Daily Threat Intelligence Report

This report contains following information

  1. Overall statistics
    1. Number of domains detected
    2. Number of domains detected by Google Safe Browsing
    3. IP address behind entry-level domains
    4. date of collection
  2. Top 10 domain statistics
    1. count (number of redirection paths that contain this domain)
    2. tier (1 is entry-level domain, 2 is intermediate hop, 3 is final landing domain)
    3. registar
    4. organization
  3. Top 10 IP statistics
    1. count
    2. location (city, country, region)
    3. hostname
    4. organization
  4. Consolidated redirection path
    1. green: tier one domain
    2. yellow: tier two domain
    3. red: tier three domain
num_domainnum_linksnum_full_urlnum_safebrowsing_maliciousnum_vt_maliciousdateipuser_agent
064621050132021-04-19103.224.182.207Android
tierdomaincountregistrarname_serversorg
0tier_1123gmail.com1TLD Registrar Solutions Ltd.NS1.ABOVE.COMWhois Privacy Corp.
1tier_1facebook-sex.com1Internet Domain Service BS Corp.NS1.ABOVE.COMWhois Privacy Corp.
2tier_1examfeedback.net1GoDaddy.com, LLCNS1.ABOVE.COMNone
3tier_1etcandroid.com1GoDaddy.com, LLCNS1.ABOVE.COMNone
4tier_1fashionmazia.com1GoDaddy.com, LLCNS1.ABOVE.COMNone
5tier_1eljahome.com1GoDaddy.com, LLCNS1.ABOVE.COMNone
6tier_1facebookquotes4u.com1GoDaddy.com, LLCNS1.ABOVE.COMNone
7tier_1facebookprofileview.com1Internet Domain Service BS Corp.NS1.ABOVE.COMWhois Privacy Corp.
8tier_1ez141my.com1GoDaddy.com, LLCNS1.ABOVE.COMNone
9tier_1ecmekohen.net1GoDaddy.com, LLCNS1.ABOVE.COMNone
10tier_20redirb.com10ABOVE.COM PTY LTD.NS1.ABOVE.COMNone
11tier_2americanlisted.com6ilait ABNS1.TELECOM3.NETIntegration 3 Group AB
12tier_2r.lnk8j7.com31&1 IONOS SENS-1314.AWSDNS-36.ORG1&1 Internet Limited
13tier_2kamala-cha.com3Amazon Registrar, Inc.NS-1005.AWSDNS-61.NETWhois Privacy Service
14tier_2click.appcast.io3101Domain GRS LtdNS-85.AWSDNS-10.COMNone
15tier_2careerbliss.com3GoDaddy.com, LLCNS10.DNSMADEEASY.COMDomains By Proxy, LLC
16tier_2trk.careerbliss.com3GoDaddy.com, LLCNS10.DNSMADEEASY.COMDomains By Proxy, LLC
17tier_21496.rawlexi.com3NoneNoneNone
18tier_21redira.com2ABOVE.COM PTY LTD.NS1.TRELLIAN.COMNone
19tier_2go.bshrdr.com2NoneNoneNone
20tier_2linkup.com2GoDaddy.com, LLCNS-102.AWSDNS-12.COMJobDig
21tier_2click.expmediadirect.com2NoneNoneNone
22tier_2search.eproute.info2GoDaddy.com, LLCNS22.DOMAINCONTROL.COMDomains By Proxy, LLC
23tier_29nl.es2NoneNoneNone
24tier_2newre-conversions.clickmeter.com2REGISTER S.P.A.NS-1498.AWSDNS-59.ORGREDACTED FOR PRIVACY
25tier_2trk.jometer.com2Amazon Registrar, Inc.NS-129.AWSDNS-16.COMWhois Privacy Service
26tier_2api.l5srv.net2GoDaddy.com, LLCNS53.DOMAINCONTROL.COMDomains By Proxy, LLC
27tier_2xml.sedodna.com2PSI-USA, Inc. dba Domain RobotNS-1222.AWSDNS-24.ORGNone
28tier_2ww38.123gmail.com1TLD Registrar Solutions Ltd.NS1.ABOVE.COMWhois Privacy Corp.
29tier_2katie.v4.omgtnc.com1PSI-USA, Inc. dba Domain RobotNS-1133.AWSDNS-13.ORGNone
30tier_3stripchat.com2NoneNoneNone
31tier_3findoffers.co2Key-Systems GmbHns4.monikerdns.netMoniker Privacy Services
32tier_3upward.careers2GoDaddy.com, LLCns21.domaincontrol.comDomains By Proxy, LLC
33tier_3ram21.proasdf.com2GoDaddy.com, LLCNS61.DOMAINCONTROL.COMDomains By Proxy, LLC
34tier_3wayfair.com_LOOP_11NoneNoneNone
35tier_3drive4ashleydistribution.com1GoDaddy.com, LLCNS3.LIONZONE.COMConversion Interactive Agency
36tier_3joinsmarty.com1NoneNoneNone
37tier_3click.appcast.io_LOOP_11NoneNoneNone
38tier_3amazonhvh.thejobnetwork.com1GoDaddy.com, LLCNS-1356.AWSDNS-41.ORGRealMatch
39tier_3linkup.com_LOOP_11NoneNoneNone
40tier_3amazon.com1NoneNoneNone
iphostnamecityregionorgpostalcountry_nametiercountanycast
