Hi everyone, my name is Andrew
I’m currently working on an independent project focused on monitoring domain availability and detecting potential blocking across different countries and ISPs.
The core idea is to build a lightweight system that uses RIPE Atlas measurements (DNS and HTTP) across multiple ASNs to identify:
-
DNS tampering or poisoning
-
IP-level blocking
-
HTTP-level interference or filtering
In addition to general network measurements, I’m also exploring how this data can be applied to improve anti-phishing and malware detection systems.
Specifically, the collected data can help:
-
identify suspicious domains that are selectively blocked by certain ISPs (a common signal for phishing or malicious infrastructure)
-
detect inconsistencies between DNS resolution across regions, which may indicate malicious redirection or DNS manipulation
-
flag domains that trigger abnormal HTTP responses (e.g. filtering pages or injected content), often associated with compromised or malicious hosting
-
build heuristics for early detection of harmful domains based on network-level anomalies rather than relying only on traditional blacklists
The goal is to enhance automated detection pipelines and improve visibility into potentially harmful infrastructure from a network perspective.
At the moment, I’m limited by available RIPE Atlas credits while testing and scaling across multiple regions (LATAM, Middle East, APAC).
If anyone has spare credits they would be willing to share (even a small amount), I would greatly appreciate it — it would directly help continue development and improve the system.
I’m also planning to host a probe to contribute back to the network.
Happy to share findings or insights from this work if there is interest.
My RIPE Atlas account email: vjwork8@gmail.com
Thank you in advance!