Daily Threat Intelligence Report

This report contains following information

  1. Overall statistics
    1. Number of domains detected
    2. Number of domains detected by Google Safe Browsing
    3. IP address behind entry-level domains
    4. date of collection
  2. Top 10 domain statistics
    1. count (number of redirection paths that contain this domain)
    2. tier (1 is entry-level domain, 2 is intermediate hop, 3 is final landing domain)
    3. registar
    4. organization
  3. Top 10 IP statistics
    1. count
    2. location (city, country, region)
    3. hostname
    4. organization
  4. Consolidated redirection path
    1. green: tier one domain
    2. yellow: tier two domain
    3. red: tier three domain
num_domain num_links num_full_url num_safebrowsing_malicious num_vt_malicious date ip user_agent
0 37 34 47 0 8 2021-04-16 103.224.182.207 Chrome
tier domain count registrar name_servers org
0 tier_1 123gmail.com 1 TLD Registrar Solutions Ltd. NS1.ABOVE.COM Whois Privacy Corp.
1 tier_1 facebook-sex.com 1 Internet Domain Service BS Corp. NS1.ABOVE.COM Whois Privacy Corp.
2 tier_1 fashionmazia.com 1 GoDaddy.com, LLC NS1.ABOVE.COM None
3 tier_1 facebookquotes4u.com 1 GoDaddy.com, LLC NS1.ABOVE.COM None
4 tier_1 explorehealthyfood.com 1 GoDaddy.com, LLC NS1.ABOVE.COM None
5 tier_1 ilikefurniture.com 1 GoDaddy.com, LLC NS1.ABOVE.COM None
6 tier_1 facebookprofileview.com 1 Internet Domain Service BS Corp. NS1.ABOVE.COM Whois Privacy Corp.
7 tier_1 expeditelectronics.com 1 GoDaddy.com, LLC NS1.ABOVE.COM None
8 tier_2 0redirb.com 5 ABOVE.COM PTY LTD. NS1.ABOVE.COM None
9 tier_2 r.lnk8j7.com 2 1&1 IONOS SE NS-1314.AWSDNS-36.ORG 1&1 Internet Limited
10 tier_2 kamala-cha.com 2 Amazon Registrar, Inc. NS-1005.AWSDNS-61.NET Whois Privacy Service
11 tier_2 query.pureleads.com 2 New Frontier, Inc. NS1.P05.DYNECT.NET Domain Protection Services, Inc.
12 tier_2 queryclick.pureleads.com 2 New Frontier, Inc. NS1.P05.DYNECT.NET Domain Protection Services, Inc.
13 tier_2 amzn.to 2 None None None
14 tier_2 ww38.123gmail.com 1 TLD Registrar Solutions Ltd. NS1.ABOVE.COM Whois Privacy Corp.
15 tier_2 katie.v4.omgtnc.com 1 PSI-USA, Inc. dba Domain Robot NS-1133.AWSDNS-13.ORG None
16 tier_2 recode.pw 1 GANDI SAS NS-1611.AWSDNS-09.CO.UK PPCBUZZ
17 tier_2 2679468029.pub.ezanga.com 1 GoDaddy.com, LLC NS1.SOFTLAYER.COM eZanga.com, Inc.
18 tier_2 1redira.com 1 ABOVE.COM PTY LTD. NS1.TRELLIAN.COM None
19 tier_2 go.bshrdr.com 1 NAMECHEAP INC AMY.NS.CLOUDFLARE.COM Privacy service provided by Withheld for Privacy ehf
20 tier_2 c.adclickthru.net 1 GoDaddy.com, LLC NS75.DOMAINCONTROL.COM Domains By Proxy, LLC
21 tier_2 11164440.searchiqnet.com 1 GoDaddy.com, LLC NS57.DOMAINCONTROL.COM Domains By Proxy, LLC
22 tier_2 americanlisted.com 1 ilait AB NS1.TELECOM3.NET Integration 3 Group AB
23 tier_2 click.appcast.io 1 101Domain GRS Ltd NS-85.AWSDNS-10.COM None
24 tier_2 careerbliss.com 1 GoDaddy.com, LLC NS10.DNSMADEEASY.COM Domains By Proxy, LLC
25 tier_2 uniqtrack.club 1 NAMECHEAP INC dns2.registrar-servers.com Privacy service provided by Withheld for Privacy ehf
26 tier_2 madjabb.com 1 DNC Holdings, Inc NS1.PEER1.NET REDACTED FOR PRIVACY
27 tier_2 maxbounty.com 1 DNC Holdings, Inc NS1.PEER1.NET Savvy Investments, LLC Privacy ID# 10846171
28 tier_3 amazon.com 2 MarkMonitor, Inc. NS1.P31.DYNECT.NET Amazon Technologies, Inc.
29 tier_3 dropped-click.com 1 NAMECHEAP INC INES.NS.CLOUDFLARE.COM Privacy service provided by Withheld for Privacy ehf
30 tier_3 stripchat.com 1 NAMECHEAP INC AMY.NS.CLOUDFLARE.COM Privacy service provided by Withheld for Privacy ehf
31 tier_3 joinsmarty.com 1 GoDaddy Online Services Cayman Islands LTD DOM.NS.CLOUDFLARE.COM None
32 tier_3 trk.careerbliss.com 1 GoDaddy.com, LLC NS10.DNSMADEEASY.COM Domains By Proxy, LLC
33 tier_3 americaspharmacy.com 1 Network Solutions, LLC NS1.MEDIMPACT.COM MedImpact Healthcare Systems, Inc.
34 tier_3 ram21.proasdf.com 1 GoDaddy.com, LLC NS61.DOMAINCONTROL.COM Domains By Proxy, LLC
