Daily Threat Intelligence Report

This report contains following information

  1. Overall statistics
    1. Number of domains detected
    2. Number of domains detected by Google Safe Browsing
    3. IP address behind entry-level domains
    4. date of collection
  2. Top 10 domain statistics
    1. count (number of redirection paths that contain this domain)
    2. tier (1 is entry-level domain, 2 is intermediate hop, 3 is final landing domain)
    3. registar
    4. organization
  3. Top 10 IP statistics
    1. count
    2. location (city, country, region)
    3. hostname
    4. organization
  4. Consolidated redirection path
    1. green: tier one domain
    2. yellow: tier two domain
    3. red: tier three domain
num_domain num_links num_full_url num_safebrowsing_malicious num_vt_malicious date ip user_agent
0 245 249 776 0 157 2021-02-20 207.244.67.215 Android
tier domain count registrar name_servers org
0 tier_1 forrealzpiratebay.org 1 Biglizarddomains.com LLC NS1.COMMONMX.COM None
1 tier_1 ecomatt.co 1 GoDaddy.com, LLC ns2.commonmx.com None
2 tier_1 720pizle.co 1 GoDaddy.com, LLC ns2.commonmx.com None
3 tier_1 dudedigitalcodes.com 1 Chipshot Domains LLC NS1.COMMONMX.COM None
4 tier_1 baicung.com 1 GoDaddy.com, LLC NS1.COMMONMX.COM None
5 tier_1 desigay.org 1 Beartrapdomains.com LLC NS1.COMMONMX.COM None
6 tier_1 chagford-accom.co.uk 1 Virtua Drug Ltd t/a autoBackorder [Tag = AUTOBACKORDER] n None
7 tier_1 davmodeldgp.org 1 Domainamania.com LLC NS1.COMMONMX.COM None
8 tier_1 fueledup.co 1 Communigal Communication Ltd ns2.commonmx.com None
9 tier_1 cannalegit.co 1 Communigal Communication Ltd ns2.commonmx.com None
10 tier_2 2893.wcitianka.com 70 GoDaddy Online Services Cayman Islands LTD NS-1096.AWSDNS-09.ORG None
11 tier_2 awakeningsco.com 69 GoDaddy Online Services Cayman Islands LTD HUGH.NS.CLOUDFLARE.COM None
12 tier_2 dprtb.com 43 1API GmbH NS1.DNSIMPLE.COM REDACTED FOR PRIVACY
13 tier_2 bradamante-per.com 26 Amazon Registrar, Inc. NS-1026.AWSDNS-00.ORG Whois Privacy Service
14 tier_2 get.popplunder.com 26 NAMECHEAP INC DNS1.REGISTRAR-SERVERS.COM WhoisGuard, Inc.
15 tier_2 trustedpush.com 25 NAMECHEAP INC NS-1142.AWSDNS-14.ORG WhoisGuard, Inc.
16 tier_2 win1.trustedpush.com 22 NAMECHEAP INC NS-1142.AWSDNS-14.ORG WhoisGuard, Inc.
17 tier_2 alfik-fik.com 19 Amazon Registrar, Inc. NS-1264.AWSDNS-30.ORG Whois Privacy Service
18 tier_2 win2.trustedpush.com 13 None None None
19 tier_2 btpnative.com 8 1API GmbH NS1.DNSIMPLE.COM Registrant of btpnative.com
20 tier_3 dprtb.com 55 1API GmbH NS1.DNSIMPLE.COM REDACTED FOR PRIVACY
21 tier_3 b.funmapd.xyz 23 Sav.comLLC HUGH.NS.CLOUDFLARE.COM Privacy Protection
22 tier_3 m.fastspotb.xyz 16 Sav.comLLC HUGH.NS.CLOUDFLARE.COM Privacy Protection
23 tier_3 b.gladspaceplane.xyz 14 Epik LLC MARJORY.NS.CLOUDFLARE.COM Anonymize, Inc.
24 tier_3 storystudio.sfgate.com 12 CSC CORPORATE DOMAINS, INC. NS1.HEARSTNP.COM Hearst Communications, Inc.
25 tier_3 win3.trustedpush.com 11 NAMECHEAP INC NS-1142.AWSDNS-14.ORG WhoisGuard, Inc.
26 tier_3 b.delightcmain.xyz 11 Epik LLC MARJORY.NS.CLOUDFLARE.COM Anonymize, Inc.
27 tier_3 btpnative.com 11 1API GmbH NS1.DNSIMPLE.COM Registrant of btpnative.com
28 tier_3 win2.trustedpush.com 9 NAMECHEAP INC NS-1142.AWSDNS-14.ORG WhoisGuard, Inc.
29 tier_3 b.meeryslotspin.xyz 9 Epik LLC MARJORY.NS.CLOUDFLARE.COM Anonymize, Inc.
ip city region org postal country_name tier count anycast hostname
0 207.244.67.215 Manassas Virginia AS30633 Leaseweb USA, Inc. 20108 United States tier_1 28 nan nan
1 207.244.67.216 Manassas Virginia AS30633 Leaseweb USA, Inc. 20108 United States tier_1 26 nan nan
