Daily Threat Intelligence Report

This report contains following information

  1. Overall statistics
    1. Number of domains detected
    2. Number of domains detected by Google Safe Browsing
    3. IP address behind entry-level domains
    4. date of collection
  2. Top 10 domain statistics
    1. count (number of redirection paths that contain this domain)
    2. tier (1 is entry-level domain, 2 is intermediate hop, 3 is final landing domain)
    3. registar
    4. organization
  3. Top 10 IP statistics
    1. count
    2. location (city, country, region)
    3. hostname
    4. organization
  4. Consolidated redirection path
    1. green: tier one domain
    2. yellow: tier two domain
    3. red: tier three domain
num_domainnum_linksnum_full_urlnum_safebrowsing_maliciousnum_vt_maliciousdateipuser_agent
01281244490682021-02-1264.32.8.68Android
tierdomaincountregistrarname_serversorg
0tier_1faststone.com1Media Elite Holdings LimitedNS1.DNSNUTS.COMFundacion Privacy Services LTD
1tier_19ref.com1Lionshare Domains, LLCNS1.DNSNUTS.COMNone
2tier_1crafthd.net1SNAPNAMES 42, LLCNS1.DNSNUTS.COMNone
3tier_1elektrononline.net1Blue Angel Domains LLCNS1.DNSNUTS.COMNone
4tier_1bagustekno.net1Zone of Domains LLCNS1.DNSNUTS.COMNone
5tier_1alchemicalpsychology.com1SNAPNAMES 13, LLCNS1.DNSNUTS.COMNone
6tier_1erojii.net1Dropcatch Landing Spot LLCNS1.DNSNUTS.COMNone
7tier_110dle.com1Free Drop Zone LLCNS1.DNSNUTS.COMNone
8tier_1899or.com1Chipshot Domains LLCNS1.DNSNUTS.COMNone
9tier_1babierus.com1NameSilo, LLCNS1.DNSNUTS.COMSee PrivacyGuardian.org
10tier_2alfik-fik.com28Amazon Registrar, Inc.NS-1264.AWSDNS-30.ORGWhois Privacy Service
11tier_2track.vcdc.com22Key-Systems GmbHGUY.NS.CLOUDFLARE.COMc/o whoisproxy.com
12tier_2click.expmediadirect.com18NoneNoneNone
13tier_2bradamante-per.com18Amazon Registrar, Inc.NS-1026.AWSDNS-00.ORGWhois Privacy Service
14tier_2api.apptap.com17Amazon Registrar, Inc.NS-1256.AWSDNS-29.ORGWhois Privacy Service
15tier_2api.mplayit.com17Amazon Registrar, Inc.NS-1236.AWSDNS-26.ORGWhois Privacy Service
16tier_2redirect.viglink.com17Amazon Registrar, Inc.NS1.VIGLINK.COMWhois Privacy Service
17tier_2link.sylikes.com17MarkMonitor, Inc.NS-1063.AWSDNS-04.ORGConnexity, Inc.
18tier_2dprtb.com171API GmbHNS1.DNSIMPLE.COMREDACTED FOR PRIVACY
19tier_2btpnative.com141API GmbHNS1.DNSIMPLE.COMRegistrant of btpnative.com
20tier_3irl.com21GoDaddy.com, LLCNS-106.AWSDNS-13.COMDomains By Proxy, LLC
21tier_3win2.trustedpush.com7NAMECHEAP INCNS-1142.AWSDNS-14.ORGWhoisGuard, Inc.
22tier_3win3.trustedpush.com4NAMECHEAP INCNS-1142.AWSDNS-14.ORGWhoisGuard, Inc.
23tier_3play.google.com4MarkMonitor, Inc.NS1.GOOGLE.COMGoogle LLC
24tier_3rd.bizrate.com4NoneNoneNone
25tier_3happymakesite.xyz4Epik LLCMARJORY.NS.CLOUDFLARE.COMAnonymize, Inc.
26tier_3venus.com3GoDaddy.com, LLCNS0.DNSMADEEASY.COMVenus Fashion, Inc.
27tier_3win1.trustedpush.com3NoneNoneNone
28tier_3crutchfield.com3Domain.com, LLCNS1.CRUTCHFIELD.COMREDACTED FOR PRIVACY
29tier_3omahasteaks.com3CSC CORPORATE DOMAINS, INC.A1-3.AKAM.NETOmaha Steaks International, Inc.
ipcityregionorgpostalcountry_nametiercounthostnameanycast
0185.107.56.57AmsterdamNorth HollandAS43350 NForce Entertainment B.V.1012Netherlandstier_112nannan
164.32.8.70Los AngelesCaliforniaAS46844 Sharktech90009United Statestier_110customer.sharktech.netnan
2185.107.56.59AmsterdamNorth HollandAS43350 NForce Entertainment B.V.1012Netherlandstier_110nannan
