Daily Threat Intelligence Report

This report contains following information

  1. Overall statistics
    1. Number of domains detected
    2. Number of domains detected by Google Safe Browsing
    3. IP address behind entry-level domains
    4. date of collection
  2. Top 10 domain statistics
    1. count (number of redirection paths that contain this domain)
    2. tier (1 is entry-level domain, 2 is intermediate hop, 3 is final landing domain)
    3. registar
    4. organization
  3. Top 10 IP statistics
    1. count
    2. location (city, country, region)
    3. hostname
    4. organization
  4. Consolidated redirection path
    1. green: tier one domain
    2. yellow: tier two domain
    3. red: tier three domain
num_domainnum_linksnum_full_urlnum_safebrowsing_maliciousnum_vt_maliciousdateipuser_agent
0147147356102020-12-2264.32.8.68Chrome
tierdomaincountregistrarname_serversorg
0tier_1istanbulrestaurantbirmingham.net1Kingdomains, LLCNS1.DNSNUTS.COMNone
1tier_1aec-es.net1Blue Angel Domains LLCNS1.DNSNUTS.COMNone
2tier_1economictims.com1Domain Landing Zone LLCNS1.DNSNUTS.COMNone
3tier_1indiancag.org1Betterthanaveragedomains.com LLCNS1.DNSNUTS.COMThe Management Group II
4tier_1yoin.us1UdomainName.com LLCns2.dnsnuts.comNone
5tier_1likeviss.net1Aquarius Domains, LLCNS1.DNSNUTS.COMNone
6tier_1helyar.net1Name Connection Spot LLCNS1.DNSNUTS.COMNone
7tier_1dl4warez.com1NamePal.com #8013, LLCNS1.DNSNUTS.COMNone
8tier_1divxgay.net1SNAPNAMES 49, LLCNS1.DNSNUTS.COMNone
9tier_1ava-producao.net1SNAPNAMES 45, LLCNS1.DNSNUTS.COMNone
10tier_3us.tideri.com9united domains AGNS.UDAG.DENone
11tier_3us.sercanto.com9OVH, SASDNS20.OVH.NETWickedin s.r.l.
12tier_3track.vcdc.com6Key-Systems GmbHGUY.NS.CLOUDFLARE.COMc/o whoisproxy.com
13tier_3vpnprime.net5NAMECHEAP INCNS-1167.AWSDNS-17.ORGWhoisGuard, Inc.
14tier_3worldoftanks.ru5RU-CENTER-RUns1.wargaming.net.Wargaming.net Limited
15tier_3turbo-pdf.com4NAMECHEAP INCDNS1.REGISTRAR-SERVERS.COMWhoisGuard, Inc.
16tier_3il.betrivers.com3GoDaddy.com, LLCERIN.NS.CLOUDFLARE.COMRivers IP Holdings, LLC
17tier_3installoverlyswiftapplication.icu2NAMECHEAP INCDNS1.REGISTRAR-SERVERS.COMWhoisGuard, Inc.
18tier_3squirt.org2NAMECHEAP INCNS5.DNSMADEEASY.COMWhoisGuard, Inc.
19tier_3storeheavilystrongapplication.icu2NAMECHEAP INCDNS1.REGISTRAR-SERVERS.COMWhoisGuard, Inc.
20tier_2dprtb.com29GoDaddy.com, LLCNS1.DNSIMPLE.COMDomains By Proxy, LLC
21tier_21496.wcitianka.com24GoDaddy Online Services Cayman Islands LTDNS-1096.AWSDNS-09.ORGNone
22tier_2americanlisted.com23ilait ABNS1.TELECOM3.NETIntegration 3 Group AB
23tier_2track.vcdc.com11Key-Systems GmbHGUY.NS.CLOUDFLARE.COMc/o whoisproxy.com
24tier_2click.expmediadirect.com11NAMECHEAP INCNS1.LINODE.COMWhoisGuard, Inc.
25tier_2build.mediapicker.com9GoDaddy.com, LLCRAQUEL.NS.CLOUDFLARE.COMDomains By Proxy, LLC
26tier_2btpnative.com81API GmbHNS1.DNSIMPLE.COMRegistrant of btpnative.com
27tier_2euphe-gun.com8Amazon Registrar, Inc.NS-1325.AWSDNS-37.ORGWhois Privacy Service
28tier_2click.junmediadirect.com7NAMECHEAP INCNS1.LINODE.COMWhoisGuard, Inc.
29tier_2infopicked.com7NAMECHEAP INCNS0.DNSMADEEASY.COMWhoisGuard, Inc.
ipcityregionorgpostalcountry_nametiercounthostnameanycast
0207.244.67.218ManassasVirginiaAS30633 Leaseweb USA, Inc.20108United Statestier_118nannan