0103.224.182.207lb-182-207.above.comLos AngelesCaliforniaAS133618 Trellian Pty. Limited90009United Statestier_115nan
1103.224.212.247lb-212-247.above.comLos AngelesCaliforniaAS133618 Trellian Pty. Limited90009United Statestier_210nan
235.209.61.240240.61.209.35.bc.googleusercontent.comCouncil BluffsIowaAS15169 Google LLC51502United Statestier_26nan
3207.38.44.116cbsmtp1.careerbliss.comLos AngelesCaliforniaAS5693 Latisys-Irvine, LLC90009United Statestier_26nan
4143.204.148.57server-143-204-148-57.ewr52.r.cloudfront.netNewarkNew JerseyAS16509 Amazon.com, Inc.07175United Statestier_23nan
5198.54.112.216nanSan JoseCaliforniaAS22612 Namecheap, Inc.95103United Statestier_23nan
6192.138.218.207rd.bizrate.comSeattleWashingtonAS14332 Connexity, Inc.98111United Statestier_22nan
7103.224.182.206bidr.trellian.comLos AngelesCaliforniaAS133618 Trellian Pty. Limited90009United Statestier_22nan
8172.67.130.194nanSan FranciscoCaliforniaAS13335 Cloudflare, Inc.94107United Statestier_22True
952.72.29.7ec2-52-72-29-7.compute-1.amazonaws.comAshburnVirginiaAS14618 Amazon.com, Inc.20149United Statestier_22nan
10100.25.52.1ec2-100-25-52-1.compute-1.amazonaws.comAshburnVirginiaAS14618 Amazon.com, Inc.20149United Statestier_22nan
11209.236.97.200nanMinneapolisMinnesotaAS13649 Flexential Colorado Corp.55440United Statestier_22nan
12100.37.135.2pool-100-37-135-2.nycmny.fios.verizon.netNew York CityNew YorkAS701 MCI Communications Services, Inc. d/b/a Verizon Business10004United Statestier_33nan
13198.134.116.30nanNew York CityNew YorkAS27257 Webair Internet Development Company Inc.10013United Statestier_22nan
1444.241.4.74ec2-44-241-4-74.us-west-2.compute.amazonaws.comBoardmanOregonAS16509 Amazon.com, Inc.97818United Statestier_22nan
15209.132.243.15nanLos AngelesCaliforniaAS7296 Alchemy Communications, Inc.90009United Statestier_22nan
1667.227.173.37nanLansingMichiganAS32244 Liquid Web, L.L.C48901United Statestier_22nan
1791.195.240.136nanFrankfurt am MainHesseAS47846 SEDO GmbH60311Germanytier_22nan
18173.239.53.32nanNew York CityNew YorkAS27257 Webair Internet Development Company Inc.10004United Statestier_22nan
19173.192.101.2418.65.c0ad.ip4.static.sl-reverse.comDallasTexasAS36351 SoftLayer Technologies Inc.75270United Statestier_22nan
20185.53.179.28nanMunichBavariaAS61969 Team Internet AG80331Germanytier_21nan
21100.37.135.2pool-100-37-135-2.nycmny.fios.verizon.netNew York CityNew YorkAS701 MCI Communications Services, Inc. d/b/a Verizon Business10004United Statestier_33nan
22104.19.182.41nanSan FranciscoCaliforniaAS13335 Cloudflare, Inc.94107United Statestier_32True
2318.190.1.57ec2-18-190-1-57.us-east-2.compute.amazonaws.comHilliardOhioAS16509 Amazon.com, Inc.43026United Statestier_32nan
2467.227.172.40nanLansingMichiganAS32244 Liquid Web, L.L.C48901United Statestier_32nan
25162.243.10.151nanNew York CityNew YorkAS14061 DigitalOcean, LLC10011United Statestier_32nan
26207.97.218.196nanWashingtonWashington, D.C.AS27357 Rackspace Hosting20045United Statestier_31nan
27172.67.68.204nanSan FranciscoCaliforniaAS13335 Cloudflare, Inc.94107United Statestier_31True
28199.83.128.213199.83.128.213.ip.incapdns.netRedwood CityCaliforniaAS19551 Incapsula Inc94065United Statestier_31True
2999.84.37.174server-99-84-37-174.ewr52.r.cloudfront.netNewarkNew JerseyAS16509 Amazon.com, Inc.07175United Statestier_31nan

Aggregated redirection graph of domains located on current IP address.

  • The redirection flows from left to right
  • Leftmost domains are initial domains hosted on current IP
  • Rightmost domains are final landing domains we were able to crawl

Screenshot of high-occurrence final landing domains

Have other ideas? / Want to subscribe to get threat intelligence report? / Contact

Zhouhan Chen, NYU Center for Data Science, zc1245@nyu.edu, Personal Website