Daily Threat Intelligence Report

This report contains following information

  1. Overall statistics
    1. Number of domains detected
    2. Number of domains detected by Google Safe Browsing
    3. IP address behind entry-level domains
    4. date of collection
  2. Top 10 domain statistics
    1. count (number of redirection paths that contain this domain)
    2. tier (1 is entry-level domain, 2 is intermediate hop, 3 is final landing domain)
    3. registar
    4. organization
  3. Top 10 IP statistics
    1. count
    2. location (city, country, region)
    3. hostname
    4. organization
  4. Consolidated redirection path
    1. green: tier one domain
    2. yellow: tier two domain
    3. red: tier three domain
num_domainnum_linksnum_full_urlnum_safebrowsing_maliciousnum_vt_maliciousdateipuser_agent
026126411340252021-04-1937.48.65.149Android
tierdomaincountregistrarname_serversorg
0tier_1moniker.name1NoneNoneNone
1tier_1arrecharge.in1Dynadot LLCns1.commonmx.comNone
2tier_1phimm.net1GoDaddy.com, LLCNS1.COMMONMX.COMNone
3tier_1bomber22.net1GoDaddy.com, LLCNS1.COMMONMX.COMNone
4tier_1anhdep.pro1DYNADOT LLCNS1.COMMONMX.COMNone
5tier_1nijigenmarket.net1SNAPNAMES 67, LLCNS1.COMMONMX.COMNone
6tier_1mymp3song.net1GoDaddy.com, LLCNS1.COMMONMX.COMNone
7tier_1dapool.me1Dynadot, LLCNoneNone
8tier_1flinzo.com1DYNADOT5 LLCNS1.COMMONMX.COMNone
9tier_1boost.asia1Dynadot, LLCNS1.COMMONMX.COMNone
10tier_2aristo-hag.com124Amazon Registrar, Inc.NS-1226.AWSDNS-25.ORGWhois Privacy Service
11tier_2btpnav.com1071API GmbHNS1.DNSIMPLE.COMRegistrant of btpnav.com
12tier_2nizephoros-pom.com32Amazon Registrar, Inc.NS-1192.AWSDNS-21.ORGWhois Privacy Service
13tier_2get.popplunder.com32NAMECHEAP INCDNS1.REGISTRAR-SERVERS.COMPrivacy service provided by Withheld for Privacy ehf
14tier_2trustedpush.com32NAMECHEAP INCNS-1142.AWSDNS-14.ORGPrivacy service provided by Withheld for Privacy ehf
15tier_2win1.trustedpush.com31NAMECHEAP INCNS-1142.AWSDNS-14.ORGPrivacy service provided by Withheld for Privacy ehf
16tier_2win2.trustedpush.com28NAMECHEAP INCNS-1142.AWSDNS-14.ORGPrivacy service provided by Withheld for Privacy ehf
17tier_2trackyourmpg.com28GoDaddy Online Services Cayman Islands LTDHUGH.NS.CLOUDFLARE.COMNone
18tier_2ads35.adtelligent.com27DANESCO TRADING LTDNS.ANYCASTNS1.ORGVertamedia,LLC
19tier_2dsp35.adtelligent.com27DANESCO TRADING LTDNS.ANYCASTNS1.ORGVertamedia,LLC
20tier_2aibm1.mysearch.space27NoneNoneNone
21tier_2externals-1953518744.us-east-1.elb.amazonaws.com27MarkMonitor, Inc.R1.AMAZONAWS.COMAmazon.com, Inc.
22tier_2search.snjsearch.com27GoDaddy.com, LLCNS73.DOMAINCONTROL.COMDomains By Proxy, LLC
23tier_2search-checker.com27Name.com, Inc.BETH.NS.CLOUDFLARE.COMDomain Protection Services, Inc.
24tier_2m.onlineweb.mobi27GoDaddy.com, LLCNoneNone
25tier_2win3.trustedpush.com21NAMECHEAP INCNS-1142.AWSDNS-14.ORGPrivacy service provided by Withheld for Privacy ehf
26tier_2btpnative.com151API GmbHNS1.DNSIMPLE.COMRegistrant of btpnative.com
27tier_2infopicked.com14NAMECHEAP INCNS0.DNSMADEEASY.COMPrivacy service provided by Withheld for Privacy ehf
28tier_263086.click.validclick.net9Safenames LtdNS1.FULLMAILBOX.COMNone
