Daily Threat Intelligence Report

This report contains following information

  1. Overall statistics
    1. Number of domains detected
    2. Number of domains detected by Google Safe Browsing
    3. IP address behind entry-level domains
    4. date of collection
  2. Top 10 domain statistics
    1. count (number of redirection paths that contain this domain)
    2. tier (1 is entry-level domain, 2 is intermediate hop, 3 is final landing domain)
    3. registar
    4. organization
  3. Top 10 IP statistics
    1. count
    2. location (city, country, region)
    3. hostname
    4. organization
  4. Consolidated redirection path
    1. green: tier one domain
    2. yellow: tier two domain
    3. red: tier three domain
num_domain num_links num_full_url num_safebrowsing_malicious num_vt_malicious date ip user_agent
0 92 89 161 0 43 2021-02-17 103.224.182.207 Safari
tier domain count registrar name_servers org
0 tier_1 boytoyfashion.com 1 GoDaddy.com, LLC NS1.ABOVE.COM None
1 tier_1 animewapers.com 1 GoDaddy.com, LLC NS1.ABOVE.COM None
2 tier_1 alldownloadgames.com 1 GoDaddy.com, LLC NS1.ABOVE.COM None
3 tier_1 atcmia.com 1 GoDaddy.com, LLC NS1.ABOVE.COM None
4 tier_1 alixepress.com 1 GoDaddy.com, LLC NS1.ABOVE.COM None
5 tier_1 blacherreport.com 1 GoDaddy.com, LLC NS1.ABOVE.COM None
6 tier_1 arphanetbr.com 1 GoDaddy.com, LLC NS1.ABOVE.COM None
7 tier_1 allpose.com 1 GoDaddy.com, LLC NS1.ABOVE.COM None
8 tier_1 boardsgalore.com 1 GoDaddy.com, LLC NS1.ABOVE.COM None
9 tier_1 asignaturecommunity.com 1 GoDaddy.com, LLC NS1.ABOVE.COM None
10 tier_2 1redira.com 12 ABOVE.COM PTY LTD. NS1.TRELLIAN.COM REDACTED FOR PRIVACY
11 tier_2 xml.sedodna.com 8 PSI-USA, Inc. dba Domain Robot NS-1222.AWSDNS-24.ORG None
12 tier_2 click.expmediadirect.com 8 NAMECHEAP INC NS1.LINODE.COM WhoisGuard, Inc.
13 tier_2 0redirb.com 7 ABOVE.COM PTY LTD. NS1.ABOVE.COM REDACTED FOR PRIVACY
14 tier_2 qqnhwxpz.ancientopossum.com 6 None None None
15 tier_2 seemlast.monster 6 None None None
16 tier_2 salo57.admedit.net 4 None None None
17 tier_2 ww2.siteplug.com 4 DOMAINPEOPLE, INC. NS-1263.AWSDNS-29.ORG REDACTED FOR PRIVACY
18 tier_2 track.vcdc.com 3 Key-Systems GmbH GUY.NS.CLOUDFLARE.COM c/o whoisproxy.com
19 tier_2 changeslots.com 2 Instra Corporation Pty Ltd. CLEO.NS.CLOUDFLARE.COM REDACTED FOR PRIVACY
20 tier_3 macpaw.com 6 GANDI SAS NS-1492.AWSDNS-58.ORG MacPaw Family Ltd.
21 tier_3 theconnectvpn.com 2 DonDominio (SCIP) ARNOLD.NS.CLOUDFLARE.COM Soluciones Corporativas IP, c/o Whois Proxy
22 tier_3 searchfrequently.com 2 GoDaddy.com, LLC NEIL.NS.CLOUDFLARE.COM Domains By Proxy, LLC
23 tier_3 cyberghostvpn.com 2 GANDI SAS NS01.CYBERGHOSTVPN.COM CyberGhost SA
24 tier_3 iosrecommendedvpn.com 2 None None None
25 tier_3 bodybuilding.com 2 MarkMonitor, Inc. NS1.BODYBUILDING.COM Vitalize, LLC
26 tier_3 best.aliexpress.com 2 Alibaba Cloud Computing (Beijing) Co., Ltd. NS1.ALIBABADNS.COM None
27 tier_3 free2update.yourbettercleanplayer.info 1 NAMECHEAP INC DNS1.REGISTRAR-SERVERS.COM WhoisGuard, Inc.
28 tier_3 modcloth.com 1 GoDaddy.com, LLC NS0.DNSMADEEASY.COM ModCloth Inc
29 tier_3 upalways.thebettercleanplayers.info 1 NAMECHEAP INC DNS1.REGISTRAR-SERVERS.COM WhoisGuard, Inc.
