Brian, agreed. If you scrub against that list of domains and IP addresses you will probably see small numbers. But I suspect there are way more IP addresses that are not listed (and domains). It is common practice for bad guys to shut down IPs and domains regularly once those are not making money for them, in order to avoid further analysis.

It would be interesting to analyze every unique domain and IP address that you see and look for things like the age of the domain, the fact that the domain is entirely alphanumeric, and spelling errors (like “Time Warner Cabel”) and other discrepancies (like the domain is not actually Time Warner Cable).


Former Group Chief Digital Officer, MIT PhD (Materials Science), McKinsey Alum,

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store