2 207.244.67.214 Manassas Virginia AS30633 Leaseweb USA, Inc. 20108 United States tier_1 25 nan nan
3 207.244.67.218 Manassas Virginia AS30633 Leaseweb USA, Inc. 20108 United States tier_1 22 nan nan
4 206.221.176.184 New York City New York AS23470 ReliableSite.Net LLC 10004 United States tier_1 19 nan nan
5 104.243.45.179 New York City New York AS23470 ReliableSite.Net LLC 10004 United States tier_1 13 nan nan
6 104.243.45.178 New York City New York AS23470 ReliableSite.Net LLC 10004 United States tier_1 12 nan nan
7 37.48.65.150 Soest Utrecht AS60781 LeaseWeb Netherlands B.V. 3765 Netherlands tier_1 8 nan nan
8 37.48.65.149 Soest Utrecht AS60781 LeaseWeb Netherlands B.V. 3765 Netherlands tier_1 4 nan nan
9 104.243.45.190 New York City New York AS23470 ReliableSite.Net LLC 10004 United States tier_1 4 nan nan
10 198.54.112.216 San Jose California AS22612 Namecheap, Inc. 95103 United States tier_2 70 nan nan
11 209.15.13.136 Toronto Ontario AS13768 Aptum Technologies M5N Canada tier_3 66 nan nan
12 104.18.2.198 San Francisco California AS13335 Cloudflare, Inc. 94107 United States tier_2 46 True nan
13 34.199.180.187 Virginia Beach Virginia AS14618 Amazon.com, Inc. 23452 United States tier_2 26 nan ec2-34-199-180-187.compute-1.amazonaws.com
14 104.18.3.198 San Francisco California AS13335 Cloudflare, Inc. 94107 United States tier_2 23 True nan
15 34.200.146.95 Virginia Beach Virginia AS14618 Amazon.com, Inc. 23452 United States tier_2 23 nan ec2-34-200-146-95.compute-1.amazonaws.com
16 54.84.27.165 Virginia Beach Virginia AS14618 Amazon.com, Inc. 23452 United States tier_2 22 nan ec2-54-84-27-165.compute-1.amazonaws.com
17 13.225.218.47 New York City New York AS16509 Amazon.com, Inc. 10004 United States tier_2 18 nan server-13-225-218-47.jfk51.r.cloudfront.net
18 204.44.79.214 Los Angeles California AS8100 QuadraNet Enterprises LLC 90014 United States tier_2 17 nan 204.44.79.214.static.quadranet.com
19 13.225.218.79 New York City New York AS16509 Amazon.com, Inc. 10004 United States tier_2 16 nan server-13-225-218-79.jfk51.r.cloudfront.net
20 209.15.13.136 Toronto Ontario AS13768 Aptum Technologies M5N Canada tier_3 66 nan nan
21 104.18.82.149 San Francisco California AS13335 Cloudflare, Inc. 94107 United States tier_3 28 True nan
22 100.37.135.2 New York City New York AS701 MCI Communications Services, Inc. d/b/a Verizon Business 10004 United States tier_3 18 nan pool-100-37-135-2.nycmny.fios.verizon.net
23 98.129.228.57 Dallas Texas AS33070 Rackspace Hosting 75270 United States tier_3 17 nan nan
24 104.18.81.149 San Francisco California AS13335 Cloudflare, Inc. 94107 United States tier_3 15 True nan
25 104.18.78.149 San Francisco California AS13335 Cloudflare, Inc. 94107 United States tier_3 13 True nan
26 104.18.80.149 San Francisco California AS13335 Cloudflare, Inc. 94107 United States tier_3 11 True nan
27 104.18.79.149 San Francisco California AS13335 Cloudflare, Inc. 94107 United States tier_3 6 True nan
28 13.225.218.113 New York City New York AS16509 Amazon.com, Inc. 10004 United States tier_3 4 nan server-13-225-218-113.jfk51.r.cloudfront.net
29 104.21.95.173 San Francisco California AS13335 Cloudflare, Inc. 94107 United States tier_3 2 True nan

Aggregated redirection graph of domains located on current IP address.

  • The redirection flows from left to right
  • Leftmost domains are initial domains hosted on current IP
  • Rightmost domains are final landing domains we were able to crawl

Screenshot of high-occurrence final landing domains

Have other ideas? / Want to subscribe to get threat intelligence report? / Contact

Zhouhan Chen, NYU Center for Data Science, zc1245@nyu.edu, Personal Website