Daily Threat Intelligence Report

This report contains following information

  1. Overall statistics
    1. Number of domains detected
    2. Number of domains detected by Google Safe Browsing
    3. IP address behind entry-level domains
    4. date of collection
  2. Top 10 domain statistics
    1. count (number of redirection paths that contain this domain)
    2. tier (1 is entry-level domain, 2 is intermediate hop, 3 is final landing domain)
    3. registar
    4. organization
  3. Top 10 IP statistics
    1. count
    2. location (city, country, region)
    3. hostname
    4. organization
  4. Consolidated redirection path
    1. green: tier one domain
    2. yellow: tier two domain
    3. red: tier three domain
num_domain num_links num_full_url num_safebrowsing_malicious num_vt_malicious date ip user_agent
0 163 165 633 0 121 2021-02-26 64.32.8.70 Android
tier domain count registrar name_servers org
0 tier_1 bugpoint.net 1 SNAPNAMES 42, LLC NS1.DNSNUTS.COM None
1 tier_1 drmommyonline.com 1 DevilDogDomains.com, LLC NS1.DNSNUTS.COM None
2 tier_1 dakmm.com 1 Private Domains, LLC NS1.DNSNUTS.COM None
3 tier_1 feby.net 1 NamePal.com #8024, LLC NS1.DNSNUTS.COM None
4 tier_1 18land.net 1 DuckbilledDomains.com LLC NS1.DNSNUTS.COM None
5 tier_1 aellaabroad.com 1 SNAPNAMES 35, LLC NS1.DNSNUTS.COM None
6 tier_1 bamporn.com 1 SNAPNAMES 50, LLC NS1.DNSNUTS.COM None
7 tier_1 being-bianca.com 1 Gozerdomains.com LLC NS1.DNSNUTS.COM None
8 tier_1 globalprintmonitor.org 1 Domainhawks.net LLC NS1.DNSNUTS.COM None
9 tier_1 deltathrottle.com 1 Pipeline Domains, LLC NS1.DNSNUTS.COM None
10 tier_2 8205.wcitianka.com 58 GoDaddy Online Services Cayman Islands LTD NS-1096.AWSDNS-09.ORG None
11 tier_2 go.revpush.cc 58 GoDaddy.com, LLC NS43.DOMAINCONTROL.COM Domains By Proxy, LLC
12 tier_2 afflat3c1.com 58 DNC Holdings, Inc NS1.PEER1.NET Savvy Investments, LLC Privacy ID# 14674509
13 tier_2 priceshopinsurance.go2cloud.org 58 NAMECHEAP INC NS-1511.AWSDNS-60.ORG ['Seattle Technology', 'Redacted for Privacy Purposes']
14 tier_2 alfik-fik.com 42 Amazon Registrar, Inc. NS-1264.AWSDNS-30.ORG Whois Privacy Service
15 tier_2 track.vcdc.com 24 Key-Systems GmbH GUY.NS.CLOUDFLARE.COM c/o whoisproxy.com
16 tier_2 atnpx.com 17 GoDaddy.com, LLC BECKY.NS.CLOUDFLARE.COM Domains By Proxy, LLC
17 tier_2 dprtb.com 13 1API GmbH NS1.DNSIMPLE.COM REDACTED FOR PRIVACY
18 tier_2 ad.doubleclick.net 11 MarkMonitor, Inc. NS1.GOOGLE.COM Google Inc.
19 tier_2 trackyourmpg.com 6 GoDaddy Online Services Cayman Islands LTD HUGH.NS.CLOUDFLARE.COM None
20 tier_3 priceshopinsurance.com 58 GoDaddy.com, LLC NS27.DOMAINCONTROL.COM Domains By Proxy, LLC
21 tier_3 kbb.com 17 CSC CORPORATE DOMAINS, INC. PDNS164.ULTRADNS.BIZ Autotrader.com
22 tier_3 storystudio.sfgate.com 12 CSC CORPORATE DOMAINS, INC. NS1.HEARSTNP.COM Hearst Communications, Inc.
23 tier_3 atnpx.com 4 GoDaddy.com, LLC BECKY.NS.CLOUDFLARE.COM Domains By Proxy, LLC
24 tier_3 happymakesite.xyz 3 Epik LLC MARJORY.NS.CLOUDFLARE.COM Anonymize, Inc.
25 tier_3 lulus.com_LOOP_1 3 None None None
26 tier_3 m.placesiteb.xyz 3 Sav.comLLC HUGH.NS.CLOUDFLARE.COM Privacy Protection
27 tier_3 squirt.org 2 NAMECHEAP INC NS5.DNSMADEEASY.COM WhoisGuard, Inc.
28 tier_3 win2.trustedpush.com 2 NAMECHEAP INC NS-1142.AWSDNS-14.ORG WhoisGuard, Inc.
29 tier_3 android-data-alert.com 2 DANESCO TRADING LTD KEENAN.NS.CLOUDFLARE.COM DANESCO TRADING LTD.
ip city region org postal country_name tier count hostname anycast
0 185.107.56.59 Amsterdam North Holland AS43350 NForce Entertainment B.V. 1012 Netherlands tier_1 17 nan nan
1 185.107.56.60 Amsterdam North Holland AS43350 NForce Entertainment B.V. 1012 Netherlands tier_1 17 nan nan
