Daily Threat Intelligence Report

This report contains following information

  1. Overall statistics
    1. Number of domains detected
    2. Number of domains detected by Google Safe Browsing
    3. IP address behind entry-level domains
    4. date of collection
  2. Top 10 domain statistics
    1. count (number of redirection paths that contain this domain)
    2. tier (1 is entry-level domain, 2 is intermediate hop, 3 is final landing domain)
    3. registar
    4. organization
  3. Top 10 IP statistics
    1. count
    2. location (city, country, region)
    3. hostname
    4. organization
  4. Consolidated redirection path
    1. green: tier one domain
    2. yellow: tier two domain
    3. red: tier three domain
num_domain num_links num_full_url num_safebrowsing_malicious num_vt_malicious date ip user_agent
0 241 246 1242 1 10 2021-03-05 37.48.65.149 Android
tier domain count registrar name_servers org
0 tier_1 epayfaucets.com 1 TUCOWS, INC. NS1.COMMONMX.COM Contact Privacy Inc. Customer 0159169997
1 tier_1 erotop.info 1 DYNADOT LLC NS1.COMMONMX.COM None
2 tier_1 biit.info 1 Dynadot, LLC NS1.COMMONMX.COM None
3 tier_1 baicung.com 1 GoDaddy.com, LLC NS1.COMMONMX.COM None
4 tier_1 ginderfactory.com 1 TUCOWS, INC. NS1.COMMONMX.COM Contact Privacy Inc. Customer 0158845294
5 tier_1 gratgames.com 1 TUCOWS, INC. NS1.COMMONMX.COM Contact Privacy Inc. Customer 0159841841
6 tier_1 3idi.me 1 GoDaddy.com, LLC None None
7 tier_1 diziindir.org 1 Domainhysteria.com LLC NS1.COMMONMX.COM None
8 tier_1 artdaily.me 1 Dynadot, LLC None None
9 tier_1 conectarural.org 1 GoDaddy.com, LLC NS1.COMMONMX.COM None
10 tier_2 dprtb.com 115 1API GmbH NS1.DNSIMPLE.COM REDACTED FOR PRIVACY
11 tier_2 alfik-fik.com 78 Amazon Registrar, Inc. NS-1264.AWSDNS-30.ORG Whois Privacy Service
12 tier_2 nicanor-the.com 54 Amazon Registrar, Inc. NS-1242.AWSDNS-27.ORG Whois Privacy Service
13 tier_2 get.popplunder.com 52 NAMECHEAP INC DNS1.REGISTRAR-SERVERS.COM WhoisGuard, Inc.
14 tier_2 trustedpush.com 52 NAMECHEAP INC NS-1142.AWSDNS-14.ORG WhoisGuard, Inc.
15 tier_2 win1.trustedpush.com 46 NAMECHEAP INC NS-1142.AWSDNS-14.ORG WhoisGuard, Inc.
16 tier_2 ads35.adtelligent.com 46 DANESCO TRADING LTD NS.ANYCASTNS1.ORG Vertamedia,LLC
17 tier_2 dsp35.adtelligent.com 46 DANESCO TRADING LTD NS.ANYCASTNS1.ORG Vertamedia,LLC
18 tier_2 aibm1.mysearch.space 46 None None None
19 tier_2 externals-1953518744.us-east-1.elb.amazonaws.com 46 MarkMonitor, Inc. R1.AMAZONAWS.COM Amazon.com, Inc.
20 tier_3 bing.com 45 MarkMonitor, Inc. DNS1.P09.NSONE.NET Microsoft Corporation
21 tier_3 happymakesite.xyz 22 Epik LLC MARJORY.NS.CLOUDFLARE.COM Anonymize, Inc.
22 tier_3 storystudio.sfgate.com 21 CSC CORPORATE DOMAINS, INC. NS1.HEARSTNP.COM Hearst Communications, Inc.
23 tier_3 win3.trustedpush.com 17 None None None
24 tier_3 win2.trustedpush.com 16 NAMECHEAP INC NS-1142.AWSDNS-14.ORG WhoisGuard, Inc.
25 tier_3 m.placesiteb.xyz 13 Sav.comLLC HUGH.NS.CLOUDFLARE.COM Privacy Protection
26 tier_3 win4.trustedpush.com 12 NAMECHEAP INC NS-1142.AWSDNS-14.ORG WhoisGuard, Inc.
27 tier_3 win1.trustedpush.com 6 NAMECHEAP INC NS-1142.AWSDNS-14.ORG WhoisGuard, Inc.
28 tier_3 moneyfinancegold.com 2 NameCheap, Inc. ANNA.NS.CLOUDFLARE.COM None
29 tier_3 get.popplunder.com 2 NAMECHEAP INC DNS1.REGISTRAR-SERVERS.COM WhoisGuard, Inc.
ip city region org postal country_name tier count hostname anycast
0 207.244.67.215 Manassas Virginia AS30633 Leaseweb USA, Inc. 20108 United States tier_1 32 nan nan
1 207.244.67.214 Manassas Virginia AS30633 Leaseweb USA, Inc. 20108 United States tier_1 22 nan nan
2 207.244.67.216 Manassas Virginia AS30633 Leaseweb USA, Inc. 20108 United States tier_1 22 nan nan
