Daily Threat Intelligence Report

This report contains following information

  1. Overall statistics
    1. Number of domains detected
    2. Number of domains detected by Google Safe Browsing
    3. IP address behind entry-level domains
    4. date of collection
  2. Top 10 domain statistics
    1. count (number of redirection paths that contain this domain)
    2. tier (1 is entry-level domain, 2 is intermediate hop, 3 is final landing domain)
    3. registar
    4. organization
  3. Top 10 IP statistics
    1. count
    2. location (city, country, region)
    3. hostname
    4. organization
  4. Consolidated redirection path
    1. green: tier one domain
    2. yellow: tier two domain
    3. red: tier three domain
num_domainnum_linksnum_full_urlnum_safebrowsing_maliciousnum_vt_maliciousdateipuser_agent
024726112900202021-04-1037.48.65.149Iphone
tierdomaincountregistrarname_serversorg
0tier_1elternportal.org1ABOVE.COM PTY LTD.NS1.COMMONMX.COM\n
1tier_1bunkerkilts.com1Communigal Communication LtdNS1.COMMONMX.COMNone
2tier_1chimichurri.co1GoDaddy.com, LLCns2.commonmx.comNone
3tier_1allbank.co.in1Dynadot LLCns1.commonmx.comNone
4tier_1dakikpanel.com1GoDaddy.com, LLCNS1.COMMONMX.COMNone
5tier_1campusesolution.com1TUCOWS, INC.NS1.COMMONMX.COMContact Privacy Inc. Customer 0159843300
6tier_1bicoholics.com1TUCOWS, INC.NS1.COMMONMX.COMContact Privacy Inc. Customer 0158852663
7tier_1aktivwatch.com1GoDaddy.com, LLCNS1.COMMONMX.COMNone
8tier_1aweldaw.com1GoDaddy.com, LLCNS1.COMMONMX.COMNone
9tier_1dd-routers.com1GoDaddy.com, LLCNS1.COMMONMX.COMNone
10tier_2aristo-hag.com76Amazon Registrar, Inc.NS-1226.AWSDNS-25.ORGWhois Privacy Service
11tier_2btpnav.com751API GmbHNS1.DNSIMPLE.COMRegistrant of btpnav.com
12tier_2ads35.adtelligent.com58DANESCO TRADING LTDNS.ANYCASTNS1.ORGVertamedia,LLC
13tier_2dsp35.adtelligent.com58DANESCO TRADING LTDNS.ANYCASTNS1.ORGVertamedia,LLC
14tier_2aibm1.mysearch.space58NoneNoneNone
15tier_2externals-1953518744.us-east-1.elb.amazonaws.com58MarkMonitor, Inc.R1.AMAZONAWS.COMAmazon.com, Inc.
16tier_2search.snjsearch.com58GoDaddy.com, LLCNS73.DOMAINCONTROL.COMDomains By Proxy, LLC
17tier_2search-checker.com56Name.com, Inc.BETH.NS.CLOUDFLARE.COMDomain Protection Services, Inc.
18tier_2m.onlineweb.mobi56GoDaddy.com, LLCNoneNone
19tier_2click.expmediadirect.com46NoneNoneNone
20tier_2changeslots.com36Instra Corporation Pty Ltd.CLEO.NS.CLOUDFLARE.COMREDACTED FOR PRIVACY
21tier_2infopicked.com34NoneNoneNone
22tier_2btpnative.com291API GmbHNS1.DNSIMPLE.COMRegistrant of btpnative.com
23tier_2p274639.infopicked.com24NoneNoneNone
24tier_2api.quotes.com21Internet Domain Service BS Corp.NS-CANADA.TOPDNS.COMWhois Privacy Corp.
25tier_2trfransit.com16NoneNoneNone
26tier_2activtraffic.com16NoneNoneNone
27tier_2trfransit.com_LOOP_116NoneNoneNone
28tier_2api.apptap.com15Amazon Registrar, Inc.NS-1256.AWSDNS-29.ORGWhois Privacy Service
29tier_2api.mplayit.com14Amazon Registrar, Inc.NS-1236.AWSDNS-26.ORGWhois Privacy Service
30tier_3bing.com58MarkMonitor, Inc.DNS1.P09.NSONE.NETMicrosoft Corporation
31tier_3theconnectvpn.com36DonDominio (SCIP)ARNOLD.NS.CLOUDFLARE.COMSoluciones Corporativas IP, c/o Whois Proxy
32tier_3bestappland.me31NoneNoneNone
33tier_3bestbody.s3.amazonaws.com16MarkMonitor, Inc.R1.AMAZONAWS.COMAmazon.com, Inc.
34tier_3storystudio.sfgate.com12CSC CORPORATE DOMAINS, INC.NS1.HEARSTNP.COMHearst Communications, Inc.
35tier_3frontgate.com5Network Solutions, LLCNS1.HSN.NETCornerstone Brands, Inc.
36tier_3ram21.proasdf.com4GoDaddy.com, LLCNS61.DOMAINCONTROL.COMDomains By Proxy, LLC
37tier_3reebok.com4CSC CORPORATE DOMAINS, INC.NS1.NETNAMES.NETReebok International, Ltd.
38tier_3chrismoneymaker.com4GoDaddy.com, LLCNS65.DOMAINCONTROL.COMAmaya Services Limited
39tier_3rd.bizrate.com2MarkMonitor, Inc.NS-1189.AWSDNS-20.ORGMeredith Corporation
