Daily Threat Intelligence Report

This report contains following information

  1. Overall statistics
    1. Number of domains detected
    2. Number of domains detected by Google Safe Browsing
    3. IP address behind entry-level domains
    4. date of collection
  2. Top 10 domain statistics
    1. count (number of redirection paths that contain this domain)
    2. tier (1 is entry-level domain, 2 is intermediate hop, 3 is final landing domain)
    3. registar
    4. organization
  3. Top 10 IP statistics
    1. count
    2. location (city, country, region)
    3. hostname
    4. organization
  4. Consolidated redirection path
    1. green: tier one domain
    2. yellow: tier two domain
    3. red: tier three domain
num_domain num_links num_full_url num_safebrowsing_malicious num_vt_malicious date ip user_agent
0 128 124 449 0 68 2021-02-12 64.32.8.68 Android
tier domain count registrar name_servers org
0 tier_1 faststone.com 1 Media Elite Holdings Limited NS1.DNSNUTS.COM Fundacion Privacy Services LTD
1 tier_1 9ref.com 1 Lionshare Domains, LLC NS1.DNSNUTS.COM None
2 tier_1 crafthd.net 1 SNAPNAMES 42, LLC NS1.DNSNUTS.COM None
3 tier_1 elektrononline.net 1 Blue Angel Domains LLC NS1.DNSNUTS.COM None
4 tier_1 bagustekno.net 1 Zone of Domains LLC NS1.DNSNUTS.COM None
5 tier_1 alchemicalpsychology.com 1 SNAPNAMES 13, LLC NS1.DNSNUTS.COM None
6 tier_1 erojii.net 1 Dropcatch Landing Spot LLC NS1.DNSNUTS.COM None
7 tier_1 10dle.com 1 Free Drop Zone LLC NS1.DNSNUTS.COM None
8 tier_1 899or.com 1 Chipshot Domains LLC NS1.DNSNUTS.COM None
9 tier_1 babierus.com 1 NameSilo, LLC NS1.DNSNUTS.COM See PrivacyGuardian.org
10 tier_2 alfik-fik.com 28 Amazon Registrar, Inc. NS-1264.AWSDNS-30.ORG Whois Privacy Service
11 tier_2 track.vcdc.com 22 Key-Systems GmbH GUY.NS.CLOUDFLARE.COM c/o whoisproxy.com
12 tier_2 click.expmediadirect.com 18 None None None
13 tier_2 bradamante-per.com 18 Amazon Registrar, Inc. NS-1026.AWSDNS-00.ORG Whois Privacy Service
14 tier_2 api.apptap.com 17 Amazon Registrar, Inc. NS-1256.AWSDNS-29.ORG Whois Privacy Service
15 tier_2 api.mplayit.com 17 Amazon Registrar, Inc. NS-1236.AWSDNS-26.ORG Whois Privacy Service
16 tier_2 redirect.viglink.com 17 Amazon Registrar, Inc. NS1.VIGLINK.COM Whois Privacy Service
17 tier_2 link.sylikes.com 17 MarkMonitor, Inc. NS-1063.AWSDNS-04.ORG Connexity, Inc.
18 tier_2 dprtb.com 17 1API GmbH NS1.DNSIMPLE.COM REDACTED FOR PRIVACY
19 tier_2 btpnative.com 14 1API GmbH NS1.DNSIMPLE.COM Registrant of btpnative.com
20 tier_3 irl.com 21 GoDaddy.com, LLC NS-106.AWSDNS-13.COM Domains By Proxy, LLC
21 tier_3 win2.trustedpush.com 7 NAMECHEAP INC NS-1142.AWSDNS-14.ORG WhoisGuard, Inc.
22 tier_3 win3.trustedpush.com 4 NAMECHEAP INC NS-1142.AWSDNS-14.ORG WhoisGuard, Inc.
23 tier_3 play.google.com 4 MarkMonitor, Inc. NS1.GOOGLE.COM Google LLC
24 tier_3 rd.bizrate.com 4 None None None
25 tier_3 happymakesite.xyz 4 Epik LLC MARJORY.NS.CLOUDFLARE.COM Anonymize, Inc.
26 tier_3 venus.com 3 GoDaddy.com, LLC NS0.DNSMADEEASY.COM Venus Fashion, Inc.
27 tier_3 win1.trustedpush.com 3 None None None
28 tier_3 crutchfield.com 3 Domain.com, LLC NS1.CRUTCHFIELD.COM REDACTED FOR PRIVACY
29 tier_3 omahasteaks.com 3 CSC CORPORATE DOMAINS, INC. A1-3.AKAM.NET Omaha Steaks International, Inc.
ip city region org postal country_name tier count hostname anycast
0 185.107.56.57 Amsterdam North Holland AS43350 NForce Entertainment B.V. 1012 Netherlands tier_1 12 nan nan
1 64.32.8.70 Los Angeles California AS46844 Sharktech 90009 United States tier_1 10 customer.sharktech.net nan
2 185.107.56.59 Amsterdam North Holland AS43350 NForce Entertainment B.V. 1012 Netherlands tier_1 10 nan nan