1207.244.67.216ManassasVirginiaAS30633 Leaseweb USA, Inc.20108United Statestier_113nannan
2207.244.67.214ManassasVirginiaAS30633 Leaseweb USA, Inc.20108United Statestier_111nannan
3207.244.67.215ManassasVirginiaAS30633 Leaseweb USA, Inc.20108United Statestier_19nannan
4185.107.56.60AmsterdamNorth HollandAS43350 NForce Entertainment B.V.1012Netherlandstier_15nannan
537.48.65.150AmsterdamNorth HollandAS60781 LeaseWeb Netherlands B.V.1012Netherlandstier_13nannan
637.48.65.151AmsterdamNorth HollandAS60781 LeaseWeb Netherlands B.V.1012Netherlandstier_13nannan
7185.107.56.57AmsterdamNorth HollandAS43350 NForce Entertainment B.V.1012Netherlandstier_12nannan
8185.107.56.58AmsterdamNorth HollandAS43350 NForce Entertainment B.V.1012Netherlandstier_12nannan
964.32.8.67Los AngelesCaliforniaAS46844 Sharktech90009United Statestier_11customer.sharktech.netnan
1035.246.171.123Frankfurt am MainHesseAS15169 Google LLC60311Germanytier_39123.171.246.35.bc.googleusercontent.comnan
1175.101.207.6Virginia BeachVirginiaAS14618 Amazon.com, Inc.23464United Statestier_38ec2-75-101-207-6.compute-1.amazonaws.comnan
12195.201.92.254NürnbergBavariaAS24940 Hetzner Online GmbH90402Germanytier_36static.254.92.201.195.clients.your-server.denan
1335.204.107.142GroningenGroningenAS15169 Google LLC9711Netherlandstier_25142.107.204.35.bc.googleusercontent.comnan
14178.128.246.195AmsterdamNorth HollandAS14061 DigitalOcean, LLC1012Netherlandstier_36nannan
1592.223.21.73LuxembourgLuxembourgAS199524 G-Core Labs S.A.L-1882Luxembourgtier_35ed-sl-b73.fe.core.pwnan
1634.90.160.43GroningenGroningenAS15169 Google LLC9711Netherlandstier_3343.160.90.34.bc.googleusercontent.comnan
17104.19.235.106San FranciscoCaliforniaAS13335 Cloudflare, Inc.94107United Statestier_33nanTrue
1813.225.210.79NewarkNew JerseyAS16509 Amazon.com, Inc.07175United Statestier_32server-13-225-210-79.ewr50.r.cloudfront.netnan
19158.106.84.60TorontoOntarioAS23498 COGECODATAM5NCanadatier_32www.squirtmail.comnan
20209.15.13.136TorontoOntarioAS13768 Aptum TechnologiesM5NCanadatier_237nannan
21198.54.112.216San JoseCaliforniaAS22612 Namecheap, Inc.95103United Statestier_224nannan
2235.209.61.240Council BluffsIowaAS15169 Google LLC51502United Statestier_223240.61.209.35.bc.googleusercontent.comnan
23198.134.116.30New York CityNew YorkAS27257 Webair Internet Development Company Inc.10013United Statestier_211nannan
24173.239.53.32New York CityNew YorkAS27257 Webair Internet Development Company Inc.10013United Statestier_210nannan
2518.210.49.168Virginia BeachVirginiaAS14618 Amazon.com, Inc.23464United Statestier_29ec2-18-210-49-168.compute-1.amazonaws.comnan
26173.192.101.24DallasTexasAS36351 SoftLayer Technologies Inc.75270United Statestier_2818.65.c0ad.ip4.static.sl-reverse.comnan
27198.134.116.18New York CityNew YorkAS27257 Webair Internet Development Company Inc.10013United Statestier_27nannan
28144.76.1.130NürnbergBavariaAS24940 Hetzner Online GmbH90402Germanytier_25static.130.1.76.144.clients.your-server.denan
2935.204.107.142GroningenGroningenAS15169 Google LLC9711Netherlandstier_25142.107.204.35.bc.googleusercontent.comnan

Have other ideas? / Want to subscribe to get threat intelligence report? / Contact

Zhouhan Chen, NYU Center for Data Science, zc1245@nyu.edu, Personal Website