Daily Threat Intelligence Report

This report contains following information

  1. Overall statistics
    1. Number of domains detected
    2. Number of domains detected by Google Safe Browsing
    3. IP address behind entry-level domains
    4. date of collection
  2. Top 10 domain statistics
    1. count (number of redirection paths that contain this domain)
    2. tier (1 is entry-level domain, 2 is intermediate hop, 3 is final landing domain)
    3. registar
    4. organization
  3. Top 10 IP statistics
    1. count
    2. location (city, country, region)
    3. hostname
    4. organization
  4. Consolidated redirection path
    1. green: tier one domain
    2. yellow: tier two domain
    3. red: tier three domain
num_domain num_links num_full_url num_safebrowsing_malicious num_vt_malicious date ip user_agent
0 193 197 623 0 50 2021-02-01 64.32.8.70 Chrome
tier domain count registrar name_servers org
0 tier_1 brasilonline.tv 1 Sterling Domains LLC NS1.DNSNUTS.COM None
1 tier_1 assistafilmes.net 1 Active Market Domains LLC NS1.DNSNUTS.COM None
2 tier_1 9ref.com 1 Lionshare Domains, LLC NS1.DNSNUTS.COM The Management Group II
3 tier_1 9novels.net 1 ! #1 Host Japan, Inc. NS1.DNSNUTS.COM The Management Group II
4 tier_1 aharonic.net 1 Gradeadomainnames.com LLC NS1.DNSNUTS.COM None
5 tier_1 alhasanah.net 1 Deep Dive Domains, LLC NS1.DNSNUTS.COM None
6 tier_1 alchemicalpsychology.com 1 enom1033, Inc. NS1.DNSNUTS.COM None
7 tier_1 deresute-japan.com 1 eNom423, Incorporated NS1.DNSNUTS.COM The Management Group II
8 tier_1 asb-sakray.net 1 Domain Name Root, LLC NS1.DNSNUTS.COM None
9 tier_1 digitaldartsco.com 1 eNomEU, Inc. NS1.DNSNUTS.COM None
10 tier_2 alfik-fik.com 72 Amazon Registrar, Inc. NS-1264.AWSDNS-30.ORG Whois Privacy Service
11 tier_2 track.vcdc.com 63 Key-Systems GmbH GUY.NS.CLOUDFLARE.COM c/o whoisproxy.com
12 tier_2 dsp2.adtelligent.com 40 DANESCO TRADING LTD NS.ANYCASTNS1.ORG Vertamedia,LLC
13 tier_2 search-checker.com 40 Name.com, Inc. BETH.NS.CLOUDFLARE.COM Domain Protection Services, Inc.
14 tier_2 find.storageservice-miror-files.com 40 GoDaddy.com, LLC DNS1.P09.NSONE.NET ClientConnect LTD
15 tier_2 abc3.feed-xml.com 18 DANESCO TRADING LTD NS.ANYCASTNS1.ORG DANESCO TRADING LTD.
16 tier_2 abc12.feed-xml.com 15 DANESCO TRADING LTD NS.ANYCASTNS1.ORG DANESCO TRADING LTD.
17 tier_2 dprtb.com 13 1API GmbH NS1.DNSIMPLE.COM REDACTED FOR PRIVACY
18 tier_2 bradamante-per.com 9 Amazon Registrar, Inc. NS-1026.AWSDNS-00.ORG Whois Privacy Service
19 tier_2 apinew.fpvideoplayer.com 6 NAMECHEAP INC NS-1200.AWSDNS-22.ORG WhoisGuard, Inc.
20 tier_3 bing.com 40 MarkMonitor, Inc. DNS1.P09.NSONE.NET Microsoft Corporation
21 tier_3 irl.com 25 GoDaddy.com, LLC NS-106.AWSDNS-13.COM Domains By Proxy, LLC
22 tier_3 searchfrequently.com 4 GoDaddy.com, LLC NEIL.NS.CLOUDFLARE.COM Domains By Proxy, LLC
23 tier_3 storeheavily-thequickfile.best 3 NAMECHEAP INC DNS1.REGISTRAR-SERVERS.COM WhoisGuard, Inc.
24 tier_3 storeswift-theheavilyfile.best 2 NAMECHEAP INC DNS1.REGISTRAR-SERVERS.COM WhoisGuard, Inc.
25 tier_3 kakxfhizhsksctknwlwifjqapnovyf.s3.amazonaws.com 2 MarkMonitor, Inc. R1.AMAZONAWS.COM Amazon.com, Inc.
26 tier_3 search-trends.co 2 GoDaddy.com, LLC ns2.giowm1237.siteground.biz Domains By Proxy, LLC
27 tier_3 wratzurijhgmseqjvihwkwccjoprxb.s3.amazonaws.com 2 None None None
28 tier_3 ww1.survey-smiles.com 2 Internet Domain Service BS Corp. NS1.WOMBATDNS.COM Whois Privacy Corp.
29 tier_3 il.betrivers.com 1 GoDaddy.com, LLC ERIN.NS.CLOUDFLARE.COM Rivers IP Holdings, LLC
ip hostname city region org postal country_name tier count anycast
0 64.32.8.70 customer.sharktech.net Los Angeles California AS46844 Sharktech 90009 United States tier_1 18 nan