3 185.107.56.60 Amsterdam North Holland AS43350 NForce Entertainment B.V. 1012 Netherlands tier_1 10 nan nan
4 64.32.8.69 Los Angeles California AS46844 Sharktech 90009 United States tier_1 9 customer.sharktech.net nan
5 64.32.8.67 Los Angeles California AS46844 Sharktech 90009 United States tier_1 9 customer.sharktech.net nan
6 64.32.8.68 Los Angeles California AS46844 Sharktech 90009 United States tier_1 7 customer.sharktech.net nan
7 185.107.56.58 Amsterdam North Holland AS43350 NForce Entertainment B.V. 1012 Netherlands tier_1 2 nan nan
8 209.15.13.136 Toronto Ontario AS13768 Aptum Technologies M5N Canada tier_2 35 nan nan
9 192.138.218.207 Seattle Washington AS14332 Connexity, Inc. 98111 United States tier_3 4 rd.bizrate.com nan
10 54.84.27.165 Virginia Beach Virginia AS14618 Amazon.com, Inc. 23452 United States tier_2 24 ec2-54-84-27-165.compute-1.amazonaws.com nan
11 34.200.146.95 Virginia Beach Virginia AS14618 Amazon.com, Inc. 23452 United States tier_2 23 ec2-34-200-146-95.compute-1.amazonaws.com nan
12 167.233.8.197 N├╝rnberg Bavaria AS24940 Hetzner Online GmbH 90402 Germany tier_2 22 static.197.8.233.167.clients.your-server.de nan
13 3.211.140.56 Virginia Beach Virginia AS14618 Amazon.com, Inc. 23452 United States tier_2 19 ec2-3-211-140-56.compute-1.amazonaws.com nan
14 198.134.116.30 New York City New York AS27257 Webair Internet Development Company Inc. 10013 United States tier_2 18 nan nan
15 173.192.101.24 Dallas Texas AS36351 SoftLayer Technologies Inc. 75270 United States tier_2 14 18.65.c0ad.ip4.static.sl-reverse.com nan
16 3.227.111.251 Virginia Beach Virginia AS14618 Amazon.com, Inc. 23452 United States tier_2 14 ec2-3-227-111-251.compute-1.amazonaws.com nan
17 34.199.180.187 Virginia Beach Virginia AS14618 Amazon.com, Inc. 23452 United States tier_2 14 ec2-34-199-180-187.compute-1.amazonaws.com nan
18 100.37.135.2 New York City New York AS701 MCI Communications Services, Inc. d/b/a Verizon Business 10004 United States tier_3 10 pool-100-37-135-2.nycmny.fios.verizon.net nan
19 104.248.63.248 North Bergen New Jersey AS14061 DigitalOcean, LLC 07047 United States tier_3 5 nan nan
20 162.243.166.170 North Bergen New Jersey AS14061 DigitalOcean, LLC 07047 United States tier_3 4 nan nan
21 192.138.218.207 Seattle Washington AS14332 Connexity, Inc. 98111 United States tier_3 4 rd.bizrate.com nan
22 23.208.43.71 Philadelphia Pennsylvania AS16625 Akamai Technologies, Inc. 19099 United States tier_3 3 a23-208-43-71.deploy.static.akamaitechnologies.com nan
23 205.196.12.74 Washington Washington, D.C. AS54391 Crutchfield New Media LLC 20045 United States tier_3 3 www.crutchfield.com nan
24 23.208.55.57 Philadelphia Pennsylvania AS16625 Akamai Technologies, Inc. 19099 United States tier_3 3 a23-208-55-57.deploy.static.akamaitechnologies.com nan
25 104.18.80.149 San Francisco California AS13335 Cloudflare, Inc. 94107 United States tier_3 3 nan True
26 172.217.6.206 Westbury New York AS15169 Google LLC 11590 United States tier_3 2 lga25s54-in-f206.1e100.net nan
27 158.106.84.60 Toronto Ontario AS23498 COGECODATA M5N Canada tier_3 2 desktop.squirt.org nan

Aggregated redirection graph of domains located on current IP address.

  • The redirection flows from left to right
  • Leftmost domains are initial domains hosted on current IP
  • Rightmost domains are final landing domains we were able to crawl

Screenshot of high-occurrence final landing domains

Have other ideas? / Want to subscribe to get threat intelligence report? / Contact

Zhouhan Chen, NYU Center for Data Science, zc1245@nyu.edu, Personal Website