40tier_3dollarshaveclub.com2GoDaddy.com, LLCNS-1465.AWSDNS-55.ORGDomains By Proxy, LLC
41tier_3toryburch.com2CSC CORPORATE DOMAINS, INC.DNS1.CSCDNS.NETRiver Light V, L.P.
42tier_3apple.com1CSC CORPORATE DOMAINS, INC.A.NS.APPLE.COMApple Inc.
43tier_3aristo-hag.com1Amazon Registrar, Inc.NS-1226.AWSDNS-25.ORGWhois Privacy Service
44tier_3us.norton.com1MarkMonitor Inc.PDNS1.ULTRADNS.NETNone
ipcityregionorgpostalcountry_nametiercounthostnameanycast
0207.244.67.215WashingtonWashington, D.C.AS30633 Leaseweb USA, Inc.20045United Statestier_128nannan
1207.244.67.218WashingtonWashington, D.C.AS30633 Leaseweb USA, Inc.20045United Statestier_125nannan
2207.244.67.216WashingtonWashington, D.C.AS30633 Leaseweb USA, Inc.20045United Statestier_125nannan
3207.244.67.214WashingtonWashington, D.C.AS30633 Leaseweb USA, Inc.20045United Statestier_116nannan
4104.243.45.178New York CityNew YorkAS23470 ReliableSite.Net LLC10004United Statestier_115nannan
5206.221.176.184NewarkNew JerseyAS23470 ReliableSite.Net LLC07175United Statestier_115nannan
6104.243.45.179New York CityNew YorkAS23470 ReliableSite.Net LLC10004United Statestier_112nannan
7104.243.45.190New York CityNew YorkAS23470 ReliableSite.Net LLC10004United Statestier_111nannan
8185.107.56.198RotterdamSouth HollandAS43350 NForce Entertainment B.V.3012Netherlandstier_14nannan
974.63.241.21DallasTexasAS46475 Limestone Networks, Inc.75270United Statestier_1321-241-63-74.static.reverse.lstn.netnan
10209.15.13.136TorontoOntarioAS13768 Aptum TechnologiesM5NCanadatier_2106nannan
11173.192.101.24DallasTexasAS36351 SoftLayer Technologies Inc.75270United Statestier_26618.65.c0ad.ip4.static.sl-reverse.comnan
12209.205.202.42New York CityNew YorkAS55081 24 SHELLS10004United Statestier_258static-42-202-205-209.24shells.netnan
13209.205.202.43New York CityNew YorkAS55081 24 SHELLS10004United Statestier_258static-43-202-205-209.24shells.netnan
1435.162.164.74BoardmanOregonAS16509 Amazon.com, Inc.97818United Statestier_258ec2-35-162-164-74.us-west-2.compute.amazonaws.comnan
15198.134.116.30New York CityNew YorkAS27257 Webair Internet Development Company Inc.10013United Statestier_246nannan
1634.207.32.33AshburnVirginiaAS14618 Amazon.com, Inc.20149United Statestier_236ec2-34-207-32-33.compute-1.amazonaws.comnan
17192.241.228.85San FranciscoCaliforniaAS14061 DigitalOcean, LLC94124United Statestier_233nannan
18104.21.41.235San FranciscoCaliforniaAS13335 Cloudflare, Inc.94107United Statestier_232nanTrue
1952.29.135.45Frankfurt am MainHesseAS16509 Amazon.com, Inc.60311Germanytier_231ec2-52-29-135-45.eu-central-1.compute.amazonaws.comnan
2054.210.170.165AshburnVirginiaAS14618 Amazon.com, Inc.20149United Statestier_230ec2-54-210-170-165.compute-1.amazonaws.comnan
2150.16.173.246AshburnVirginiaAS14618 Amazon.com, Inc.20149United Statestier_228ec2-50-16-173-246.compute-1.amazonaws.comnan
223.125.109.211Frankfurt am MainHesseAS16509 Amazon.com, Inc.60311Germanytier_227ec2-3-125-109-211.eu-central-1.compute.amazonaws.comnan
23192.241.229.243San FranciscoCaliforniaAS14061 DigitalOcean, LLC94124United Statestier_225nannan
24172.67.196.184San FranciscoCaliforniaAS13335 Cloudflare, Inc.94107United Statestier_224nanTrue
25192.138.218.207SeattleWashingtonAS14332 Connexity, Inc.98111United Statestier_32nannan
265.79.68.236AmsterdamNorth HollandAS60781 LeaseWeb Netherlands B.V.1012Netherlandstier_221nannan
2718.235.67.128AshburnVirginiaAS14618 Amazon.com, Inc.20149United Statestier_31ec2-18-235-67-128.compute-1.amazonaws.comnan
28100.37.135.2New York CityNew YorkAS701 MCI Communications Services, Inc. d/b/a Verizon Business10004United Statestier_218pool-100-37-135-2.nycmny.fios.verizon.netnan
2952.205.177.114AshburnVirginiaAS14618 Amazon.com, Inc.20149United Statestier_217ec2-52-205-177-114.compute-1.amazonaws.comnan