1 64.32.8.68 customer.sharktech.net Los Angeles California AS46844 Sharktech 90009 United States tier_1 17 nan
2 185.107.56.60 nan Amsterdam North Holland AS43350 NForce Entertainment B.V. 1012 Netherlands tier_1 15 nan
3 64.32.8.69 customer.sharktech.net Los Angeles California AS46844 Sharktech 90009 United States tier_1 14 nan
4 64.32.8.67 customer.sharktech.net Los Angeles California AS46844 Sharktech 90009 United States tier_1 11 nan
5 185.107.56.57 nan Amsterdam North Holland AS43350 NForce Entertainment B.V. 1012 Netherlands tier_1 9 nan
6 185.107.56.58 nan Amsterdam North Holland AS43350 NForce Entertainment B.V. 1012 Netherlands tier_1 9 nan
7 185.107.56.59 nan Amsterdam North Holland AS43350 NForce Entertainment B.V. 1012 Netherlands tier_1 8 nan
8 167.233.8.197 static.197.8.233.167.clients.your-server.de Nürnberg Bavaria AS24940 Hetzner Online GmbH 90402 Germany tier_2 63 nan
9 54.84.27.165 ec2-54-84-27-165.compute-1.amazonaws.com Virginia Beach Virginia AS14618 Amazon.com, Inc. 23479 United States tier_2 41 nan
10 34.200.146.95 ec2-34-200-146-95.compute-1.amazonaws.com Virginia Beach Virginia AS14618 Amazon.com, Inc. 23479 United States tier_2 40 nan
11 185.239.174.10 nan London England AS55081 24 SHELLS EC1A United Kingdom tier_2 40 nan
12 104.21.90.227 nan San Francisco California AS13335 Cloudflare, Inc. 94107 United States tier_2 34 True
13 209.15.13.136 nan Toronto Ontario AS13768 Aptum Technologies M5N Canada tier_2 22 nan
14 192.119.9.82 nan New York City New York AS55081 24 SHELLS 10004 United States tier_2 18 nan
15 23.227.131.132 nan Newark New Jersey AS55081 24 SHELLS 07175 United States tier_2 15 nan
16 13.225.214.109 server-13-225-214-109.ewr50.r.cloudfront.net Newark New Jersey AS16509 Amazon.com, Inc. 07175 United States tier_2 12 nan
17 100.37.135.2 pool-100-37-135-2.nycmny.fios.verizon.net New York City New York AS701 MCI Communications Services, Inc. d/b/a Verizon Business 10004 United States tier_3 3 nan
18 131.253.33.200 a-0001.dc-msedge.net Redmond Washington AS8068 Microsoft Corporation 98052 United States tier_3 16 True
19 204.79.197.200 a-0001.a-msedge.net Redmond Washington AS8068 Microsoft Corporation 98052 United States tier_3 13 True
20 13.107.21.200 nan Redmond Washington AS8068 Microsoft Corporation 98052 United States tier_3 6 True
21 3.226.188.121 ec2-3-226-188-121.compute-1.amazonaws.com Virginia Beach Virginia AS14618 Amazon.com, Inc. 23479 United States tier_3 5 nan
22 13.107.22.200 nan Redmond Washington AS8068 Microsoft Corporation 98052 United States tier_3 5 True
23 13.56.125.91 ec2-13-56-125-91.us-west-1.compute.amazonaws.com Los Angeles California AS16509 Amazon.com, Inc. 90084 United States tier_3 4 nan
24 104.248.63.248 nan North Bergen New Jersey AS14061 DigitalOcean, LLC 07047 United States tier_3 3 nan
25 100.37.135.2 pool-100-37-135-2.nycmny.fios.verizon.net New York City New York AS701 MCI Communications Services, Inc. d/b/a Verizon Business 10004 United States tier_3 3 nan
26 13.57.64.34 ec2-13-57-64-34.us-west-1.compute.amazonaws.com Los Angeles California AS16509 Amazon.com, Inc. 90084 United States tier_3 3 nan
27 104.248.63.231 nan North Bergen New Jersey AS14061 DigitalOcean, LLC 07047 United States tier_3 3 nan

Aggregated redirection graph of domains located on current IP address.

  • The redirection flows from left to right
  • Leftmost domains are initial domains hosted on current IP
  • Rightmost domains are final landing domains we were able to crawl

Screenshot of high-occurrence final landing domains

Have other ideas? / Want to subscribe to get threat intelligence report? / Contact

Zhouhan Chen, NYU Center for Data Science, zc1245@nyu.edu, Personal Website