Daily Threat Intelligence Report

This report contains following information

  1. Overall statistics
    1. Number of domains detected
    2. Number of domains detected by Google Safe Browsing
    3. IP address behind entry-level domains
    4. date of collection
  2. Top 10 domain statistics
    1. count (number of redirection paths that contain this domain)
    2. tier (1 is entry-level domain, 2 is intermediate hop, 3 is final landing domain)
    3. registar
    4. organization
  3. Top 10 IP statistics
    1. count
    2. location (city, country, region)
    3. hostname
    4. organization
  4. Consolidated redirection path
    1. green: tier one domain
    2. yellow: tier two domain
    3. red: tier three domain
num_domainnum_linksnum_full_urlnum_safebrowsing_maliciousnum_vt_maliciousdateipuser_agent
0181198552002020-12-3137.48.65.149Android
tierdomaincountregistrarname_serversorg
0tier_1albasocial.net1Fushi Tarazu, LLCNS1.DNSNUTS.COMNone
1tier_1brasilonline.tv1Sterling Domains LLCNS1.DNSNUTS.COMNone
2tier_1ritterelementaryschool.com1NamePal.com #8014, LLCNS1.DNSNUTS.COMNone
3tier_1nhahangthanbien.com1NamePal.com #8012, LLCNS1.DNSNUTS.COMNone
4tier_1lankadrama.com1Namecatch LLCNS1.DNSNUTS.COMNone
5tier_1putasatrevidas.com1SNAPNAMES 63, LLCNS1.DNSNUTS.COMNone
6tier_1dutopia.info1UDomainName.com LLCNS1.DNSNUTS.COMThe Management Group II
7tier_1beritatrendz.com1Nameselite, LLCNS1.DNSNUTS.COMNone
8tier_1shireen-n.com1Nameselite, LLCNS1.DNSNUTS.COMNone
9tier_1causticwow.net1Klaatudomains.com LLCNS1.DNSNUTS.COMNone
10tier_2track.vcdc.com45Key-Systems GmbHGUY.NS.CLOUDFLARE.COMc/o whoisproxy.com
11tier_2alfik-fik.com41Amazon Registrar, Inc.NS-1264.AWSDNS-30.ORGWhois Privacy Service
12tier_2bradamante-per.com27Amazon Registrar, Inc.NS-1026.AWSDNS-00.ORGWhois Privacy Service
13tier_2get.popplunder.com27NAMECHEAP INCDNS1.REGISTRAR-SERVERS.COMWhoisGuard, Inc.
14tier_2trustedpush.com26NAMECHEAP INCNS-1142.AWSDNS-14.ORGWhoisGuard, Inc.
15tier_2win1.trustedpush.com25NAMECHEAP INCNS-1142.AWSDNS-14.ORGWhoisGuard, Inc.
16tier_2win2.trustedpush.com22NAMECHEAP INCNS-1142.AWSDNS-14.ORGWhoisGuard, Inc.
17tier_2win3.trustedpush.com14NAMECHEAP INCNS-1142.AWSDNS-14.ORGWhoisGuard, Inc.
18tier_2dprtb.com12GoDaddy.com, LLCNS1.DNSIMPLE.COMBidtellect, Inc
19tier_2click.expmediadirect.com12NAMECHEAP INCNS1.LINODE.COMWhoisGuard, Inc.
20tier_3blog.sfgate.com17CSC CORPORATE DOMAINS, INC.NS1.HEARSTNP.COMHearst Communications, Inc.
21tier_3blog.chron.com17CSC CORPORATE DOMAINS, INC.NS1.HEARSTNP.COMHearst Newspapers, LLC
22tier_3win4.trustedpush.com9NAMECHEAP INCNS-1142.AWSDNS-14.ORGWhoisGuard, Inc.
23tier_3win3.trustedpush.com8NAMECHEAP INCNS-1142.AWSDNS-14.ORGWhoisGuard, Inc.
24tier_3findoffers.co7Key-Systems GmbHns4.monikerdns.netMoniker Privacy Services
25tier_3track.vcdc.com7Key-Systems GmbHGUY.NS.CLOUDFLARE.COMc/o whoisproxy.com
26tier_3win5.trustedpush.com4NAMECHEAP INCNS-1142.AWSDNS-14.ORGWhoisGuard, Inc.
27tier_3win2.trustedpush.com3NameCheap, Inc.NS-1142.AWSDNS-14.ORGNone
28tier_3medicare.healthcare.com3GoDaddy.com, LLCNS-1455.AWSDNS-53.ORGDomains By Proxy, LLC
29tier_3squirt.org2NoneNoneNone
ipcityregionorgpostalcountry_nametiercounthostnameanycast
0207.244.67.214ManassasVirginiaAS30633 Leaseweb USA, Inc.20108United Statestier_119nannan
1207.244.67.216ManassasVirginiaAS30633 Leaseweb USA, Inc.20108United Statestier_118nannan
2207.244.67.215ManassasVirginiaAS30633 Leaseweb USA, Inc.20108United Statestier_117nannan