3 207.244.67.218 Manassas Virginia AS30633 Leaseweb USA, Inc. 20108 United States tier_1 18 nan nan
4 206.221.176.184 Willingboro New Jersey AS23470 ReliableSite.Net LLC 08046 United States tier_1 18 nan nan
5 104.243.45.178 New York City New York AS23470 ReliableSite.Net LLC 10004 United States tier_1 12 nan nan
6 104.243.45.190 New York City New York AS23470 ReliableSite.Net LLC 10004 United States tier_1 9 nan nan
7 185.107.56.197 Amsterdam North Holland AS43350 NForce Entertainment B.V. 1012 Netherlands tier_1 4 nan nan
8 104.243.45.179 New York City New York AS23470 ReliableSite.Net LLC 10004 United States tier_1 4 nan nan
9 74.63.241.24 Los Angeles California AS46475 Limestone Networks, Inc. 90009 United States tier_1 4 24-241-63-74.static.reverse.lstn.net nan
10 209.15.13.136 Toronto Ontario AS13768 Aptum Technologies M5N Canada tier_2 118 nan nan
11 34.200.146.95 Virginia Beach Virginia AS14618 Amazon.com, Inc. 23458 United States tier_2 75 ec2-34-200-146-95.compute-1.amazonaws.com nan
12 13.225.230.12 New York City New York AS16509 Amazon.com, Inc. 10004 United States tier_3 9 server-13-225-230-12.jfk51.r.cloudfront.net nan
13 54.84.27.165 Virginia Beach Virginia AS14618 Amazon.com, Inc. 23458 United States tier_2 58 ec2-54-84-27-165.compute-1.amazonaws.com nan
14 34.199.180.187 Virginia Beach Virginia AS14618 Amazon.com, Inc. 23458 United States tier_2 52 ec2-34-199-180-187.compute-1.amazonaws.com nan
15 209.205.202.42 New York City New York AS55081 24 SHELLS 10004 United States tier_2 46 static-42-202-205-209.24shells.net nan
16 209.205.202.43 New York City New York AS55081 24 SHELLS 10004 United States tier_2 46 static-43-202-205-209.24shells.net nan
17 35.162.164.74 Portland Oregon AS16509 Amazon.com, Inc. 97256 United States tier_2 46 ec2-35-162-164-74.us-west-2.compute.amazonaws.com nan
18 13.225.230.115 New York City New York AS16509 Amazon.com, Inc. 10004 United States tier_2 36 server-13-225-230-115.jfk51.r.cloudfront.net nan
19 198.54.112.216 San Jose California AS22612 Namecheap, Inc. 95103 United States tier_2 32 nan nan
20 204.79.197.200 Redmond Washington AS8068 Microsoft Corporation 98052 United States tier_3 38 a-0001.a-msedge.net True
21 100.37.135.2 New York City New York AS701 MCI Communications Services, Inc. d/b/a Verizon Business 10004 United States tier_3 33 pool-100-37-135-2.nycmny.fios.verizon.net nan
22 98.129.228.57 Dallas Texas AS33070 Rackspace Hosting 75270 United States tier_3 21 nan nan
23 104.18.78.149 San Francisco California AS13335 Cloudflare, Inc. 94107 United States tier_3 19 nan True
24 13.225.230.12 New York City New York AS16509 Amazon.com, Inc. 10004 United States tier_3 9 server-13-225-230-12.jfk51.r.cloudfront.net nan
25 104.18.82.149 San Francisco California AS13335 Cloudflare, Inc. 94107 United States tier_3 6 nan True
26 13.107.21.200 Redmond Washington AS8068 Microsoft Corporation 98052 United States tier_3 6 nan True
27 104.18.80.149 San Francisco California AS13335 Cloudflare, Inc. 94107 United States tier_3 6 nan True
28 13.225.230.57 New York City New York AS16509 Amazon.com, Inc. 10004 United States tier_3 5 server-13-225-230-57.jfk51.r.cloudfront.net nan
29 104.18.81.149 San Francisco California AS13335 Cloudflare, Inc. 94107 United States tier_3 5 nan True

Aggregated redirection graph of domains located on current IP address.

  • The redirection flows from left to right
  • Leftmost domains are initial domains hosted on current IP
  • Rightmost domains are final landing domains we were able to crawl

Screenshot of high-occurrence final landing domains

Have other ideas? / Want to subscribe to get threat intelligence report? / Contact

Zhouhan Chen, NYU Center for Data Science, zc1245@nyu.edu, Personal Website