30204.79.197.200RedmondWashingtonAS8068 Microsoft Corporation98052United Statestier_348a-0001.a-msedge.netTrue
31142.93.4.215North BergenNew JerseyAS14061 DigitalOcean, LLC07047United Statestier_331nannan
32172.67.181.234San FranciscoCaliforniaAS13335 Cloudflare, Inc.94107United Statestier_321nanTrue
33104.21.91.236San FranciscoCaliforniaAS13335 Cloudflare, Inc.94107United Statestier_315nanTrue
3498.129.228.57DallasTexasAS33070 Rackspace Hosting75270United Statestier_312nannan
3513.107.21.200RedmondWashingtonAS8068 Microsoft Corporation98052United Statestier_310nanTrue
36184.87.71.113NewarkNew JerseyAS16625 Akamai Technologies, Inc.07175United Statestier_35a184-87-71-113.deploy.static.akamaitechnologies.comnan
37162.243.10.151New York CityNew YorkAS14061 DigitalOcean, LLC10011United Statestier_34nannan
3892.205.4.117StrasbourgGrand EstAS21499 Host Europe GmbH67000Francetier_34ip-92-205-4-117.ip.secureserver.netnan
39192.138.218.207SeattleWashingtonAS14332 Connexity, Inc.98111United Statestier_32nannan
40151.101.1.9San FranciscoCaliforniaAS54113 Fastly94107United Statestier_32nanTrue
4123.201.27.178NewarkNew JerseyAS16625 Akamai Technologies, Inc.07175United Statestier_32a23-201-27-178.deploy.static.akamaitechnologies.comnan
4223.44.210.223EdisonNew JerseyAS16625 Akamai Technologies, Inc.08817United Statestier_31a23-44-210-223.deploy.static.akamaitechnologies.comnan
4352.216.89.108AshburnVirginiaAS16509 Amazon.com, Inc.20149United Statestier_31s3-1-w.amazonaws.comnan
4452.216.24.228AshburnVirginiaAS16509 Amazon.com, Inc.20149United Statestier_31s3-1-w.amazonaws.comnan
4523.43.253.169NewarkNew JerseyAS16625 Akamai Technologies, Inc.07175United Statestier_31a23-43-253-169.deploy.static.akamaitechnologies.comnan
4652.216.153.148AshburnVirginiaAS16509 Amazon.com, Inc.20149United Statestier_31s3-1-w.amazonaws.comnan
4752.216.82.136AshburnVirginiaAS16509 Amazon.com, Inc.20149United Statestier_31s3-1-w.amazonaws.comnan
4852.216.132.171AshburnVirginiaAS16509 Amazon.com, Inc.20149United Statestier_31s3-1-w.amazonaws.comnan
4952.217.193.113AshburnVirginiaAS16509 Amazon.com, Inc.20149United Statestier_31s3-1-w.amazonaws.comnan
5052.216.84.187AshburnVirginiaAS16509 Amazon.com, Inc.20149United Statestier_31s3-1-w.amazonaws.comnan
5123.38.170.41NewarkNew JerseyAS20940 Akamai International B.V.07175United Statestier_31a23-38-170-41.deploy.static.akamaitechnologies.comnan
5252.216.89.164AshburnVirginiaAS16509 Amazon.com, Inc.20149United Statestier_31s3-1-w.amazonaws.comnan
5318.235.67.128AshburnVirginiaAS14618 Amazon.com, Inc.20149United Statestier_31ec2-18-235-67-128.compute-1.amazonaws.comnan
5452.216.129.187AshburnVirginiaAS16509 Amazon.com, Inc.20149United Statestier_31s3-1-w.amazonaws.comnan
5552.216.133.139AshburnVirginiaAS16509 Amazon.com, Inc.20149United Statestier_31s3-1-w.amazonaws.comnan
5652.217.13.124AshburnVirginiaAS16509 Amazon.com, Inc.20149United Statestier_31s3-1-w.amazonaws.comnan
5723.40.23.148PhiladelphiaPennsylvaniaAS16625 Akamai Technologies, Inc.19099United Statestier_31a23-40-23-148.deploy.static.akamaitechnologies.comnan
5823.41.188.165NewarkNew JerseyAS16625 Akamai Technologies, Inc.07175United Statestier_31a23-41-188-165.deploy.static.akamaitechnologies.comnan
5952.217.128.217AshburnVirginiaAS16509 Amazon.com, Inc.20149United Statestier_31s3-1-w.amazonaws.comnan

Aggregated redirection graph of domains located on current IP address.

  • The redirection flows from left to right
  • Leftmost domains are initial domains hosted on current IP
  • Rightmost domains are final landing domains we were able to crawl

Screenshot of high-occurrence final landing domains

Have other ideas? / Want to subscribe to get threat intelligence report? / Contact

Zhouhan Chen, NYU Center for Data Science, zc1245@nyu.edu, Personal Website