Daily Threat Intelligence Report

This report contains following information

  1. Overall statistics
    1. Number of domains detected
    2. Number of domains detected by Google Safe Browsing
    3. IP address behind entry-level domains
    4. date of collection
  2. Top 10 domain statistics
    1. count (number of redirection paths that contain this domain)
    2. tier (1 is entry-level domain, 2 is intermediate hop, 3 is final landing domain)
    3. registar
    4. organization
  3. Top 10 IP statistics
    1. count
    2. location (city, country, region)
    3. hostname
    4. organization
  4. Consolidated redirection path
    1. green: tier one domain
    2. yellow: tier two domain
    3. red: tier three domain
num_domainnum_linksnum_full_urlnum_safebrowsing_maliciousnum_vt_maliciousdateipuser_agent
0373447082021-04-16103.224.182.207Chrome
tierdomaincountregistrarname_serversorg
0tier_1123gmail.com1TLD Registrar Solutions Ltd.NS1.ABOVE.COMWhois Privacy Corp.
1tier_1facebook-sex.com1Internet Domain Service BS Corp.NS1.ABOVE.COMWhois Privacy Corp.
2tier_1fashionmazia.com1GoDaddy.com, LLCNS1.ABOVE.COMNone
3tier_1facebookquotes4u.com1GoDaddy.com, LLCNS1.ABOVE.COMNone
4tier_1explorehealthyfood.com1GoDaddy.com, LLCNS1.ABOVE.COMNone
5tier_1ilikefurniture.com1GoDaddy.com, LLCNS1.ABOVE.COMNone
6tier_1facebookprofileview.com1Internet Domain Service BS Corp.NS1.ABOVE.COMWhois Privacy Corp.
7tier_1expeditelectronics.com1GoDaddy.com, LLCNS1.ABOVE.COMNone
8tier_20redirb.com5ABOVE.COM PTY LTD.NS1.ABOVE.COMNone
9tier_2r.lnk8j7.com21&1 IONOS SENS-1314.AWSDNS-36.ORG1&1 Internet Limited
10tier_2kamala-cha.com2Amazon Registrar, Inc.NS-1005.AWSDNS-61.NETWhois Privacy Service
11tier_2query.pureleads.com2New Frontier, Inc.NS1.P05.DYNECT.NETDomain Protection Services, Inc.
12tier_2queryclick.pureleads.com2New Frontier, Inc.NS1.P05.DYNECT.NETDomain Protection Services, Inc.
13tier_2amzn.to2NoneNoneNone
14tier_2ww38.123gmail.com1TLD Registrar Solutions Ltd.NS1.ABOVE.COMWhois Privacy Corp.
15tier_2katie.v4.omgtnc.com1PSI-USA, Inc. dba Domain RobotNS-1133.AWSDNS-13.ORGNone
16tier_2recode.pw1GANDI SASNS-1611.AWSDNS-09.CO.UKPPCBUZZ
17tier_22679468029.pub.ezanga.com1GoDaddy.com, LLCNS1.SOFTLAYER.COMeZanga.com, Inc.
18tier_21redira.com1ABOVE.COM PTY LTD.NS1.TRELLIAN.COMNone
19tier_2go.bshrdr.com1NAMECHEAP INCAMY.NS.CLOUDFLARE.COMPrivacy service provided by Withheld for Privacy ehf
20tier_2c.adclickthru.net1GoDaddy.com, LLCNS75.DOMAINCONTROL.COMDomains By Proxy, LLC
21tier_211164440.searchiqnet.com1GoDaddy.com, LLCNS57.DOMAINCONTROL.COMDomains By Proxy, LLC
22tier_2americanlisted.com1ilait ABNS1.TELECOM3.NETIntegration 3 Group AB
23tier_2click.appcast.io1101Domain GRS LtdNS-85.AWSDNS-10.COMNone
24tier_2careerbliss.com1GoDaddy.com, LLCNS10.DNSMADEEASY.COMDomains By Proxy, LLC
25tier_2uniqtrack.club1NAMECHEAP INCdns2.registrar-servers.comPrivacy service provided by Withheld for Privacy ehf
26tier_2madjabb.com1DNC Holdings, IncNS1.PEER1.NETREDACTED FOR PRIVACY
27tier_2maxbounty.com1DNC Holdings, IncNS1.PEER1.NETSavvy Investments, LLC Privacy ID# 10846171
28tier_3amazon.com2MarkMonitor, Inc.NS1.P31.DYNECT.NETAmazon Technologies, Inc.
29tier_3dropped-click.com1NAMECHEAP INCINES.NS.CLOUDFLARE.COMPrivacy service provided by Withheld for Privacy ehf
30tier_3stripchat.com1NAMECHEAP INCAMY.NS.CLOUDFLARE.COMPrivacy service provided by Withheld for Privacy ehf
31tier_3joinsmarty.com1GoDaddy Online Services Cayman Islands LTDDOM.NS.CLOUDFLARE.COMNone
32tier_3trk.careerbliss.com1GoDaddy.com, LLCNS10.DNSMADEEASY.COMDomains By Proxy, LLC
33tier_3americaspharmacy.com1Network Solutions, LLCNS1.MEDIMPACT.COMMedImpact Healthcare Systems, Inc.
34tier_3ram21.proasdf.com1GoDaddy.com, LLCNS61.DOMAINCONTROL.COMDomains By Proxy, LLC
