Daily Threat Intelligence Report

This report contains following information

  1. Overall statistics
    1. Number of domains detected
    2. Number of domains detected by Google Safe Browsing
    3. IP address behind entry-level domains
    4. date of collection
  2. Top 10 domain statistics
    1. count (number of redirection paths that contain this domain)
    2. tier (1 is entry-level domain, 2 is intermediate hop, 3 is final landing domain)
    3. registar
    4. organization
  3. Top 10 IP statistics
    1. count
    2. location (city, country, region)
    3. hostname
    4. organization
  4. Consolidated redirection path
    1. green: tier one domain
    2. yellow: tier two domain
    3. red: tier three domain
num_domain num_links num_full_url num_safebrowsing_malicious num_vt_malicious date ip user_agent
0 149 150 813 0 10 2021-03-15 64.32.8.68 Android
tier domain count registrar name_servers org
0 tier_1 bugpoint.net 1 SNAPNAMES 42, LLC NS1.DNSNUTS.COM None
1 tier_1 albumkings.net 1 Snoqulamiedomains.com LLC NS1.DNSNUTS.COM None
2 tier_1 h-dougadb.net 1 SNAPNAMES 16, LLC NS1.DNSNUTS.COM None
3 tier_1 fcmexpert.net 1 Baracuda Domains, LLC NS1.DNSNUTS.COM None
4 tier_1 asb-sakray.net 1 Domain Name Root LLC NS1.DNSNUTS.COM None
5 tier_1 divxgay.net 1 SNAPNAMES 49, LLC NS1.DNSNUTS.COM None
6 tier_1 dconvert.net 1 SNAPNAMES 91, LLC NS1.DNSNUTS.COM None
7 tier_1 ava-producao.net 1 SNAPNAMES 45, LLC NS1.DNSNUTS.COM None
8 tier_1 dkca.net 1 Domain Name Origin, LLC NS1.DNSNUTS.COM None
9 tier_1 genuinagente.net 1 Name Find Source LLC NS1.DNSNUTS.COM None
10 tier_2 alfik-fik.com 73 Amazon Registrar, Inc. NS-1264.AWSDNS-30.ORG Whois Privacy Service
11 tier_2 track.vcdc.com 58 Key-Systems GmbH GUY.NS.CLOUDFLARE.COM c/o whoisproxy.com
12 tier_2 ads35.adtelligent.com 48 DANESCO TRADING LTD NS.ANYCASTNS1.ORG Vertamedia,LLC
13 tier_2 dsp35.adtelligent.com 48 DANESCO TRADING LTD NS.ANYCASTNS1.ORG Vertamedia,LLC
14 tier_2 aibm1.mysearch.space 48 None None None
15 tier_2 externals-1953518744.us-east-1.elb.amazonaws.com 48 MarkMonitor, Inc. R1.AMAZONAWS.COM Amazon.com, Inc.
16 tier_2 search.snjsearch.com 48 GoDaddy.com, LLC NS73.DOMAINCONTROL.COM Domains By Proxy, LLC
17 tier_2 search-checker.com 48 Name.com, Inc. BETH.NS.CLOUDFLARE.COM Domain Protection Services, Inc.
18 tier_2 m.onlineweb.mobi 48 GoDaddy.com, LLC None None
19 tier_2 btpnav.com 24 1API GmbH NS1.DNSIMPLE.COM Registrant of btpnav.com
20 tier_3 bing.com 48 MarkMonitor, Inc. DNS1.P09.NSONE.NET Microsoft Corporation
21 tier_3 storystudio.sfgate.com 12 CSC CORPORATE DOMAINS, INC. NS1.HEARSTNP.COM Hearst Communications, Inc.
22 tier_3 trktraf.club 4 NAMECHEAP INC dns1.registrar-servers.com WhoisGuard, Inc.
23 tier_3 win5.trustedpush.com 4 NAMECHEAP INC NS-1142.AWSDNS-14.ORG WhoisGuard, Inc.
24 tier_3 squirt.org 3 NAMECHEAP INC NS5.DNSMADEEASY.COM WhoisGuard, Inc.
25 tier_3 robogarden.io 3 GoDaddy.com, LLC BECKY.NS.CLOUDFLARE.COM None
26 tier_3 win3.trustedpush.com 3 NAMECHEAP INC NS-1142.AWSDNS-14.ORG WhoisGuard, Inc.
27 tier_3 m.placesiteb.xyz 2 Sav.comLLC HUGH.NS.CLOUDFLARE.COM Privacy Protection
28 tier_3 win2.trustedpush.com 2 NAMECHEAP INC NS-1142.AWSDNS-14.ORG WhoisGuard, Inc.
29 tier_3 win6.trustedpush.com 2 NAMECHEAP INC NS-1142.AWSDNS-14.ORG WhoisGuard, Inc.
ip city region org postal country_name tier count hostname anycast
0 185.107.56.59 Rotterdam South Holland AS43350 NForce Entertainment B.V. 3012 Netherlands tier_1 15 nan nan
1 64.32.8.70 Los Angeles California AS46844 Sharktech 90009 United States tier_1 15 customer.sharktech.net nan