3185.107.56.60AmsterdamNorth HollandAS43350 NForce Entertainment B.V.1012Netherlandstier_110nannan
464.32.8.69Los AngelesCaliforniaAS46844 Sharktech90009United Statestier_19customer.sharktech.netnan
564.32.8.67Los AngelesCaliforniaAS46844 Sharktech90009United Statestier_19customer.sharktech.netnan
664.32.8.68Los AngelesCaliforniaAS46844 Sharktech90009United Statestier_17customer.sharktech.netnan
7185.107.56.58AmsterdamNorth HollandAS43350 NForce Entertainment B.V.1012Netherlandstier_12nannan
8209.15.13.136TorontoOntarioAS13768 Aptum TechnologiesM5NCanadatier_235nannan
9192.138.218.207SeattleWashingtonAS14332 Connexity, Inc.98111United Statestier_34rd.bizrate.comnan
1054.84.27.165Virginia BeachVirginiaAS14618 Amazon.com, Inc.23452United Statestier_224ec2-54-84-27-165.compute-1.amazonaws.comnan
1134.200.146.95Virginia BeachVirginiaAS14618 Amazon.com, Inc.23452United Statestier_223ec2-34-200-146-95.compute-1.amazonaws.comnan
12167.233.8.197NürnbergBavariaAS24940 Hetzner Online GmbH90402Germanytier_222static.197.8.233.167.clients.your-server.denan
133.211.140.56Virginia BeachVirginiaAS14618 Amazon.com, Inc.23452United Statestier_219ec2-3-211-140-56.compute-1.amazonaws.comnan
14198.134.116.30New York CityNew YorkAS27257 Webair Internet Development Company Inc.10013United Statestier_218nannan
15173.192.101.24DallasTexasAS36351 SoftLayer Technologies Inc.75270United Statestier_21418.65.c0ad.ip4.static.sl-reverse.comnan
163.227.111.251Virginia BeachVirginiaAS14618 Amazon.com, Inc.23452United Statestier_214ec2-3-227-111-251.compute-1.amazonaws.comnan
1734.199.180.187Virginia BeachVirginiaAS14618 Amazon.com, Inc.23452United Statestier_214ec2-34-199-180-187.compute-1.amazonaws.comnan
18100.37.135.2New York CityNew YorkAS701 MCI Communications Services, Inc. d/b/a Verizon Business10004United Statestier_310pool-100-37-135-2.nycmny.fios.verizon.netnan
19104.248.63.248North BergenNew JerseyAS14061 DigitalOcean, LLC07047United Statestier_35nannan
20162.243.166.170North BergenNew JerseyAS14061 DigitalOcean, LLC07047United Statestier_34nannan
21192.138.218.207SeattleWashingtonAS14332 Connexity, Inc.98111United Statestier_34rd.bizrate.comnan
2223.208.43.71PhiladelphiaPennsylvaniaAS16625 Akamai Technologies, Inc.19099United Statestier_33a23-208-43-71.deploy.static.akamaitechnologies.comnan
23205.196.12.74WashingtonWashington, D.C.AS54391 Crutchfield New Media LLC20045United Statestier_33www.crutchfield.comnan
2423.208.55.57PhiladelphiaPennsylvaniaAS16625 Akamai Technologies, Inc.19099United Statestier_33a23-208-55-57.deploy.static.akamaitechnologies.comnan
25104.18.80.149San FranciscoCaliforniaAS13335 Cloudflare, Inc.94107United Statestier_33nanTrue
26172.217.6.206WestburyNew YorkAS15169 Google LLC11590United Statestier_32lga25s54-in-f206.1e100.netnan
27158.106.84.60TorontoOntarioAS23498 COGECODATAM5NCanadatier_32desktop.squirt.orgnan

Aggregated redirection graph of domains located on current IP address.

  • The redirection flows from left to right
  • Leftmost domains are initial domains hosted on current IP
  • Rightmost domains are final landing domains we were able to crawl

Screenshot of high-occurrence final landing domains

Have other ideas? / Want to subscribe to get threat intelligence report? / Contact

Zhouhan Chen, NYU Center for Data Science, zc1245@nyu.edu, Personal Website