2 64.32.8.67 Los Angeles California AS46844 Sharktech 90009 United States tier_1 14 customer.sharktech.net nan
3 64.32.8.69 Los Angeles California AS46844 Sharktech 90009 United States tier_1 14 customer.sharktech.net nan
4 64.32.8.68 Los Angeles California AS46844 Sharktech 90009 United States tier_1 13 customer.sharktech.net nan
5 64.32.8.70 Los Angeles California AS46844 Sharktech 90009 United States tier_1 12 customer.sharktech.net nan
6 185.107.56.58 Amsterdam North Holland AS43350 NForce Entertainment B.V. 1012 Netherlands tier_1 11 nan nan
7 185.107.56.57 Amsterdam North Holland AS43350 NForce Entertainment B.V. 1012 Netherlands tier_1 11 nan nan
8 198.54.112.216 San Jose California AS22612 Namecheap, Inc. 95103 United States tier_2 59 nan nan
9 34.199.107.160 Virginia Beach Virginia AS14618 Amazon.com, Inc. 23452 United States tier_2 58 ec2-34-199-107-160.compute-1.amazonaws.com nan
10 69.172.200.185 Toronto Ontario AS19324 Dosarrest Internet Security LTD M5N Canada tier_2 58 maxbounty.com nan
11 167.233.8.197 N├╝rnberg Bavaria AS24940 Hetzner Online GmbH 90402 Germany tier_2 24 static.197.8.233.167.clients.your-server.de nan
12 54.84.27.165 Virginia Beach Virginia AS14618 Amazon.com, Inc. 23452 United States tier_2 23 ec2-54-84-27-165.compute-1.amazonaws.com nan
13 34.200.146.95 Virginia Beach Virginia AS14618 Amazon.com, Inc. 23452 United States tier_2 21 ec2-34-200-146-95.compute-1.amazonaws.com nan
14 34.198.147.111 Virginia Beach Virginia AS14618 Amazon.com, Inc. 23452 United States tier_2 20 ec2-34-198-147-111.compute-1.amazonaws.com nan
15 52.205.36.237 Virginia Beach Virginia AS14618 Amazon.com, Inc. 23452 United States tier_2 19 ec2-52-205-36-237.compute-1.amazonaws.com nan
16 52.20.195.125 Virginia Beach Virginia AS14618 Amazon.com, Inc. 23452 United States tier_2 19 ec2-52-20-195-125.compute-1.amazonaws.com nan
17 209.15.13.136 Toronto Ontario AS13768 Aptum Technologies M5N Canada tier_2 16 nan nan
18 198.71.233.138 Ashburn Virginia AS26496 GoDaddy.com, LLC 20149 United States tier_3 58 ip-198-71-233-138.ip.secureserver.net nan
19 23.44.217.143 Newark New Jersey AS16625 Akamai Technologies, Inc. 07175 United States tier_3 17 a23-44-217-143.deploy.static.akamaitechnologies.com nan
20 98.129.228.57 Dallas Texas AS33070 Rackspace Hosting 75270 United States tier_3 12 nan nan
21 104.18.80.149 San Francisco California AS13335 Cloudflare, Inc. 94107 United States tier_3 5 nan True
22 100.37.135.2 New York City New York AS701 MCI Communications Services, Inc. d/b/a Verizon Business 10004 United States tier_3 4 pool-100-37-135-2.nycmny.fios.verizon.net nan
23 172.67.74.77 San Francisco California AS13335 Cloudflare, Inc. 94107 United States tier_3 3 nan True
24 158.106.84.60 Toronto Ontario AS23498 COGECODATA M5N Canada tier_3 2 squirt.org nan
25 104.26.10.53 San Francisco California AS13335 Cloudflare, Inc. 94107 United States tier_3 1 nan True
26 104.21.25.82 San Francisco California AS13335 Cloudflare, Inc. 94107 United States tier_3 1 nan True
27 34.206.66.177 Virginia Beach Virginia AS14618 Amazon.com, Inc. 23452 United States tier_3 1 ec2-34-206-66-177.compute-1.amazonaws.com nan

Aggregated redirection graph of domains located on current IP address.

  • The redirection flows from left to right
  • Leftmost domains are initial domains hosted on current IP
  • Rightmost domains are final landing domains we were able to crawl

Screenshot of high-occurrence final landing domains

Have other ideas? / Want to subscribe to get threat intelligence report? / Contact

Zhouhan Chen, NYU Center for Data Science, zc1245@nyu.edu, Personal Website