Daily Threat Intelligence Report

This report contains following information

  1. Overall statistics
    1. Number of domains detected
    2. Number of domains detected by Google Safe Browsing
    3. IP address behind entry-level domains
    4. date of collection
  2. Top 10 domain statistics
    1. count (number of redirection paths that contain this domain)
    2. tier (1 is entry-level domain, 2 is intermediate hop, 3 is final landing domain)
    3. registar
    4. organization
  3. Top 10 IP statistics
    1. count
    2. location (city, country, region)
    3. hostname
    4. organization
  4. Consolidated redirection path
    1. green: tier one domain
    2. yellow: tier two domain
    3. red: tier three domain
num_domain num_links num_full_url num_safebrowsing_malicious num_vt_malicious date ip user_agent
0 174 183 631 0 122 2021-03-07 64.32.8.70 Safari
tier domain count registrar name_servers org
0 tier_1 ggulbam27.com 1 SNAPNAMES 32, LLC NS1.DNSNUTS.COM None
1 tier_1 economictims.com 1 Domain Landing Zone LLC NS1.DNSNUTS.COM None
2 tier_1 clipxplore.com 1 SouthNames, LLC NS1.DNSNUTS.COM None
3 tier_1 face2facethemagazine.com 1 Domaininthehole.com LLC NS1.DNSNUTS.COM None
4 tier_1 chastnoevideo.net 1 SNAPNAMES 90, LLC NS1.DNSNUTS.COM None
5 tier_1 akeremuna2018.com 1 Domain Secure LLC NS1.DNSNUTS.COM None
6 tier_1 civgames.com 1 Domainsinthebag.com LLC NS1.DNSNUTS.COM None
7 tier_1 bagustekno.net 1 Zone of Domains LLC NS1.DNSNUTS.COM None
8 tier_1 aiss.cc 1 Top Shelf Domains LLC NS1.DNSNUTS.COM None
9 tier_1 cloudfilezz.com 1 Lionshare Domains, LLC NS1.DNSNUTS.COM None
10 tier_2 click.expmediadirect.com 59 NAMECHEAP INC NS1.LINODE.COM WhoisGuard, Inc.
11 tier_2 rqhere2.com 39 NAMECHEAP INC JEROME.NS.CLOUDFLARE.COM WhoisGuard, Inc.
12 tier_2 dprtb.com 35 1API GmbH NS1.DNSIMPLE.COM REDACTED FOR PRIVACY
13 tier_2 1496.wcitianka.com 33 None None None
14 tier_2 americanlisted.com 31 ilait AB NS1.TELECOM3.NET Integration 3 Group AB
15 tier_2 track.vcdc.com 26 Key-Systems GmbH GUY.NS.CLOUDFLARE.COM c/o whoisproxy.com
16 tier_2 clk.rtpdn12.com 22 NAMECHEAP INC DNS1.REGISTRAR-SERVERS.COM WhoisGuard, Inc.
17 tier_2 rd.leewardjobs.com 18 GoDaddy.com, LLC NS-1391.AWSDNS-45.ORG Domains By Proxy, LLC
18 tier_2 open.app.jobrapido.com 17 Marcaria.com International, Inc. NS-CLOUD-D1.GOOGLEDOMAINS.COM GDPR Masked
19 tier_2 us.jobrapido.com 17 Marcaria.com International, Inc. NS-CLOUD-D1.GOOGLEDOMAINS.COM GDPR Masked
20 tier_3 healthemerge.info 22 GoDaddy.com, LLC MOLLY.NS.CLOUDFLARE.COM None
21 tier_3 medicomatic.info 18 GoDaddy.com, LLC MOLLY.NS.CLOUDFLARE.COM None
22 tier_3 thecryptomoney.info 18 GoDaddy.com, LLC MOLLY.NS.CLOUDFLARE.COM None
23 tier_3 fitnessdial.club 17 GoDaddy.com, LLC molly.ns.cloudflare.com None
24 tier_3 click.appcast.io 8 101Domain GRS Ltd NS-85.AWSDNS-10.COM None
25 tier_3 open.app.jobrapido.com_LOOP_1 6 None None None
26 tier_3 uber.com 5 MarkMonitor, Inc. EDNS126.ULTRADNS.BIZ Uber Technologies, Inc.
27 tier_3 neuvoo.com 4 None None None
28 tier_3 performcompletely-thelatestfile.best 4 NAMECHEAP INC DNS1.REGISTRAR-SERVERS.COM WhoisGuard, Inc.
29 tier_3 performlatest-thecompletelyfile.best 3 NAMECHEAP INC DNS1.REGISTRAR-SERVERS.COM WhoisGuard, Inc.
ip hostname city region org postal country_name tier count anycast
0 64.32.8.70 customer.sharktech.net Los Angeles California AS46844 Sharktech 90009 United States tier_1 19 nan
1 64.32.8.68 customer.sharktech.net Los Angeles California AS46844 Sharktech 90009 United States tier_1 18 nan
