Daily Threat Intelligence Report

This report contains following information

  1. Overall statistics
    1. Number of domains detected
    2. Number of domains detected by Google Safe Browsing
    3. IP address behind entry-level domains
    4. date of collection
  2. Top 10 domain statistics
    1. count (number of redirection paths that contain this domain)
    2. tier (1 is entry-level domain, 2 is intermediate hop, 3 is final landing domain)
    3. registar
    4. organization
  3. Top 10 IP statistics
    1. count
    2. location (city, country, region)
    3. hostname
    4. organization
  4. Consolidated redirection path
    1. green: tier one domain
    2. yellow: tier two domain
    3. red: tier three domain
num_domain num_links num_full_url num_safebrowsing_malicious num_vt_malicious date ip user_agent
0 220 220 923 0 113 2021-01-31 37.48.65.149 Android
tier domain count registrar name_servers org
0 tier_1 bahargroup.asia 1 DYNADOT LLC NS1.COMMONMX.COM None
1 tier_1 epfindian.in 1 Dynadot LLC ns1.commonmx.com None
2 tier_1 biit.info 1 DYNADOT LLC NS1.COMMONMX.COM None
3 tier_1 arxivi.org 1 GoDaddy.com, LLC NS1.COMMONMX.COM None
4 tier_1 asibbsrcircle.in 1 Dynadot LLC ns1.commonmx.com None
5 tier_1 biyoukenkou.mobi 1 DYNADOT LLC None None
6 tier_1 emonj.net 1 DYNADOT17 LLC NS1.COMMONMX.COM None
7 tier_1 9code.in 1 Dynadot LLC ns1.commonmx.com None
8 tier_1 dd-routers.com 1 GoDaddy.com, LLC NS1.COMMONMX.COM None
9 tier_1 dietplanforskolin.com 1 GoDaddy.com, LLC NS1.COMMONMX.COM None
10 tier_2 2893.wcitianka.com 79 GoDaddy Online Services Cayman Islands LTD NS-1096.AWSDNS-09.ORG None
11 tier_2 cpakd.com 78 GoDaddy Online Services Cayman Islands LTD HUGH.NS.CLOUDFLARE.COM None
12 tier_2 bradamante-per.com 56 Amazon Registrar, Inc. NS-1026.AWSDNS-00.ORG Whois Privacy Service
13 tier_2 get.popplunder.com 56 NAMECHEAP INC DNS1.REGISTRAR-SERVERS.COM WhoisGuard, Inc.
14 tier_2 dprtb.com 54 1API GmbH NS1.DNSIMPLE.COM REDACTED FOR PRIVACY
15 tier_2 trustedpush.com 54 NAMECHEAP INC NS-1142.AWSDNS-14.ORG WhoisGuard, Inc.
16 tier_2 win1.trustedpush.com 44 NAMECHEAP INC NS-1142.AWSDNS-14.ORG WhoisGuard, Inc.
17 tier_2 win2.trustedpush.com 26 NAMECHEAP INC NS-1142.AWSDNS-14.ORG WhoisGuard, Inc.
18 tier_2 click.expmediadirect.com 15 None None None
19 tier_2 alfik-fik.com 10 Amazon Registrar, Inc. NS-1264.AWSDNS-30.ORG Whois Privacy Service
20 tier_3 b.joyspotmap.xyz 38 Epik LLC MARJORY.NS.CLOUDFLARE.COM Anonymize, Inc.
21 tier_3 delightcmain.xyz 36 Epik LLC MARJORY.NS.CLOUDFLARE.COM Anonymize, Inc.
22 tier_3 win3.trustedpush.com 19 NAMECHEAP INC NS-1142.AWSDNS-14.ORG WhoisGuard, Inc.
23 tier_3 win2.trustedpush.com 18 NAMECHEAP INC NS-1142.AWSDNS-14.ORG WhoisGuard, Inc.
24 tier_3 win1.trustedpush.com 10 NAMECHEAP INC NS-1142.AWSDNS-14.ORG WhoisGuard, Inc.
25 tier_3 win4.trustedpush.com 7 NameCheap, Inc. NS-1142.AWSDNS-14.ORG None
26 tier_3 moneyfinancegold.com 7 None None None
27 tier_3 search.yahoo.com 5 MarkMonitor, Inc. NS1.YAHOO.COM Oath Inc.
28 tier_3 mergerinvesting.com 4 NAMECHEAP INC DNS1.REGISTRAR-SERVERS.COM WhoisGuard, Inc.
29 tier_3 rd.bizrate.com 3 MarkMonitor Inc. NS-1189.AWSDNS-20.ORG None
ip city region org postal country_name tier count anycast hostname
0 207.244.67.216 Manassas Virginia AS30633 Leaseweb USA, Inc. 20108 United States tier_1 26 nan nan
1 207.244.67.215 Manassas Virginia AS30633 Leaseweb USA, Inc. 20108 United States tier_1 24 nan nan
2 207.244.67.214 Manassas Virginia AS30633 Leaseweb USA, Inc. 20108 United States tier_1 22 nan nan
3 207.244.67.218 Manassas Virginia AS30633 Leaseweb USA, Inc. 20108 United States tier_1 17 nan nan
