Daily Threat Intelligence Report

This report contains following information

  1. Overall statistics
    1. Number of domains detected
    2. Number of domains detected by Google Safe Browsing
    3. IP address behind entry-level domains
    4. date of collection
  2. Top 10 domain statistics
    1. count (number of redirection paths that contain this domain)
    2. tier (1 is entry-level domain, 2 is intermediate hop, 3 is final landing domain)
    3. registar
    4. organization
  3. Top 10 IP statistics
    1. count
    2. location (city, country, region)
    3. hostname
    4. organization
  4. Consolidated redirection path
    1. green: tier one domain
    2. yellow: tier two domain
    3. red: tier three domain
num_domain num_links num_full_url num_safebrowsing_malicious num_vt_malicious date ip user_agent
0 145 142 507 0 29 2021-02-08 64.32.8.70 Android
tier domain count registrar name_servers org
0 tier_1 bugpoint.net 1 eNom413, Incorporated NS1.DNSNUTS.COM None
1 tier_1 animehentaitube.net 1 Heavydomains.net LLC NS1.DNSNUTS.COM None
2 tier_1 economictims.com 1 Domain Landing Zone LLC NS1.DNSNUTS.COM None
3 tier_1 alhasanah.net 1 Deep Dive Domains, LLC NS1.DNSNUTS.COM None
4 tier_1 dxnewradio.com 1 Aquila Domains LLC NS1.DNSNUTS.COM None
5 tier_1 aj01.net 1 Atomicdomainnames.com LLC NS1.DNSNUTS.COM The Management Group II
6 tier_1 almanarschool.net 1 AtlanticFriendNames.com LLC NS1.DNSNUTS.COM None
7 tier_1 advancetools.net 1 DomainSprouts.com LLC NS1.DNSNUTS.COM None
8 tier_1 eelfie.com 1 eNom419, Incorporated NS1.DNSNUTS.COM None
9 tier_1 being-bianca.com 1 Gozerdomains.com LLC NS1.DNSNUTS.COM The Management Group II
10 tier_2 alfik-fik.com 81 Amazon Registrar, Inc. NS-1264.AWSDNS-30.ORG Whois Privacy Service
11 tier_2 track.vcdc.com 69 Key-Systems GmbH GUY.NS.CLOUDFLARE.COM c/o whoisproxy.com
12 tier_2 atnpx.com 55 GoDaddy.com, LLC BECKY.NS.CLOUDFLARE.COM Domains By Proxy, LLC
13 tier_2 media-px.com 14 GoDaddy.com, LLC BECKY.NS.CLOUDFLARE.COM Domains By Proxy, LLC
14 tier_2 servedby.flashtalking.com 14 MESH DIGITAL LIMITED NS1.P09.DYNECT.NET Flashtalking, Inc.
15 tier_2 dprtb.com 10 1API GmbH NS1.DNSIMPLE.COM REDACTED FOR PRIVACY
16 tier_2 ad.doubleclick.net 7 MarkMonitor, Inc. NS1.GOOGLE.COM Google Inc.
17 tier_2 timply-powidered.com 5 Amazon Registrar, Inc. NS-1421.AWSDNS-49.ORG Whois Privacy Service
18 tier_2 click.expmediadirect.com 5 NAMECHEAP INC NS1.LINODE.COM WhoisGuard, Inc.
19 tier_2 rtbstream.com 3 1API GmbH NS1.DNSIMPLE.COM Registrant of rtbstream.com
20 tier_3 kbb.com 52 CSC CORPORATE DOMAINS, INC. PDNS164.ULTRADNS.BIZ Autotrader.com
21 tier_3 socalhondadealers.com 14 DREAMHOST NS1.DREAMHOST.COM Proxy Protection LLC
22 tier_3 dprtb.com 7 1API GmbH NS1.DNSIMPLE.COM REDACTED FOR PRIVACY
23 tier_3 rtbstream.com 6 1API GmbH NS1.DNSIMPLE.COM Registrant of rtbstream.com
24 tier_3 squirt.org 5 NAMECHEAP INC NS5.DNSMADEEASY.COM WhoisGuard, Inc.
25 tier_3 storystudio.sfgate.com 3 CSC CORPORATE DOMAINS, INC. NS1.HEARSTNP.COM Hearst Communications, Inc.
26 tier_3 btpnative.com 3 1API GmbH NS1.DNSIMPLE.COM Registrant of btpnative.com
27 tier_3 robogarden.io 3 GoDaddy.com, LLC BECKY.NS.CLOUDFLARE.COM None
28 tier_3 searchfrequently.com 2 GoDaddy.com, LLC NEIL.NS.CLOUDFLARE.COM Domains By Proxy, LLC
29 tier_3 b.delightcmain.xyz 2 Epik LLC MARJORY.NS.CLOUDFLARE.COM Anonymize, Inc.
ip city region org postal country_name tier count hostname anycast
0 185.107.56.60 Amsterdam North Holland AS43350 NForce Entertainment B.V. 1012 Netherlands tier_1 19 nan nan
