Daily Threat Intelligence Report

This report contains following information

  1. Overall statistics
    1. Number of domains detected
    2. Number of domains detected by Google Safe Browsing
    3. IP address behind entry-level domains
    4. date of collection
  2. Top 10 domain statistics
    1. count (number of redirection paths that contain this domain)
    2. tier (1 is entry-level domain, 2 is intermediate hop, 3 is final landing domain)
    3. registar
    4. organization
  3. Top 10 IP statistics
    1. count
    2. location (city, country, region)
    3. hostname
    4. organization
  4. Consolidated redirection path
    1. green: tier one domain
    2. yellow: tier two domain
    3. red: tier three domain
num_domain num_links num_full_url num_safebrowsing_malicious num_vt_malicious date ip user_agent
0 39 37 54 0 1 2021-04-14 185.53.177.73 Chrome
tier domain count registrar name_servers org
0 tier_1 1link.in 1 TLD Registrar Solutions Ltd. ns1.parkingcrew.net None
1 tier_1 bitcoinclub.pl 1 Aftermarket.pl Limited n None
2 tier_1 ggogle.dk 1 None ns1.parkingcrew.net None
3 tier_1 giogle.dk 1 None ns1.parkingcrew.net None
4 tier_1 mcinternet.dk 1 None ns1.parkingcrew.net None
5 tier_1 nordera.dk 1 None ns1.parkingcrew.net None
6 tier_1 hairdesign.dk 1 None ns1.parkingcrew.net None
7 tier_1 gooogle.dk 1 None ns1.parkingcrew.net None
8 tier_1 leasplan.dk 1 None ns1.parkingcrew.net None
9 tier_1 patientvejledningen.dk 1 None ns1.parkingcrew.net None
10 tier_2 katie.v4.omgtnc.com 9 PSI-USA, Inc. dba Domain Robot NS-1133.AWSDNS-13.ORG None
11 tier_2 recode.pw 3 GANDI SAS NS-1611.AWSDNS-09.CO.UK PPCBUZZ
12 tier_2 us.redirectbuzz.club 2 Gandi SAS ns-2.awsdns-00.com PPCBUZZ
13 tier_2 technoblogs.net 2 GANDI SAS NS-1196.AWSDNS-21.ORG PPCBUZZ
14 tier_2 paid.outbrain.com 2 Network Solutions, LLC DNS1.P07.NSONE.NET None
15 tier_2 clk.rtpdn12.com 1 NAMECHEAP INC DNS1.REGISTRAR-SERVERS.COM Privacy service provided by Withheld for Privacy ehf
16 tier_2 traff0121.com 1 NAMECHEAP INC HANS.NS.CLOUDFLARE.COM Privacy service provided by Withheld for Privacy ehf
17 tier_2 contentgate.art 1 URL Solutions Inc. HEATHER.NS.CLOUDFLARE.COM GLOBAL DOMAIN PRIVACY SERVICES INC
18 tier_2 0.contentgate.art 1 URL Solutions Inc. HEATHER.NS.CLOUDFLARE.COM GLOBAL DOMAIN PRIVACY SERVICES INC
19 tier_2 1.contentgate.art 1 URL Solutions Inc. HEATHER.NS.CLOUDFLARE.COM GLOBAL DOMAIN PRIVACY SERVICES INC
20 tier_2 2.contentgate.art 1 URL Solutions Inc. HEATHER.NS.CLOUDFLARE.COM GLOBAL DOMAIN PRIVACY SERVICES INC
21 tier_2 3.contentgate.art 1 URL Solutions Inc. HEATHER.NS.CLOUDFLARE.COM GLOBAL DOMAIN PRIVACY SERVICES INC
22 tier_2 trfktunnel.com 1 NAMECHEAP INC DAVE.NS.CLOUDFLARE.COM Privacy service provided by Withheld for Privacy ehf
23 tier_2 betalonflamechan.com 1 URL SOLUTIONS INC. NS-1305.AWSDNS-35.ORG GLOBAL DOMAIN PRIVACY SERVICES INC
24 tier_2 t.sslrt4.com 1 NAMECHEAP INC NS-1092.AWSDNS-08.ORG Privacy service provided by Withheld for Privacy ehf
25 tier_2 batores-dimineer.com 1 Amazon Registrar, Inc. NS-111.AWSDNS-13.COM Whois Privacy Service
26 tier_2 trkppc.com 1 NAMECHEAP INC PDNS1.REGISTRAR-SERVERS.COM Privacy service provided by Withheld for Privacy ehf
27 tier_2 capitaloneshopping.sjv.io 1 GANDI SAS NS-545.AWSDNS-04.NET None
28 tier_2 ojrq.net 1 GANDI SAS NS-1151.AWSDNS-15.ORG Impact Radius
29 tier_2 capitaloneshopping.sjv.io_LOOP_1 1 None None None
30 tier_3 mergerinvesting.com 2 NAMECHEAP INC DNS1.REGISTRAR-SERVERS.COM Privacy service provided by Withheld for Privacy ehf
31 tier_3 ram21.proasdf.com 2 GoDaddy.com, LLC NS61.DOMAINCONTROL.COM Domains By Proxy, LLC
32 tier_3 auth.bitbay.net 1 NAMECHEAP INC EMMA.NS.CLOUDFLARE.COM Privacy service provided by Withheld for Privacy ehf
33 tier_3 shop.threesbrewing.com 1 None None None
34 tier_3 crutchfield.com 1 Domain.com, LLC NS1.CRUTCHFIELD.COM REDACTED FOR PRIVACY