4 104.243.45.178 New York City New York AS23470 ReliableSite.Net LLC 10004 United States tier_1 14 nan nan
5 104.243.45.190 New York City New York AS23470 ReliableSite.Net LLC 10004 United States tier_1 13 nan nan
6 104.243.45.179 New York City New York AS23470 ReliableSite.Net LLC 10004 United States tier_1 13 nan nan
7 206.221.176.184 Hyattsville Maryland AS23470 ReliableSite.Net LLC 20781 United States tier_1 10 nan nan
8 37.48.65.148 Soest Utrecht AS60781 LeaseWeb Netherlands B.V. 3765 Netherlands tier_1 4 nan nan
9 185.107.56.199 Amsterdam North Holland AS43350 NForce Entertainment B.V. 1012 Netherlands tier_1 3 nan nan
10 198.54.112.216 San Jose California AS22612 Namecheap, Inc. 95103 United States tier_2 79 nan nan
11 209.15.13.136 Toronto Ontario AS13768 Aptum Technologies M5N Canada tier_2 62 nan nan
12 104.19.217.16 San Francisco California AS13335 Cloudflare, Inc. 94107 United States tier_2 57 True nan
13 34.199.180.187 Virginia Beach Virginia AS14618 Amazon.com, Inc. 23479 United States tier_2 56 nan ec2-34-199-180-187.compute-1.amazonaws.com
14 34.200.146.95 Virginia Beach Virginia AS14618 Amazon.com, Inc. 23479 United States tier_2 43 nan ec2-34-200-146-95.compute-1.amazonaws.com
15 13.225.218.113 New York City New York AS16509 Amazon.com, Inc. 10004 United States tier_3 9 nan server-13-225-218-113.jfk51.r.cloudfront.net
16 13.225.218.47 New York City New York AS16509 Amazon.com, Inc. 10004 United States tier_3 6 nan server-13-225-218-47.jfk51.r.cloudfront.net
17 13.225.218.85 New York City New York AS16509 Amazon.com, Inc. 10004 United States tier_2 30 nan server-13-225-218-85.jfk51.r.cloudfront.net
18 54.84.27.165 Virginia Beach Virginia AS14618 Amazon.com, Inc. 23479 United States tier_2 24 nan ec2-54-84-27-165.compute-1.amazonaws.com
19 13.225.218.79 New York City New York AS16509 Amazon.com, Inc. 10004 United States tier_2 23 nan server-13-225-218-79.jfk51.r.cloudfront.net
20 100.37.135.2 New York City New York AS701 MCI Communications Services, Inc. d/b/a Verizon Business 10004 United States tier_3 39 nan pool-100-37-135-2.nycmny.fios.verizon.net
21 104.18.78.149 San Francisco California AS13335 Cloudflare, Inc. 94107 United States tier_3 22 True nan
22 104.18.81.149 San Francisco California AS13335 Cloudflare, Inc. 94107 United States tier_3 20 True nan
23 104.18.82.149 San Francisco California AS13335 Cloudflare, Inc. 94107 United States tier_3 13 True nan
24 104.18.79.149 San Francisco California AS13335 Cloudflare, Inc. 94107 United States tier_3 13 True nan
25 104.18.80.149 San Francisco California AS13335 Cloudflare, Inc. 94107 United States tier_3 10 True nan
26 13.225.218.113 New York City New York AS16509 Amazon.com, Inc. 10004 United States tier_3 9 nan server-13-225-218-113.jfk51.r.cloudfront.net
27 13.225.218.47 New York City New York AS16509 Amazon.com, Inc. 10004 United States tier_3 6 nan server-13-225-218-47.jfk51.r.cloudfront.net
28 66.218.84.137 Atlantic City New Jersey AS26101 Oath Holdings Inc. 08404 United States tier_3 5 nan ats1.l7.search.vip.bf1.yahoo.com
29 45.55.189.248 Clifton New Jersey AS14061 DigitalOcean, LLC 07014 United States tier_3 4 nan nan

Aggregated redirection graph of domains located on current IP address.

  • The redirection flows from left to right
  • Leftmost domains are initial domains hosted on current IP
  • Rightmost domains are final landing domains we were able to crawl

Screenshot of high-occurrence final landing domains

Have other ideas? / Want to subscribe to get threat intelligence report? / Contact

Zhouhan Chen, NYU Center for Data Science, zc1245@nyu.edu, Personal Website