1 64.32.8.68 Los Angeles California AS46844 Sharktech 90009 United States tier_1 18 customer.sharktech.net nan
2 64.32.8.69 Los Angeles California AS46844 Sharktech 90009 United States tier_1 16 customer.sharktech.net nan
3 185.107.56.59 Amsterdam North Holland AS43350 NForce Entertainment B.V. 1012 Netherlands tier_1 13 nan nan
4 64.32.8.67 Los Angeles California AS46844 Sharktech 90009 United States tier_1 12 customer.sharktech.net nan
5 64.32.8.70 Los Angeles California AS46844 Sharktech 90009 United States tier_1 11 customer.sharktech.net nan
6 185.107.56.57 Amsterdam North Holland AS43350 NForce Entertainment B.V. 1012 Netherlands tier_1 10 nan nan
7 185.107.56.58 Amsterdam North Holland AS43350 NForce Entertainment B.V. 1012 Netherlands tier_1 6 nan nan
8 167.233.8.197 N├╝rnberg Bavaria AS24940 Hetzner Online GmbH 90402 Germany tier_2 69 static.197.8.233.167.clients.your-server.de nan
9 34.200.146.95 Virginia Beach Virginia AS14618 Amazon.com, Inc. 23452 United States tier_2 43 ec2-34-200-146-95.compute-1.amazonaws.com nan
10 104.26.11.53 San Francisco California AS13335 Cloudflare, Inc. 94107 United States tier_2 38 nan True
11 54.84.27.165 Virginia Beach Virginia AS14618 Amazon.com, Inc. 23452 United States tier_2 38 ec2-54-84-27-165.compute-1.amazonaws.com nan
12 209.15.13.136 Toronto Ontario AS13768 Aptum Technologies M5N Canada tier_3 16 nan nan
13 205.185.216.42 Dallas Texas AS20446 Highwinds Network Group, Inc. 75201 United States tier_2 11 map2.hwcdn.net True
14 104.26.10.53 San Francisco California AS13335 Cloudflare, Inc. 94107 United States tier_2 10 nan True
15 172.67.74.77 San Francisco California AS13335 Cloudflare, Inc. 94107 United States tier_2 7 nan True
16 172.67.134.220 San Francisco California AS13335 Cloudflare, Inc. 94107 United States tier_2 7 nan True
17 104.21.6.127 San Francisco California AS13335 Cloudflare, Inc. 94107 United States tier_2 7 nan True
18 23.44.217.143 Newark New Jersey AS16625 Akamai Technologies, Inc. 07175 United States tier_3 52 a23-44-217-143.deploy.static.akamaitechnologies.com nan
19 209.15.13.136 Toronto Ontario AS13768 Aptum Technologies M5N Canada tier_3 16 nan nan
20 35.174.35.73 Virginia Beach Virginia AS14618 Amazon.com, Inc. 23452 United States tier_3 8 ec2-35-174-35-73.compute-1.amazonaws.com nan
21 34.207.4.240 Virginia Beach Virginia AS14618 Amazon.com, Inc. 23452 United States tier_3 6 ec2-34-207-4-240.compute-1.amazonaws.com nan
22 158.106.84.60 Toronto Ontario AS23498 COGECODATA M5N Canada tier_3 5 desktop.squirt.org nan
23 98.129.228.57 Dallas Texas AS33070 Rackspace Hosting 75270 United States tier_3 3 nan nan
24 172.67.138.156 San Francisco California AS13335 Cloudflare, Inc. 94107 United States tier_3 2 nan True
25 104.18.78.149 San Francisco California AS13335 Cloudflare, Inc. 94107 United States tier_3 2 nan True
26 104.21.80.8 San Francisco California AS13335 Cloudflare, Inc. 94107 United States tier_3 2 nan True
27 192.138.218.207 Seattle Washington AS14332 Connexity, Inc. 98111 United States tier_3 2 rd.bizrate.com nan

Aggregated redirection graph of domains located on current IP address.

  • The redirection flows from left to right
  • Leftmost domains are initial domains hosted on current IP
  • Rightmost domains are final landing domains we were able to crawl

Screenshot of high-occurrence final landing domains

Have other ideas? / Want to subscribe to get threat intelligence report? / Contact

Zhouhan Chen, NYU Center for Data Science, zc1245@nyu.edu, Personal Website