35 tier_3 capitaloneshopping.com 1 CSC CORPORATE DOMAINS, INC. IVY.NS.CLOUDFLARE.COM Capital One Services, LLC
36 tier_3 surveystarz.com 1 GoDaddy.com, LLC NS13.DOMAINCONTROL.COM Domains By Proxy, LLC
37 tier_3 dropped-click.com 1 NAMECHEAP INC INES.NS.CLOUDFLARE.COM Privacy service provided by Withheld for Privacy ehf
ip city region org postal country_name tier count hostname anycast
0 104.247.81.73 Wyandotte Michigan AS206834 Team Internet AG 48192 United States tier_1 9 nan nan
1 185.253.212.22 Warsaw Mazovia AS48707 Marcin Waligorski Greener 00-010 Poland tier_1 1 nan nan
2 52.45.77.217 Ashburn Virginia AS14618 Amazon.com, Inc. 20149 United States tier_2 8 ec2-52-45-77-217.compute-1.amazonaws.com nan
3 178.62.225.201 Amsterdam North Holland AS14061 DigitalOcean, LLC 1012 Netherlands tier_2 5 nan nan
4 66.232.112.78 Tampa Florida AS29802 HIVELOCITY, Inc. 33606 United States tier_2 3 nan nan
5 66.232.112.72 Tampa Florida AS29802 HIVELOCITY, Inc. 33606 United States tier_2 2 66-232-112-72.static.hvvc.us nan
6 66.232.112.85 Tampa Florida AS29802 HIVELOCITY, Inc. 33606 United States tier_2 2 66-232-112-85.static.hvvc.us nan
7 199.232.66.132 Washington Washington, D.C. AS54113 Fastly 20045 United States tier_2 2 nan nan
8 88.99.101.106 Hohen Neuendorf Brandenburg AS24940 Hetzner Online GmbH 16540 Germany tier_2 2 static.106.101.99.88.clients.your-server.de nan
9 18.210.103.13 Ashburn Virginia AS14618 Amazon.com, Inc. 20149 United States tier_2 2 ec2-18-210-103-13.compute-1.amazonaws.com nan
10 3.220.46.255 Ashburn Virginia AS14618 Amazon.com, Inc. 20149 United States tier_2 1 ec2-3-220-46-255.compute-1.amazonaws.com nan
11 173.239.53.32 New York City New York AS27257 Webair Internet Development Company Inc. 10004 United States tier_2 1 nan nan
12 139.45.197.239 Amsterdam North Holland AS9002 RETN Limited 1012 Netherlands tier_2 1 nan nan
13 35.227.247.224 Kansas City Missouri AS15169 Google LLC 64121 United States tier_2 1 224.247.227.35.bc.googleusercontent.com True
14 35.227.211.136 Kansas City Missouri AS15169 Google LLC 64121 United States tier_2 1 136.211.227.35.bc.googleusercontent.com True
15 34.95.127.121 Kansas City Missouri AS15169 Google LLC 64121 United States tier_2 1 121.127.95.34.bc.googleusercontent.com True
16 100.37.135.2 New York City New York AS701 MCI Communications Services, Inc. d/b/a Verizon Business 10004 United States tier_2 1 pool-100-37-135-2.nycmny.fios.verizon.net nan
17 169.63.237.195 Dallas Texas AS36351 SoftLayer Technologies Inc. 75270 United States tier_2 1 c3.ed.3fa9.ip4.static.sl-reverse.com nan
18 45.55.189.248 Clifton New Jersey AS14061 DigitalOcean, LLC 07014 United States tier_3 2 nan nan
19 162.243.10.151 New York City New York AS14061 DigitalOcean, LLC 10011 United States tier_3 2 nan nan
20 104.18.5.135 San Francisco California AS13335 Cloudflare, Inc. 94107 United States tier_3 1 nan True
21 23.227.38.74 Ottawa Ontario AS13335 Cloudflare, Inc. K2P Canada tier_3 1 nan True
22 205.196.12.74 Hollymead Virginia AS54391 Crutchfield New Media LLC 22911 United States tier_3 1 www.crutchfield.com nan
23 104.18.16.24 San Francisco California AS13335 Cloudflare, Inc. 94107 United States tier_3 1 nan True
24 165.227.96.45 Clifton New Jersey AS14061 DigitalOcean, LLC 07014 United States tier_3 1 109327.cloudwaysapps.com nan
25 75.126.45.196 Dallas Texas AS36351 SoftLayer Technologies Inc. 75270 United States tier_3 1 c4.2d.7e4b.ip4.static.sl-reverse.com nan

Aggregated redirection graph of domains located on current IP address.

  • The redirection flows from left to right
  • Leftmost domains are initial domains hosted on current IP
  • Rightmost domains are final landing domains we were able to crawl

Screenshot of high-occurrence final landing domains

Have other ideas? / Want to subscribe to get threat intelligence report? / Contact

Zhouhan Chen, NYU Center for Data Science, zc1245@nyu.edu, Personal Website