2 185.107.56.60 nan Rotterdam South Holland AS43350 NForce Entertainment B.V. 3012 Netherlands tier_1 17 nan
3 64.32.8.69 customer.sharktech.net Los Angeles California AS46844 Sharktech 90009 United States tier_1 16 nan
4 64.32.8.67 customer.sharktech.net Los Angeles California AS46844 Sharktech 90009 United States tier_1 15 nan
5 185.107.56.57 nan Rotterdam South Holland AS43350 NForce Entertainment B.V. 3012 Netherlands tier_1 15 nan
6 185.107.56.58 nan Rotterdam South Holland AS43350 NForce Entertainment B.V. 3012 Netherlands tier_1 12 nan
7 185.107.56.59 nan Rotterdam South Holland AS43350 NForce Entertainment B.V. 3012 Netherlands tier_1 12 nan
8 198.134.116.30 nan New York City New York AS27257 Webair Internet Development Company Inc. 10013 United States tier_2 59 nan
9 209.15.13.136 nan Toronto Ontario AS13768 Aptum Technologies M5N Canada tier_2 46 nan
10 167.99.3.175 nan North Bergen New Jersey AS14061 DigitalOcean, LLC 07047 United States tier_2 39 nan
11 198.54.112.216 nan San Jose California AS22612 Namecheap, Inc. 95103 United States tier_2 33 nan
12 35.209.61.240 240.61.209.35.bc.googleusercontent.com Council Bluffs Iowa AS15169 Google LLC 51502 United States tier_2 31 nan
13 167.233.8.197 static.197.8.233.167.clients.your-server.de N├╝rnberg Bavaria AS24940 Hetzner Online GmbH 90402 Germany tier_2 26 nan
14 173.239.53.32 nan New York City New York AS27257 Webair Internet Development Company Inc. 10013 United States tier_2 24 nan
15 178.33.228.114 ns3021656.ip-178-33-228.eu Roubaix Hauts-de-France AS16276 OVH SAS 59051 CEDEX 1 France tier_2 17 nan
16 100.37.135.2 pool-100-37-135-2.nycmny.fios.verizon.net New York City New York AS701 MCI Communications Services, Inc. d/b/a Verizon Business 10004 United States tier_3 18 nan
17 3.226.165.125 ec2-3-226-165-125.compute-1.amazonaws.com Virginia Beach Virginia AS14618 Amazon.com, Inc. 23458 United States tier_2 9 nan
18 100.37.135.2 pool-100-37-135-2.nycmny.fios.verizon.net New York City New York AS701 MCI Communications Services, Inc. d/b/a Verizon Business 10004 United States tier_3 18 nan
19 172.67.221.83 nan San Francisco California AS13335 Cloudflare, Inc. 94107 United States tier_3 14 True
20 172.67.134.123 nan San Francisco California AS13335 Cloudflare, Inc. 94107 United States tier_3 11 True
21 172.67.167.220 nan San Francisco California AS13335 Cloudflare, Inc. 94107 United States tier_3 11 True
22 104.21.25.189 nan San Francisco California AS13335 Cloudflare, Inc. 94107 United States tier_3 11 True
23 172.67.210.14 nan San Francisco California AS13335 Cloudflare, Inc. 94107 United States tier_3 10 True
24 104.21.42.202 nan San Francisco California AS13335 Cloudflare, Inc. 94107 United States tier_3 8 True
25 104.21.34.37 nan San Francisco California AS13335 Cloudflare, Inc. 94107 United States tier_3 7 True
26 54.210.35.174 ec2-54-210-35-174.compute-1.amazonaws.com Ashburn Virginia AS14618 Amazon.com, Inc. 20149 United States tier_3 7 nan
27 104.36.195.150 nan Washington Washington, D.C. AS63086 Uber Technologies, Inc 20045 United States tier_3 4 nan

Aggregated redirection graph of domains located on current IP address.

  • The redirection flows from left to right
  • Leftmost domains are initial domains hosted on current IP
  • Rightmost domains are final landing domains we were able to crawl

Screenshot of high-occurrence final landing domains

Have other ideas? / Want to subscribe to get threat intelligence report? / Contact

Zhouhan Chen, NYU Center for Data Science, zc1245@nyu.edu, Personal Website