Daily Threat Intelligence Report

This report contains following information

  1. Overall statistics
    1. Number of domains detected
    2. Number of domains detected by Google Safe Browsing
    3. IP address behind entry-level domains
    4. date of collection
  2. Top 10 domain statistics
    1. count (number of redirection paths that contain this domain)
    2. tier (1 is entry-level domain, 2 is intermediate hop, 3 is final landing domain)
    3. registar
    4. organization
  3. Top 10 IP statistics
    1. count
    2. location (city, country, region)
    3. hostname
    4. organization
  4. Consolidated redirection path
    1. green: tier one domain
    2. yellow: tier two domain
    3. red: tier three domain
num_domain num_links num_full_url num_safebrowsing_malicious num_vt_malicious date ip user_agent
0 181 198 552 0 0 2020-12-31 37.48.65.149 Android
tier domain count registrar name_servers org
0 tier_1 albasocial.net 1 Fushi Tarazu, LLC NS1.DNSNUTS.COM None
1 tier_1 brasilonline.tv 1 Sterling Domains LLC NS1.DNSNUTS.COM None
2 tier_1 ritterelementaryschool.com 1 NamePal.com #8014, LLC NS1.DNSNUTS.COM None
3 tier_1 nhahangthanbien.com 1 NamePal.com #8012, LLC NS1.DNSNUTS.COM None
4 tier_1 lankadrama.com 1 Namecatch LLC NS1.DNSNUTS.COM None
5 tier_1 putasatrevidas.com 1 SNAPNAMES 63, LLC NS1.DNSNUTS.COM None
6 tier_1 dutopia.info 1 UDomainName.com LLC NS1.DNSNUTS.COM The Management Group II
7 tier_1 beritatrendz.com 1 Nameselite, LLC NS1.DNSNUTS.COM None
8 tier_1 shireen-n.com 1 Nameselite, LLC NS1.DNSNUTS.COM None
9 tier_1 causticwow.net 1 Klaatudomains.com LLC NS1.DNSNUTS.COM None
10 tier_2 track.vcdc.com 45 Key-Systems GmbH GUY.NS.CLOUDFLARE.COM c/o whoisproxy.com
11 tier_2 alfik-fik.com 41 Amazon Registrar, Inc. NS-1264.AWSDNS-30.ORG Whois Privacy Service
12 tier_2 bradamante-per.com 27 Amazon Registrar, Inc. NS-1026.AWSDNS-00.ORG Whois Privacy Service
13 tier_2 get.popplunder.com 27 NAMECHEAP INC DNS1.REGISTRAR-SERVERS.COM WhoisGuard, Inc.
14 tier_2 trustedpush.com 26 NAMECHEAP INC NS-1142.AWSDNS-14.ORG WhoisGuard, Inc.
15 tier_2 win1.trustedpush.com 25 NAMECHEAP INC NS-1142.AWSDNS-14.ORG WhoisGuard, Inc.
16 tier_2 win2.trustedpush.com 22 NAMECHEAP INC NS-1142.AWSDNS-14.ORG WhoisGuard, Inc.
17 tier_2 win3.trustedpush.com 14 NAMECHEAP INC NS-1142.AWSDNS-14.ORG WhoisGuard, Inc.
18 tier_2 dprtb.com 12 GoDaddy.com, LLC NS1.DNSIMPLE.COM Bidtellect, Inc
19 tier_2 click.expmediadirect.com 12 NAMECHEAP INC NS1.LINODE.COM WhoisGuard, Inc.
20 tier_3 blog.sfgate.com 17 CSC CORPORATE DOMAINS, INC. NS1.HEARSTNP.COM Hearst Communications, Inc.
21 tier_3 blog.chron.com 17 CSC CORPORATE DOMAINS, INC. NS1.HEARSTNP.COM Hearst Newspapers, LLC
22 tier_3 win4.trustedpush.com 9 NAMECHEAP INC NS-1142.AWSDNS-14.ORG WhoisGuard, Inc.
23 tier_3 win3.trustedpush.com 8 NAMECHEAP INC NS-1142.AWSDNS-14.ORG WhoisGuard, Inc.
24 tier_3 findoffers.co 7 Key-Systems GmbH ns4.monikerdns.net Moniker Privacy Services
25 tier_3 track.vcdc.com 7 Key-Systems GmbH GUY.NS.CLOUDFLARE.COM c/o whoisproxy.com
26 tier_3 win5.trustedpush.com 4 NAMECHEAP INC NS-1142.AWSDNS-14.ORG WhoisGuard, Inc.
27 tier_3 win2.trustedpush.com 3 NameCheap, Inc. NS-1142.AWSDNS-14.ORG None
28 tier_3 medicare.healthcare.com 3 GoDaddy.com, LLC NS-1455.AWSDNS-53.ORG Domains By Proxy, LLC
29 tier_3 squirt.org 2 None None None
ip city region org postal country_name tier count hostname anycast
0 207.244.67.214 Manassas Virginia AS30633 Leaseweb USA, Inc. 20108 United States tier_1 19 nan nan
1 207.244.67.216 Manassas Virginia AS30633 Leaseweb USA, Inc. 20108 United States tier_1 18 nan nan
2 207.244.67.215 Manassas Virginia AS30633 Leaseweb USA, Inc. 20108 United States tier_1 17 nan nan