2 64.32.8.67 Los Angeles California AS46844 Sharktech 90009 United States tier_1 15 customer.sharktech.net nan
3 185.107.56.57 Rotterdam South Holland AS43350 NForce Entertainment B.V. 3012 Netherlands tier_1 13 nan nan
4 64.32.8.68 Los Angeles California AS46844 Sharktech 90009 United States tier_1 11 customer.sharktech.net nan
5 185.107.56.60 Rotterdam South Holland AS43350 NForce Entertainment B.V. 3012 Netherlands tier_1 10 nan nan
6 64.32.8.69 Los Angeles California AS46844 Sharktech 90009 United States tier_1 7 customer.sharktech.net nan
7 185.107.56.58 Rotterdam South Holland AS43350 NForce Entertainment B.V. 3012 Netherlands tier_1 6 nan nan
8 167.233.8.197 N├╝rnberg Bavaria AS24940 Hetzner Online GmbH 90402 Germany tier_2 58 static.197.8.233.167.clients.your-server.de nan
9 209.205.202.42 New York City New York AS55081 24 SHELLS 10004 United States tier_2 48 static-42-202-205-209.24shells.net nan
10 209.205.202.43 New York City New York AS55081 24 SHELLS 10004 United States tier_2 48 static-43-202-205-209.24shells.net nan
11 35.162.164.74 Portland Oregon AS16509 Amazon.com, Inc. 97256 United States tier_2 48 ec2-35-162-164-74.us-west-2.compute.amazonaws.com nan
12 54.84.27.165 Virginia Beach Virginia AS14618 Amazon.com, Inc. 23458 United States tier_2 46 ec2-54-84-27-165.compute-1.amazonaws.com nan
13 34.200.146.95 Virginia Beach Virginia AS14618 Amazon.com, Inc. 23458 United States tier_2 44 ec2-34-200-146-95.compute-1.amazonaws.com nan
14 104.21.41.235 San Francisco California AS13335 Cloudflare, Inc. 94107 United States tier_2 43 nan True
15 192.241.228.85 San Francisco California AS14061 DigitalOcean, LLC 94124 United States tier_2 28 nan nan
16 13.225.230.57 New York City New York AS16509 Amazon.com, Inc. 10004 United States tier_3 2 server-13-225-230-57.jfk51.r.cloudfront.net nan
17 50.16.173.246 Virginia Beach Virginia AS14618 Amazon.com, Inc. 23458 United States tier_2 27 ec2-50-16-173-246.compute-1.amazonaws.com nan
18 204.79.197.200 Redmond Washington AS8068 Microsoft Corporation 98052 United States tier_3 32 nan True
19 13.107.21.200 Redmond Washington AS8068 Microsoft Corporation 98052 United States tier_3 16 nan True
20 98.129.228.57 Dallas Texas AS33070 Rackspace Hosting 75270 United States tier_3 12 nan nan
21 100.37.135.2 New York City New York AS701 MCI Communications Services, Inc. d/b/a Verizon Business 10004 United States tier_3 8 pool-100-37-135-2.nycmny.fios.verizon.net nan
22 104.248.224.185 North Bergen New Jersey AS14061 DigitalOcean, LLC 07047 United States tier_3 4 nan nan
23 158.106.84.60 Toronto Ontario AS23498 COGECODATA M5N Canada tier_3 3 register.squirt.org nan
24 104.18.80.149 San Francisco California AS13335 Cloudflare, Inc. 94107 United States tier_3 2 nan True
25 104.21.80.8 San Francisco California AS13335 Cloudflare, Inc. 94107 United States tier_3 2 nan True
26 13.225.230.12 New York City New York AS16509 Amazon.com, Inc. 10004 United States tier_3 2 server-13-225-230-12.jfk51.r.cloudfront.net nan
27 13.225.230.57 New York City New York AS16509 Amazon.com, Inc. 10004 United States tier_3 2 server-13-225-230-57.jfk51.r.cloudfront.net nan

Aggregated redirection graph of domains located on current IP address.

  • The redirection flows from left to right
  • Leftmost domains are initial domains hosted on current IP
  • Rightmost domains are final landing domains we were able to crawl

Screenshot of high-occurrence final landing domains

Have other ideas? / Want to subscribe to get threat intelligence report? / Contact

Zhouhan Chen, NYU Center for Data Science, zc1245@nyu.edu, Personal Website