Daily Threat Intelligence Report

This report contains following information

  1. Overall statistics
    1. Number of domains detected
    2. Number of domains detected by Google Safe Browsing
    3. IP address behind entry-level domains
    4. date of collection
  2. Top 10 domain statistics
    1. count (number of redirection paths that contain this domain)
    2. tier (1 is entry-level domain, 2 is intermediate hop, 3 is final landing domain)
    3. registar
    4. organization
  3. Top 10 IP statistics
    1. count
    2. location (city, country, region)
    3. hostname
    4. organization
  4. Consolidated redirection path
    1. green: tier one domain
    2. yellow: tier two domain
    3. red: tier three domain
num_domain num_links num_full_url num_safebrowsing_malicious num_vt_malicious date ip user_agent
0 257 257 1112 0 139 2021-04-01 37.48.65.149 Android
tier domain count registrar name_servers org
0 tier_1 helloboss.in 1 Dynadot LLC ns1.commonmx.com None
1 tier_1 drehscheibe-deutschland.de 1 None None None
2 tier_1 fotospornocaseras.net 1 SNAPNAMES 81, LLC NS1.COMMONMX.COM None
3 tier_1 bbffs.com 1 Long Drive Domains LLC NS1.COMMONMX.COM None
4 tier_1 aurbataao.com 1 None None None
5 tier_1 gidporno.com 1 None None None
6 tier_1 airtemail.in 1 Dynadot LLC ns1.commonmx.com None
7 tier_1 katrill.com 1 None None None
8 tier_1 genesisblogs.com 1 GoDaddy.com, LLC NS1.COMMONMX.COM None
9 tier_1 mainerailtransit.org 1 Deschutesdomains.com LLC NS1.COMMONMX.COM None
10 tier_2 1496.wcitianka.com 183 GoDaddy Online Services Cayman Islands LTD NS-1096.AWSDNS-09.ORG None
11 tier_2 americanlisted.com 182 ilait AB NS1.TELECOM3.NET Integration 3 Group AB
12 tier_2 9nl.es 80 None None None
13 tier_2 newre-conversions.clickmeter.com 80 REGISTER S.P.A. NS-1498.AWSDNS-59.ORG REDACTED FOR PRIVACY
14 tier_2 ring.joveo.com 80 Go Canada Domains, LLC NS-1256.AWSDNS-29.ORG Domains By Proxy, LLC
15 tier_2 turibius-hra.com 20 Amazon Registrar, Inc. NS-1142.AWSDNS-14.ORG Whois Privacy Service
16 tier_2 btpnav.com 11 1API GmbH NS1.DNSIMPLE.COM Registrant of btpnav.com
17 tier_2 rd.bizrate.com 6 MarkMonitor, Inc. NS-1189.AWSDNS-20.ORG Meredith Corporation
18 tier_2 noclick.connexity.com 5 MarkMonitor Inc. NS-1235.AWSDNS-26.ORG None
19 tier_2 rd.connexity.net 5 None None None
20 tier_3 google.com 102 MarkMonitor, Inc. NS1.GOOGLE.COM Google LLC
21 tier_3 signup.surveyvoices.com 80 GoDaddy.com, LLC ALEXIS.NS.CLOUDFLARE.COM None
22 tier_3 storystudio.sfgate.com 6 CSC CORPORATE DOMAINS, INC. NS1.HEARSTNP.COM Hearst Communications, Inc.
23 tier_3 wayfair.com 5 MarkMonitor, Inc. A1-100.AKAM.NET Wayfair, LLC
24 tier_3 m.placesiteb.xyz 3 Sav.comLLC HUGH.NS.CLOUDFLARE.COM Privacy Protection
25 tier_3 htvnativeadsolutions.com 3 CSC CORPORATE DOMAINS, INC. NS1.HEARSTNP.COM Hearst Television Inc.
26 tier_3 win4.trustedpush.com 1 NAMECHEAP INC NS-1142.AWSDNS-14.ORG Privacy service provided by Withheld for Privacy ehf
27 tier_3 theory.com 1 CSC CORPORATE DOMAINS, INC. NS0.DNSMADEEASY.COM Theory LLC
28 tier_3 americanlisted.com 1 ilait AB NS1.TELECOM3.NET Integration 3 Group AB
29 tier_3 bing.com 1 MarkMonitor, Inc. DNS1.P09.NSONE.NET Microsoft Corporation
ip city region org postal country_name tier count hostname anycast
0 207.244.67.216 Revere Massachusetts AS30633 Leaseweb USA, Inc. 02151 United States tier_1 31 nan nan
1 207.244.67.214 Revere Massachusetts AS30633 Leaseweb USA, Inc. 02151 United States tier_1 30 nan nan
2 207.244.67.215 Revere Massachusetts AS30633 Leaseweb USA, Inc. 02151 United States tier_1 28 nan nan
3 207.244.67.218 Revere Massachusetts AS30633 Leaseweb USA, Inc. 02151 United States tier_1 22 nan nan