3 207.244.67.218 Manassas Virginia AS30633 Leaseweb USA, Inc. 20108 United States tier_1 16 nan nan
4 37.48.65.149 Amsterdam North Holland AS60781 LeaseWeb Netherlands B.V. 1012 Netherlands tier_1 4 nan nan
5 185.107.56.60 Amsterdam North Holland AS43350 NForce Entertainment B.V. 1012 Netherlands tier_1 3 nan nan
6 63.143.32.93 Dallas Texas AS46475 Limestone Networks, Inc. 75202 United States tier_1 3 93-32-143-63.static.reverse.lstn.net nan
7 63.143.32.94 Dallas Texas AS46475 Limestone Networks, Inc. 75202 United States tier_1 2 94-32-143-63.static.reverse.lstn.net nan
8 37.48.65.148 Amsterdam North Holland AS60781 LeaseWeb Netherlands B.V. 1012 Netherlands tier_1 2 nan nan
9 63.143.32.92 Dallas Texas AS46475 Limestone Networks, Inc. 75202 United States tier_1 2 92-32-143-63.static.reverse.lstn.net nan
10 13.224.211.117 Seattle Washington AS16509 Amazon.com, Inc. 98101 United States tier_3 4 server-13-224-211-117.phl50.r.cloudfront.net nan
11 34.226.113.11 Virginia Beach Virginia AS14618 Amazon.com, Inc. 23464 United States tier_2 37 ec2-34-226-113-11.compute-1.amazonaws.com nan
12 204.44.79.214 Los Angeles California AS8100 QuadraNet Enterprises LLC 90014 United States tier_2 35 204.44.79.214.static.quadranet.com nan
13 34.202.98.117 Virginia Beach Virginia AS14618 Amazon.com, Inc. 23464 United States tier_2 31 ec2-34-202-98-117.compute-1.amazonaws.com nan
14 34.199.180.187 Virginia Beach Virginia AS14618 Amazon.com, Inc. 23464 United States tier_2 27 ec2-34-199-180-187.compute-1.amazonaws.com nan
15 13.224.211.59 Seattle Washington AS16509 Amazon.com, Inc. 98101 United States tier_2 25 server-13-224-211-59.phl50.r.cloudfront.net nan
16 209.15.13.136 Toronto Ontario AS13768 Aptum Technologies M5N Canada tier_2 23 nan nan
17 13.224.211.119 Seattle Washington AS16509 Amazon.com, Inc. 98101 United States tier_3 3 server-13-224-211-119.phl50.r.cloudfront.net nan
18 94.130.186.231 Nürnberg Bavaria AS24940 Hetzner Online GmbH 90402 Germany tier_2 17 static.231.186.130.94.clients.your-server.de nan
19 94.130.185.237 Nürnberg Bavaria AS24940 Hetzner Online GmbH 90402 Germany tier_2 14 static.237.185.130.94.clients.your-server.de nan
20 151.101.0.200 San Francisco California AS54113 Fastly 94107 United States tier_3 34 nan True
21 100.37.135.2 New York City New York AS701 MCI Communications Services, Inc. d/b/a Verizon Business 10004 United States tier_3 20 pool-100-37-135-2.nycmny.fios.verizon.net nan
22 18.190.1.57 Columbus Ohio AS16509 Amazon.com, Inc. 43221 United States tier_3 7 ec2-18-190-1-57.us-east-2.compute.amazonaws.com nan
23 195.201.92.254 Nürnberg Bavaria AS24940 Hetzner Online GmbH 90402 Germany tier_3 7 static.254.92.201.195.clients.your-server.de nan
24 13.224.211.117 Seattle Washington AS16509 Amazon.com, Inc. 98101 United States tier_3 4 server-13-224-211-117.phl50.r.cloudfront.net nan
25 13.224.211.119 Seattle Washington AS16509 Amazon.com, Inc. 98101 United States tier_3 3 server-13-224-211-119.phl50.r.cloudfront.net nan
26 158.106.84.60 Toronto Ontario AS23498 COGECODATA M5N Canada tier_3 2 gay-hookup.com nan
27 34.237.115.112 Virginia Beach Virginia AS14618 Amazon.com, Inc. 23464 United States tier_3 2 ec2-34-237-115-112.compute-1.amazonaws.com nan
28 23.39.32.237 Newark New Jersey AS16625 Akamai Technologies, Inc. 07175 United States tier_3 2 a23-39-32-237.deploy.static.akamaitechnologies.com nan
29 13.224.211.22 Seattle Washington AS16509 Amazon.com, Inc. 98101 United States tier_3 2 server-13-224-211-22.phl50.r.cloudfront.net nan

Have other ideas? / Want to subscribe to get threat intelligence report? / Contact

Zhouhan Chen, NYU Center for Data Science, zc1245@nyu.edu, Personal Website