29tier_2click.expmediadirect.com9NAMECHEAP INCNS1.LINODE.COMPrivacy service provided by Withheld for Privacy ehf
30tier_3irl.com38GoDaddy.com, LLCNS-106.AWSDNS-13.COMDomains By Proxy, LLC
31tier_3bing.com27MarkMonitor, Inc.DNS1.P09.NSONE.NETMicrosoft Corporation
32tier_3storystudio.sfgate.com21CSC CORPORATE DOMAINS, INC.NS1.HEARSTNP.COMHearst Communications, Inc.
33tier_3m.gladplacespin.xyz15Epik LLCMARJORY.NS.CLOUDFLARE.COMAnonymize, Inc.
34tier_3win4.trustedpush.com13NAMECHEAP INCNS-1142.AWSDNS-14.ORGPrivacy service provided by Withheld for Privacy ehf
35tier_3m.placesiteb.xyz12Sav.comLLCHUGH.NS.CLOUDFLARE.COMPrivacy Protection
36tier_3win3.trustedpush.com7NAMECHEAP INCNS-1142.AWSDNS-14.ORGPrivacy service provided by Withheld for Privacy ehf
37tier_3win5.trustedpush.com7NAMECHEAP INCNS-1142.AWSDNS-14.ORGPrivacy service provided by Withheld for Privacy ehf
38tier_3moneyfinancegold.com4NameCheap, Inc.ANNA.NS.CLOUDFLARE.COMNone
39tier_3ram21.proasdf.com4GoDaddy.com, LLCNS61.DOMAINCONTROL.COMDomains By Proxy, LLC
40tier_3a.dollarsurvey365.online3URL Solutions Inc.CRYSTAL.NS.CLOUDFLARE.COMNone
41tier_3win2.trustedpush.com3NoneNoneNone
42tier_3mergerinvesting.com3NoneNoneNone
43tier_3shopnsave.world_LOOP_13NoneNoneNone
44tier_3b.playspind.xyz2Sav.comLLCHUGH.NS.CLOUDFLARE.COMPrivacy Protection
45tier_3thelastpicture.show_LOOP_12NoneNoneNone
46tier_3filter.onwardclick.com2NameCheap, Inc.NS1.ENCONTEXT.COMNone
47tier_3chrismoneymaker.com2GoDaddy.com, LLCNS65.DOMAINCONTROL.COMAmaya Services Limited
48tier_3grandinroad.com_LOOP_11NoneNoneNone
49tier_3btpnav.com11API GmbHNS1.DNSIMPLE.COMRegistrant of btpnav.com
50tier_3go.etoro.com1DomainTheNet.comEUR5.AKAM.NET******
51tier_3wayfair.com1MarkMonitor, Inc.A1-100.AKAM.NETWayfair, LLC
52tier_3ads.midwayusa.com1GoDaddy.com, LLCNS-1486.AWSDNS-57.ORGMidwayUSA
53tier_3catherines.com1CSC CORPORATE DOMAINS, INC.PDNS1.ULTRADNS.NETFullBeauty Brands Operations, LLC
54tier_3opticsplanet.com1GoDaddy.com, LLCNS1.ECENTRIA.COMECENTRIA IPH, LLC
55tier_3beyourxfriend.com1GoDaddy.com, LLCNS0.DNSMADEEASY.COMNone
56tier_3win6.trustedpush.com1NoneNoneNone
57tier_3rpa21.proasdf.com1GoDaddy.com, LLCNS61.DOMAINCONTROL.COMDomains By Proxy, LLC
58tier_3m.fastmapc.xyz1Sav.comLLCHUGH.NS.CLOUDFLARE.COMPrivacy Protection
59tier_3equinoxadvertising.com_LOOP_11NoneNoneNone
ipcityregionorgpostalcountry_nametiercounthostnameanycast
0207.244.67.214WashingtonWashington, D.C.AS30633 Leaseweb USA, Inc.20045United Statestier_135nannan
1207.244.67.216WashingtonWashington, D.C.AS30633 Leaseweb USA, Inc.20045United Statestier_128nannan
2207.244.67.218WashingtonWashington, D.C.AS30633 Leaseweb USA, Inc.20045United Statestier_120nannan
3207.244.67.215WashingtonWashington, D.C.AS30633 Leaseweb USA, Inc.20045United Statestier_119nannan
4206.221.176.184New York CityNew YorkAS23470 ReliableSite.Net LLC10004United Statestier_112nannan
5104.243.45.179New York CityNew YorkAS23470 ReliableSite.Net LLC10004United Statestier_111nannan
6104.243.45.178New York CityNew YorkAS23470 ReliableSite.Net LLC10004United Statestier_18nannan
782.192.82.225AmsterdamNorth HollandAS60781 LeaseWeb Netherlands B.V.1012Netherlandstier_17nannan