iphostnamecityregionorgpostalcountry_nametiercountanycast
0103.224.182.207lb-182-207.above.comLos AngelesCaliforniaAS133618 Trellian Pty. Limited90009United Statestier_18nan
1103.224.212.247lb-212-247.above.comLos AngelesCaliforniaAS133618 Trellian Pty. Limited90009United Statestier_25nan
2209.132.243.15nanLos AngelesCaliforniaAS7296 Alchemy Communications, Inc.90009United Statestier_22nan
369.172.200.185maxbounty.comTorontoOntarioAS19324 Dosarrest Internet Security LTDM5NCanadatier_22nan
454.70.216.196ec2-54-70-216-196.us-west-2.compute.amazonaws.comBoardmanOregonAS16509 Amazon.com, Inc.97818United Statestier_22nan
567.199.248.12cname.bitly.comNew York CityNew YorkAS396982 Google LLC10010United Statestier_22True
6185.53.179.28nanMunichBavariaAS61969 Team Internet AG80331Germanytier_21nan
752.22.6.66ec2-52-22-6-66.compute-1.amazonaws.comAshburnVirginiaAS14618 Amazon.com, Inc.20149United Statestier_21nan
866.232.112.8166-232-112-81.static.hvvc.usTampaFloridaAS29802 HIVELOCITY, Inc.33606United Statestier_21nan
9169.63.237.202ca.ed.3fa9.ip4.static.sl-reverse.comDallasTexasAS36351 SoftLayer Technologies Inc.75270United Statestier_21nan
10103.224.182.206bidr.trellian.comLos AngelesCaliforniaAS133618 Trellian Pty. Limited90009United Statestier_21nan
11172.67.130.194nanSan FranciscoCaliforniaAS13335 Cloudflare, Inc.94107United Statestier_21True
1213.226.38.92server-13-226-38-92.ewr53.r.cloudfront.netNewarkNew JerseyAS16509 Amazon.com, Inc.07175United Statestier_21nan
1354.208.107.202ec2-54-208-107-202.compute-1.amazonaws.comAshburnVirginiaAS14618 Amazon.com, Inc.20149United Statestier_21nan
1435.209.61.240240.61.209.35.bc.googleusercontent.comCouncil BluffsIowaAS15169 Google LLC51502United Statestier_21nan
1552.3.4.129ec2-52-3-4-129.compute-1.amazonaws.comAshburnVirginiaAS14618 Amazon.com, Inc.20149United Statestier_21nan
16207.38.44.116cbsmtp1.careerbliss.comLos AngelesCaliforniaAS5693 Latisys-Irvine, LLC90009United Statestier_31nan
1713.226.38.110server-13-226-38-110.ewr53.r.cloudfront.netNewarkNew JerseyAS16509 Amazon.com, Inc.07175United Statestier_21nan
1834.197.176.2ec2-34-197-176-2.compute-1.amazonaws.comAshburnVirginiaAS14618 Amazon.com, Inc.20149United Statestier_21nan
1966.42.49.2866.42.49.28.vultr.comSingaporeSingaporeAS20473 The Constant Company, LLC048508Singaporetier_21nan
20199.59.242.153nanNew York CityNew YorkAS395082 Bodis, LLC10004United Statestier_21nan
2152.117.180.30nanDallasTexasAS36351 SoftLayer Technologies Inc.75270United Statestier_31nan
22104.19.183.41nanSan FranciscoCaliforniaAS13335 Cloudflare, Inc.94107United Statestier_31True
23104.26.13.42nanSan FranciscoCaliforniaAS13335 Cloudflare, Inc.94107United Statestier_31True
24207.38.44.116cbsmtp1.careerbliss.comLos AngelesCaliforniaAS5693 Latisys-Irvine, LLC90009United Statestier_31nan
25104.18.25.167nanSan FranciscoCaliforniaAS13335 Cloudflare, Inc.94107United Statestier_31True
2654.192.160.10server-54-192-160-10.ewr53.r.cloudfront.netNewarkNew JerseyAS16509 Amazon.com, Inc.07175United Statestier_31nan
27162.243.10.151nanNew York CityNew YorkAS14061 DigitalOcean, LLC10011United Statestier_31nan
2813.226.30.13server-13-226-30-13.ewr53.r.cloudfront.netNewarkNew JerseyAS16509 Amazon.com, Inc.07175United Statestier_31nan

Aggregated redirection graph of domains located on current IP address.

  • The redirection flows from left to right
  • Leftmost domains are initial domains hosted on current IP
  • Rightmost domains are final landing domains we were able to crawl

Screenshot of high-occurrence final landing domains

Have other ideas? / Want to subscribe to get threat intelligence report? / Contact

Zhouhan Chen, NYU Center for Data Science, zc1245@nyu.edu, Personal Website