ip hostname city region org postal country_name tier count anycast
0 103.224.182.207 lb-182-207.above.com Caulfield South Victoria AS133618 Trellian Pty. Limited 3193 Australia tier_1 31 nan
1 103.224.182.206 bidr.trellian.com Caulfield South Victoria AS133618 Trellian Pty. Limited 3193 Australia tier_2 12 nan
2 91.195.240.136 nan Munich Bavaria AS47846 SEDO GmbH 80331 Germany tier_2 8 nan
3 173.239.53.32 nan New York City New York AS27257 Webair Internet Development Company Inc. 10013 United States tier_2 8 nan
4 198.134.116.30 nan New York City New York AS27257 Webair Internet Development Company Inc. 10013 United States tier_2 8 nan
5 103.224.212.247 lb-212-247.above.com Caulfield South Victoria AS133618 Trellian Pty. Limited 3193 Australia tier_2 7 nan
6 137.74.180.226 ip226.ip-137-74-180.eu Strasbourg Grand Est AS16276 OVH SAS 67000 France tier_2 5 nan
7 104.21.68.220 nan San Francisco California AS13335 Cloudflare, Inc. 94107 United States tier_2 4 True
8 85.17.29.187 nan Amsterdam North Holland AS60781 LeaseWeb Netherlands B.V. 1012 Netherlands tier_2 4 nan
9 216.139.248.127 216-139-248-127.aus.us.siteprotect.com Austin Texas AS32400 Hostway Services, Inc. 73301 United States tier_2 4 nan
10 23.36.196.16 a23-36-196-16.deploy.static.akamaitechnologies.com Philadelphia Pennsylvania AS16625 Akamai Technologies, Inc. 19099 United States tier_3 2 nan
11 35.224.231.200 200.231.224.35.bc.googleusercontent.com Council Bluffs Iowa AS15169 Google LLC 51502 United States tier_3 6 nan
12 54.162.183.76 ec2-54-162-183-76.compute-1.amazonaws.com Virginia Beach Virginia AS14618 Amazon.com, Inc. 23452 United States tier_3 5 nan
13 172.67.181.234 nan San Francisco California AS13335 Cloudflare, Inc. 94107 United States tier_3 2 True
14 104.20.174.46 nan San Francisco California AS13335 Cloudflare, Inc. 94107 United States tier_3 2 True
15 100.37.135.2 pool-100-37-135-2.nycmny.fios.verizon.net New York City New York AS701 MCI Communications Services, Inc. d/b/a Verizon Business 10004 United States tier_3 2 nan
16 23.193.181.211 a23-193-181-211.deploy.static.akamaitechnologies.com New York City New York AS16625 Akamai Technologies, Inc. 10004 United States tier_3 2 nan
17 23.36.196.16 a23-36-196-16.deploy.static.akamaitechnologies.com Philadelphia Pennsylvania AS16625 Akamai Technologies, Inc. 19099 United States tier_3 2 nan
18 104.21.8.61 nan San Francisco California AS13335 Cloudflare, Inc. 94107 United States tier_3 1 True
19 104.16.79.42 nan San Francisco California AS13335 Cloudflare, Inc. 94107 United States tier_3 1 True
20 104.19.182.41 nan San Francisco California AS13335 Cloudflare, Inc. 94107 United States tier_3 1 True

Aggregated redirection graph of domains located on current IP address.

  • The redirection flows from left to right
  • Leftmost domains are initial domains hosted on current IP
  • Rightmost domains are final landing domains we were able to crawl

Screenshot of high-occurrence final landing domains

Have other ideas? / Want to subscribe to get threat intelligence report? / Contact

Zhouhan Chen, NYU Center for Data Science, zc1245@nyu.edu, Personal Website