Brian, agreed. If you scrub against that list of domains and IP addresses you will probably see small numbers. But I suspect there are way more IP addresses that are not listed (and domains). It is common practice for bad guys to shut down IPs and domains regularly once those are not making money for them, in order to avoid further analysis.

It would be interesting to analyze every unique domain and IP address that you see and look for things like the age of the domain, the fact that the domain is entirely alphanumeric, and spelling errors (like “Time Warner Cabel”) and other discrepancies (like the domain is not actually Time Warner Cable).

--

--

--

Former Group Chief Digital Officer, MIT PhD (Materials Science), McKinsey Alum, http://t.co/E9MgBvoF

Love podcasts or audiobooks? Learn on the go with our new app.

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store
Ad Fraud Researcher

Ad Fraud Researcher

Former Group Chief Digital Officer, MIT PhD (Materials Science), McKinsey Alum, http://t.co/E9MgBvoF

More from Medium

BabySPELL — Everything you need to know

Words Unsaid

Habit #2: Begin With The End In Mind