3207.244.67.218ManassasVirginiaAS30633 Leaseweb USA, Inc.20108United Statestier_116nannan
437.48.65.149AmsterdamNorth HollandAS60781 LeaseWeb Netherlands B.V.1012Netherlandstier_14nannan
5185.107.56.60AmsterdamNorth HollandAS43350 NForce Entertainment B.V.1012Netherlandstier_13nannan
663.143.32.93DallasTexasAS46475 Limestone Networks, Inc.75202United Statestier_1393-32-143-63.static.reverse.lstn.netnan
763.143.32.94DallasTexasAS46475 Limestone Networks, Inc.75202United Statestier_1294-32-143-63.static.reverse.lstn.netnan
837.48.65.148AmsterdamNorth HollandAS60781 LeaseWeb Netherlands B.V.1012Netherlandstier_12nannan
963.143.32.92DallasTexasAS46475 Limestone Networks, Inc.75202United Statestier_1292-32-143-63.static.reverse.lstn.netnan
1013.224.211.117SeattleWashingtonAS16509 Amazon.com, Inc.98101United Statestier_34server-13-224-211-117.phl50.r.cloudfront.netnan
1134.226.113.11Virginia BeachVirginiaAS14618 Amazon.com, Inc.23464United Statestier_237ec2-34-226-113-11.compute-1.amazonaws.comnan
12204.44.79.214Los AngelesCaliforniaAS8100 QuadraNet Enterprises LLC90014United Statestier_235204.44.79.214.static.quadranet.comnan
1334.202.98.117Virginia BeachVirginiaAS14618 Amazon.com, Inc.23464United Statestier_231ec2-34-202-98-117.compute-1.amazonaws.comnan
1434.199.180.187Virginia BeachVirginiaAS14618 Amazon.com, Inc.23464United Statestier_227ec2-34-199-180-187.compute-1.amazonaws.comnan
1513.224.211.59SeattleWashingtonAS16509 Amazon.com, Inc.98101United Statestier_225server-13-224-211-59.phl50.r.cloudfront.netnan
16209.15.13.136TorontoOntarioAS13768 Aptum TechnologiesM5NCanadatier_223nannan
1713.224.211.119SeattleWashingtonAS16509 Amazon.com, Inc.98101United Statestier_33server-13-224-211-119.phl50.r.cloudfront.netnan
1894.130.186.231NürnbergBavariaAS24940 Hetzner Online GmbH90402Germanytier_217static.231.186.130.94.clients.your-server.denan
1994.130.185.237NürnbergBavariaAS24940 Hetzner Online GmbH90402Germanytier_214static.237.185.130.94.clients.your-server.denan
20151.101.0.200San FranciscoCaliforniaAS54113 Fastly94107United Statestier_334nanTrue
21100.37.135.2New York CityNew YorkAS701 MCI Communications Services, Inc. d/b/a Verizon Business10004United Statestier_320pool-100-37-135-2.nycmny.fios.verizon.netnan
2218.190.1.57ColumbusOhioAS16509 Amazon.com, Inc.43221United Statestier_37ec2-18-190-1-57.us-east-2.compute.amazonaws.comnan
23195.201.92.254NürnbergBavariaAS24940 Hetzner Online GmbH90402Germanytier_37static.254.92.201.195.clients.your-server.denan
2413.224.211.117SeattleWashingtonAS16509 Amazon.com, Inc.98101United Statestier_34server-13-224-211-117.phl50.r.cloudfront.netnan
2513.224.211.119SeattleWashingtonAS16509 Amazon.com, Inc.98101United Statestier_33server-13-224-211-119.phl50.r.cloudfront.netnan
26158.106.84.60TorontoOntarioAS23498 COGECODATAM5NCanadatier_32gay-hookup.comnan
2734.237.115.112Virginia BeachVirginiaAS14618 Amazon.com, Inc.23464United Statestier_32ec2-34-237-115-112.compute-1.amazonaws.comnan
2823.39.32.237NewarkNew JerseyAS16625 Akamai Technologies, Inc.07175United Statestier_32a23-39-32-237.deploy.static.akamaitechnologies.comnan
2913.224.211.22SeattleWashingtonAS16509 Amazon.com, Inc.98101United Statestier_32server-13-224-211-22.phl50.r.cloudfront.netnan

Have other ideas? / Want to subscribe to get threat intelligence report? / Contact

Zhouhan Chen, NYU Center for Data Science, zc1245@nyu.edu, Personal Website