837.48.65.150AmsterdamNorth HollandAS60781 LeaseWeb Netherlands B.V.1012Netherlandstier_15nannan
9185.107.56.199RotterdamSouth HollandAS43350 NForce Entertainment B.V.3012Netherlandstier_13nannan
10209.15.13.136TorontoOntarioAS13768 Aptum TechnologiesM5NCanadatier_31nannan
1154.208.107.202AshburnVirginiaAS14618 Amazon.com, Inc.20149United Statestier_251ec2-54-208-107-202.compute-1.amazonaws.comnan
1299.84.114.98NewarkNew JerseyAS16509 Amazon.com, Inc.07175United Statestier_35server-99-84-114-98.ewr52.r.cloudfront.netnan
1352.72.29.7AshburnVirginiaAS14618 Amazon.com, Inc.20149United Statestier_236ec2-52-72-29-7.compute-1.amazonaws.comnan
1418.235.67.128AshburnVirginiaAS14618 Amazon.com, Inc.20149United Statestier_235ec2-18-235-67-128.compute-1.amazonaws.comnan
1534.197.176.2AshburnVirginiaAS14618 Amazon.com, Inc.20149United Statestier_234ec2-34-197-176-2.compute-1.amazonaws.comnan
1634.199.180.187AshburnVirginiaAS14618 Amazon.com, Inc.20149United Statestier_232ec2-34-199-180-187.compute-1.amazonaws.comnan
1799.84.114.90NewarkNew JerseyAS16509 Amazon.com, Inc.07175United Statestier_34server-99-84-114-90.ewr52.r.cloudfront.netnan
1899.84.114.87NewarkNew JerseyAS16509 Amazon.com, Inc.07175United Statestier_35server-99-84-114-87.ewr52.r.cloudfront.netnan
19104.18.25.3San FranciscoCaliforniaAS13335 Cloudflare, Inc.94107United Statestier_228nanTrue
20209.205.202.42New York CityNew YorkAS55081 24 SHELLS10004United Statestier_227static-42-202-205-209.24shells.netnan
21209.205.202.43New York CityNew YorkAS55081 24 SHELLS10004United Statestier_227static-43-202-205-209.24shells.netnan
2235.162.164.74BoardmanOregonAS16509 Amazon.com, Inc.97818United Statestier_227ec2-35-162-164-74.us-west-2.compute.amazonaws.comnan
2399.84.114.35NewarkNew JerseyAS16509 Amazon.com, Inc.07175United Statestier_33server-99-84-114-35.ewr52.r.cloudfront.netnan
24104.21.41.235San FranciscoCaliforniaAS13335 Cloudflare, Inc.94107United Statestier_222nanTrue
25204.44.79.214Los AngelesCaliforniaAS8100 QuadraNet Enterprises LLC90014United Statestier_221204.44.79.214.static.quadranet.comnan
2650.16.173.246AshburnVirginiaAS14618 Amazon.com, Inc.20149United Statestier_217ec2-50-16-173-246.compute-1.amazonaws.comnan
27192.241.229.243San FranciscoCaliforniaAS14061 DigitalOcean, LLC94124United Statestier_216nannan
28173.192.101.24DallasTexasAS36351 SoftLayer Technologies Inc.75270United Statestier_21518.65.c0ad.ip4.static.sl-reverse.comnan
2952.29.135.45Frankfurt am MainHesseAS16509 Amazon.com, Inc.60311Germanytier_214ec2-52-29-135-45.eu-central-1.compute.amazonaws.comnan
30100.37.135.2New York CityNew YorkAS701 MCI Communications Services, Inc. d/b/a Verizon Business10004United Statestier_322pool-100-37-135-2.nycmny.fios.verizon.netnan
31151.101.0.200San FranciscoCaliforniaAS54113 Fastly94107United Statestier_321nanTrue
32104.18.80.149San FranciscoCaliforniaAS13335 Cloudflare, Inc.94107United Statestier_317nanTrue
33204.79.197.200RedmondWashingtonAS8068 Microsoft Corporation98052United Statestier_315a-0001.a-msedge.netTrue
3413.107.21.200RedmondWashingtonAS8068 Microsoft Corporation98052United Statestier_312nanTrue
