15 | tier_2 | seemlast.monster | 6 | None | None | None |
| 16 | tier_2 | salo57.admedit.net | 4 | None | None | None |
| 17 | tier_2 | ww2.siteplug.com | 4 | DOMAINPEOPLE, INC. | NS-1263.AWSDNS-29.ORG | REDACTED FOR PRIVACY |
| 18 | tier_2 | track.vcdc.com | 3 | Key-Systems GmbH | GUY.NS.CLOUDFLARE.COM | c/o whoisproxy.com |
| 19 | tier_2 | changeslots.com | 2 | Instra Corporation Pty Ltd. | CLEO.NS.CLOUDFLARE.COM | REDACTED FOR PRIVACY |
| 20 | tier_3 | macpaw.com | 6 | GANDI SAS | NS-1492.AWSDNS-58.ORG | MacPaw Family Ltd. |
| 21 | tier_3 | theconnectvpn.com | 2 | DonDominio (SCIP) | ARNOLD.NS.CLOUDFLARE.COM | Soluciones Corporativas IP, c/o Whois Proxy |
| 22 | tier_3 | searchfrequently.com | 2 | GoDaddy.com, LLC | NEIL.NS.CLOUDFLARE.COM | Domains By Proxy, LLC |
| 23 | tier_3 | cyberghostvpn.com | 2 | GANDI SAS | NS01.CYBERGHOSTVPN.COM | CyberGhost SA |
| 24 | tier_3 | iosrecommendedvpn.com | 2 | None | None | None |
| 25 | tier_3 | bodybuilding.com | 2 | MarkMonitor, Inc. | NS1.BODYBUILDING.COM | Vitalize, LLC |
| 26 | tier_3 | best.aliexpress.com | 2 | Alibaba Cloud Computing (Beijing) Co., Ltd. | NS1.ALIBABADNS.COM | None |
| 27 | tier_3 | free2update.yourbettercleanplayer.info | 1 | NAMECHEAP INC | DNS1.REGISTRAR-SERVERS.COM | WhoisGuard, Inc. |
| 28 | tier_3 | modcloth.com | 1 | GoDaddy.com, LLC | NS0.DNSMADEEASY.COM | ModCloth Inc |
| 29 | tier_3 | upalways.thebettercleanplayers.info | 1 | NAMECHEAP INC | DNS1.REGISTRAR-SERVERS.COM | WhoisGuard, Inc. |
| ip | hostname | city | region | org | postal | country_name | tier | count | anycast | |
|---|---|---|---|---|---|---|---|---|---|---|
| 0 | 103.224.182.207 | lb-182-207.above.com | Caulfield South | Victoria | AS133618 Trellian Pty. Limited | 3193 | Australia | tier_1 | 31 | nan |
| 1 | 103.224.182.206 | bidr.trellian.com | Caulfield South | Victoria | AS133618 Trellian Pty. Limited | 3193 | Australia | tier_2 | 12 | nan |
| 2 | 91.195.240.136 | nan | Munich | Bavaria | AS47846 SEDO GmbH | 80331 | Germany | tier_2 | 8 | nan |
| 3 | 173.239.53.32 | nan | New York City | New York | AS27257 Webair Internet Development Company Inc. | 10013 | United States | tier_2 | 8 | nan |
| 4 | 198.134.116.30 | nan | New York City | New York | AS27257 Webair Internet Development Company Inc. | 10013 | United States | tier_2 | 8 | nan |
| 5 | 103.224.212.247 | lb-212-247.above.com | Caulfield South | Victoria | AS133618 Trellian Pty. Limited | 3193 | Australia | tier_2 | 7 | nan |
| 6 | 137.74.180.226 | ip226.ip-137-74-180.eu | Strasbourg | Grand Est | AS16276 OVH SAS | 67000 | France | tier_2 | 5 | nan |
| 7 | 104.21.68.220 | nan | San Francisco | California | AS13335 Cloudflare, Inc. | 94107 | United States | tier_2 | 4 | True |
| 8 | 85.17.29.187 | nan | Amsterdam | North Holland | AS60781 LeaseWeb Netherlands B.V. | 1012 | Netherlands | tier_2 | 4 | nan |
| 9 | 216.139.248.127 | 216-139-248-127.aus.us.siteprotect.com | Austin | Texas | AS32400 Hostway Services, Inc. | 73301 | United States | tier_2 | 4 | nan |
| 10 | 23.36.196.16 | a23-36-196-16.deploy.static.akamaitechnologies.com | Philadelphia | Pennsylvania | AS16625 Akamai Technologies, Inc. | 19099 | United States | tier_3 | 2 | nan |
| 11 | 35.224.231.200 | 200.231.224.35.bc.googleusercontent.com | Council Bluffs | Iowa | AS15169 Google LLC | 51502 | United States | tier_3 | 6 | nan |
| 12 | 54.162.183.76 | ec2-54-162-183-76.compute-1.amazonaws.com | Virginia Beach | Virginia | AS14618 Amazon.com, Inc. | 23452 | United States | tier_3 | 5 | nan |
| 13 | 172.67.181.234 | nan | San Francisco | California | AS13335 Cloudflare, Inc. | 94107 | United States | tier_3 | 2 | True |
| 14 | 104.20.174.46 | nan | San Francisco | California | AS13335 Cloudflare, Inc. | 94107 | United States | tier_3 | 2 | True |
| 15 | 100.37.135.2 | pool-100-37-135-2.nycmny.fios.verizon.net | New York City | New York | AS701 MCI Communications Services, Inc. d/b/a Verizon Business | 10004 | United States | tier_3 | 2 | nan |
| 16 | 23.193.181.211 | a23-193-181-211.deploy.static.akamaitechnologies.com | New York City | New York | AS16625 Akamai Technologies, Inc. | 10004 | United States | tier_3 | 2 | nan |
| 17 | 23.36.196.16 | a23-36-196-16.deploy.static.akamaitechnologies.com | Philadelphia | Pennsylvania | AS16625 Akamai Technologies, Inc. | 19099 | United States | tier_3 | 2 | nan |
| 18 | 104.21.8.61 | nan | San Francisco | California | AS13335 Cloudflare, Inc. | 94107 | United States | tier_3 | 1 | True |
| 19 | 104.16.79.42 | nan | San Francisco | California | AS13335 Cloudflare, Inc. | 94107 | United States | tier_3 | 1 | True |
| 20 | 104.19.182.41 | nan | San Francisco | California | AS13335 Cloudflare, Inc. | 94107 | United States | tier_3 | 1 | True |
Aggregated redirection graph of domains located on current IP address.¶
- The redirection flows from left to right
- Leftmost domains are initial domains hosted on current IP
- Rightmost domains are final landing domains we were able to crawl
Screenshot of high-occurrence final landing domains¶
Have other ideas? / Want to subscribe to get threat intelligence report? / Contact¶
Zhouhan Chen, NYU Center for Data Science, zc1245@nyu.edu, Personal Website