ip hostname city region org postal country_name tier count anycast
0 103.224.182.207 lb-182-207.above.com Los Angeles California AS133618 Trellian Pty. Limited 90009 United States tier_1 8 nan
1 103.224.212.247 lb-212-247.above.com Los Angeles California AS133618 Trellian Pty. Limited 90009 United States tier_2 5 nan
2 209.132.243.15 nan Los Angeles California AS7296 Alchemy Communications, Inc. 90009 United States tier_2 2 nan
3 69.172.200.185 maxbounty.com Toronto Ontario AS19324 Dosarrest Internet Security LTD M5N Canada tier_2 2 nan
4 54.70.216.196 ec2-54-70-216-196.us-west-2.compute.amazonaws.com Boardman Oregon AS16509 Amazon.com, Inc. 97818 United States tier_2 2 nan
5 67.199.248.12 cname.bitly.com New York City New York AS396982 Google LLC 10010 United States tier_2 2 True
6 185.53.179.28 nan Munich Bavaria AS61969 Team Internet AG 80331 Germany tier_2 1 nan
7 52.22.6.66 ec2-52-22-6-66.compute-1.amazonaws.com Ashburn Virginia AS14618 Amazon.com, Inc. 20149 United States tier_2 1 nan
8 66.232.112.81 66-232-112-81.static.hvvc.us Tampa Florida AS29802 HIVELOCITY, Inc. 33606 United States tier_2 1 nan
9 169.63.237.202 ca.ed.3fa9.ip4.static.sl-reverse.com Dallas Texas AS36351 SoftLayer Technologies Inc. 75270 United States tier_2 1 nan
10 103.224.182.206 bidr.trellian.com Los Angeles California AS133618 Trellian Pty. Limited 90009 United States tier_2 1 nan
11 172.67.130.194 nan San Francisco California AS13335 Cloudflare, Inc. 94107 United States tier_2 1 True
12 13.226.38.92 server-13-226-38-92.ewr53.r.cloudfront.net Newark New Jersey AS16509 Amazon.com, Inc. 07175 United States tier_2 1 nan
13 54.208.107.202 ec2-54-208-107-202.compute-1.amazonaws.com Ashburn Virginia AS14618 Amazon.com, Inc. 20149 United States tier_2 1 nan
14 35.209.61.240 240.61.209.35.bc.googleusercontent.com Council Bluffs Iowa AS15169 Google LLC 51502 United States tier_2 1 nan
15 52.3.4.129 ec2-52-3-4-129.compute-1.amazonaws.com Ashburn Virginia AS14618 Amazon.com, Inc. 20149 United States tier_2 1 nan
16 207.38.44.116 cbsmtp1.careerbliss.com Los Angeles California AS5693 Latisys-Irvine, LLC 90009 United States tier_3 1 nan
17 13.226.38.110 server-13-226-38-110.ewr53.r.cloudfront.net Newark New Jersey AS16509 Amazon.com, Inc. 07175 United States tier_2 1 nan
18 34.197.176.2 ec2-34-197-176-2.compute-1.amazonaws.com Ashburn Virginia AS14618 Amazon.com, Inc. 20149 United States tier_2 1 nan
19 66.42.49.28 66.42.49.28.vultr.com Singapore Singapore AS20473 The Constant Company, LLC 048508 Singapore tier_2 1 nan
20 199.59.242.153 nan New York City New York AS395082 Bodis, LLC 10004 United States tier_2 1 nan
21 52.117.180.30 nan Dallas Texas AS36351 SoftLayer Technologies Inc. 75270 United States tier_3 1 nan
22 104.19.183.41 nan San Francisco California AS13335 Cloudflare, Inc. 94107 United States tier_3 1 True
23 104.26.13.42 nan San Francisco California AS13335 Cloudflare, Inc. 94107 United States tier_3 1 True
24 207.38.44.116 cbsmtp1.careerbliss.com Los Angeles California AS5693 Latisys-Irvine, LLC 90009 United States tier_3 1 nan
25 104.18.25.167 nan San Francisco California AS13335 Cloudflare, Inc. 94107 United States tier_3 1 True
26 54.192.160.10 server-54-192-160-10.ewr53.r.cloudfront.net Newark New Jersey AS16509 Amazon.com, Inc. 07175 United States tier_3 1 nan
27 162.243.10.151 nan New York City New York AS14061 DigitalOcean, LLC 10011 United States tier_3 1 nan
28 13.226.30.13 server-13-226-30-13.ewr53.r.cloudfront.net Newark New Jersey AS16509 Amazon.com, Inc. 07175 United States tier_3 1 nan

Aggregated redirection graph of domains located on current IP address.

  • The redirection flows from left to right
  • Leftmost domains are initial domains hosted on current IP
  • Rightmost domains are final landing domains we were able to crawl

Screenshot of high-occurrence final landing domains

Have other ideas? / Want to subscribe to get threat intelligence report? / Contact

Zhouhan Chen, NYU Center for Data Science, zc1245@nyu.edu, Personal Website