4 104.243.45.190 New York City New York AS23470 ReliableSite.Net LLC 10004 United States tier_1 15 nan nan
5 104.243.45.178 New York City New York AS23470 ReliableSite.Net LLC 10004 United States tier_1 14 nan nan
6 206.221.176.184 New York City New York AS23470 ReliableSite.Net LLC 10004 United States tier_1 10 nan nan
7 104.243.45.179 New York City New York AS23470 ReliableSite.Net LLC 10004 United States tier_1 7 nan nan
8 82.192.82.225 Amsterdam North Holland AS60781 LeaseWeb Netherlands B.V. 1012 Netherlands tier_1 5 nan nan
9 37.48.65.148 Soest Utrecht AS60781 LeaseWeb Netherlands B.V. 3765 Netherlands tier_1 5 nan nan
10 198.54.112.216 San Jose California AS22612 Namecheap, Inc. 95103 United States tier_2 183 nan nan
11 35.209.61.240 Council Bluffs Iowa AS15169 Google LLC 51502 United States tier_2 182 240.61.209.35.bc.googleusercontent.com nan
12 23.21.166.230 Ashburn Virginia AS14618 Amazon.com, Inc. 20149 United States tier_2 45 ec2-23-21-166-230.compute-1.amazonaws.com nan
13 23.21.53.13 Ashburn Virginia AS14618 Amazon.com, Inc. 20149 United States tier_2 43 ec2-23-21-53-13.compute-1.amazonaws.com nan
14 54.235.205.204 Ashburn Virginia AS14618 Amazon.com, Inc. 20149 United States tier_2 37 ec2-54-235-205-204.compute-1.amazonaws.com nan
15 54.197.247.190 Ashburn Virginia AS14618 Amazon.com, Inc. 20149 United States tier_2 35 ec2-54-197-247-190.compute-1.amazonaws.com nan
16 13.225.230.122 New York City New York AS16509 Amazon.com, Inc. 10004 United States tier_2 23 server-13-225-230-122.jfk51.r.cloudfront.net nan
17 13.225.230.105 New York City New York AS16509 Amazon.com, Inc. 10004 United States tier_2 23 server-13-225-230-105.jfk51.r.cloudfront.net nan
18 13.225.230.128 New York City New York AS16509 Amazon.com, Inc. 10004 United States tier_2 19 server-13-225-230-128.jfk51.r.cloudfront.net nan
19 13.225.230.11 New York City New York AS16509 Amazon.com, Inc. 10004 United States tier_2 15 server-13-225-230-11.jfk51.r.cloudfront.net nan
20 104.21.71.177 San Francisco California AS13335 Cloudflare, Inc. 94107 United States tier_3 47 nan True
21 172.67.147.244 San Francisco California AS13335 Cloudflare, Inc. 94107 United States tier_3 33 nan True
22 172.217.165.132 New York City New York AS15169 Google LLC 10004 United States tier_3 21 lga25s70-in-f4.1e100.net nan
23 172.217.3.100 Westbury New York AS15169 Google LLC 11590 United States tier_3 19 lga34s18-in-f4.1e100.net nan
24 142.250.64.68 Mountain View California AS15169 Google LLC 94043 United States tier_3 19 lga34s30-in-f4.1e100.net nan
25 142.250.64.100 Mountain View California AS15169 Google LLC 94043 United States tier_3 13 lga34s31-in-f4.1e100.net nan
26 142.250.80.4 New York City New York AS15169 Google LLC 10004 United States tier_3 11 lga34s33-in-f4.1e100.net nan
27 172.217.10.100 Clifton New Jersey AS15169 Google LLC 07015 United States tier_3 11 lga34s15-in-f4.1e100.net nan
28 172.217.9.228 Clifton New Jersey AS15169 Google LLC 07015 United States tier_3 8 lga34s11-in-f4.1e100.net nan
29 98.129.228.57 Dallas Texas AS33070 Rackspace Hosting 75270 United States tier_3 6 nan nan

Aggregated redirection graph of domains located on current IP address.

  • The redirection flows from left to right
  • Leftmost domains are initial domains hosted on current IP
  • Rightmost domains are final landing domains we were able to crawl

Screenshot of high-occurrence final landing domains

Have other ideas? / Want to subscribe to get threat intelligence report? / Contact

Zhouhan Chen, NYU Center for Data Science, zc1245@nyu.edu, Personal Website