35104.18.81.149San FranciscoCaliforniaAS13335 Cloudflare, Inc.94107United Statestier_38nanTrue
36167.172.139.120North BergenNew JerseyAS14061 DigitalOcean, LLC07047United Statestier_37nannan
3752.203.36.44AshburnVirginiaAS14618 Amazon.com, Inc.20149United Statestier_37ec2-52-203-36-44.compute-1.amazonaws.comnan
3852.73.153.209AshburnVirginiaAS14618 Amazon.com, Inc.20149United Statestier_36ec2-52-73-153-209.compute-1.amazonaws.comnan
3999.84.114.87NewarkNew JerseyAS16509 Amazon.com, Inc.07175United Statestier_35server-99-84-114-87.ewr52.r.cloudfront.netnan
40162.243.10.151New York CityNew YorkAS14061 DigitalOcean, LLC10011United Statestier_35nannan
4199.84.114.98NewarkNew JerseyAS16509 Amazon.com, Inc.07175United Statestier_35server-99-84-114-98.ewr52.r.cloudfront.netnan
4252.73.87.228AshburnVirginiaAS14618 Amazon.com, Inc.20149United Statestier_35ec2-52-73-87-228.compute-1.amazonaws.comnan
43104.18.79.149San FranciscoCaliforniaAS13335 Cloudflare, Inc.94107United Statestier_35nanTrue
4499.84.114.90NewarkNew JerseyAS16509 Amazon.com, Inc.07175United Statestier_34server-99-84-114-90.ewr52.r.cloudfront.netnan
45104.21.95.173San FranciscoCaliforniaAS13335 Cloudflare, Inc.94107United Statestier_33nanTrue
4654.205.240.192AshburnVirginiaAS14618 Amazon.com, Inc.20149United Statestier_33ec2-54-205-240-192.compute-1.amazonaws.comnan
4745.55.189.248CliftonNew JerseyAS14061 DigitalOcean, LLC07014United Statestier_33nannan
4899.84.114.35NewarkNew JerseyAS16509 Amazon.com, Inc.07175United Statestier_33server-99-84-114-35.ewr52.r.cloudfront.netnan
49104.26.15.226San FranciscoCaliforniaAS13335 Cloudflare, Inc.94107United Statestier_32nanTrue
50167.172.136.193North BergenNew JerseyAS14061 DigitalOcean, LLC07047United Statestier_32nannan
5167.207.80.24North BergenNew JerseyAS14061 DigitalOcean, LLC07047United Statestier_32nannan
52157.245.242.152North BergenNew JerseyAS14061 DigitalOcean, LLC07047United Statestier_32nannan
53173.239.53.32New York CityNew YorkAS27257 Webair Internet Development Company Inc.10004United Statestier_32nannan
54157.245.84.7North BergenNew JerseyAS14061 DigitalOcean, LLC07047United Statestier_32nannan
5592.205.4.117StrasbourgGrand EstAS21499 Host Europe GmbH67000Francetier_32ip-92-205-4-117.ip.secureserver.netnan
5664.227.12.111North BergenNew JerseyAS14061 DigitalOcean, LLC07047United Statestier_32nannan
57172.67.72.49San FranciscoCaliforniaAS13335 Cloudflare, Inc.94107United Statestier_31nanTrue
58209.15.13.136TorontoOntarioAS13768 Aptum TechnologiesM5NCanadatier_31nannan
5923.44.218.84NewarkNew JerseyAS16625 Akamai Technologies, Inc.07175United Statestier_31a23-44-218-84.deploy.static.akamaitechnologies.comnan

Aggregated redirection graph of domains located on current IP address.

  • The redirection flows from left to right
  • Leftmost domains are initial domains hosted on current IP
  • Rightmost domains are final landing domains we were able to crawl

Screenshot of high-occurrence final landing domains

Have other ideas? / Want to subscribe to get threat intelligence report? / Contact

Zhouhan Chen, NYU Center for Data Science, zc1245@nyu.edu, Personal Website