Daily Threat Intelligence Report

This report contains following information. All tables and graphs are auto-generated.

  1. Overall statistics
    1. Number of domains detected
    2. Number of domains detected by Google Safe Browsing
    3. IP address behind entry-level domains
    4. date of collection
  2. Top 10 domain statistics
    1. count (number of redirection paths that contain this domain)
    2. tier (1 is entry-level domain, 2 is intermediate hop, 3 is final landing domain)
    3. registar
    4. organization
  3. Top 10 IP statistics
    1. count
    2. location (city, country, region)
    3. hostname
    4. organization
  4. Consolidated redirection path
    1. green: tier one domain
    2. yellow: tier two domain
    3. red: tier three domain

Content Warning: The following domain names and screenshots contain material that may be harmful or traumatizing to some audiences.

num_domain num_links num_full_url num_safebrowsing_malicious num_vt_malicious date ip user_agent
0 181 179 967 0 19 2021-09-10 37.48.65.149 Iphone
tier domain count registrar name_servers org
0 tier_1 freeielts.net 1 GoDaddy.com, LLC NS1.COMMONMX.COM None
1 tier_1 kptu.org 1 UDomainName.com LLC NS1.COMMONMX.COM Statutory Masking Enabled
2 tier_1 ekovehicle.com 1 SNAPNAMES 91, LLC NS1.COMMONMX.COM Statutory Masking Enabled
3 tier_1 oilhp.com 1 Domainsoftheworld.net LLC NS1.COMMONMX.COM None
4 tier_1 editimage.org 1 None None None
5 tier_1 alibaba-clone.com 1 TUCOWS, INC. NS1.COMMONMX.COM Contact Privacy Inc. Customer 0160715831
6 tier_1 bitlockerutility.net 1 Ripcord Domains, LLC NS1.COMMONMX.COM None
7 tier_1 hepl.me 1 GoDaddy.com, LLC None None
8 tier_1 dialadriver.ph 1 None None None
9 tier_1 follio.me 1 Communigal Communications Ltd. None None
10 tier_2 btpnative.com 59 1API GmbH NS1.DNSIMPLE.COM Registrant of btpnative.com
11 tier_2 mybetterdl.com 59 NAMECHEAP INC NS0.DNSMADEEASY.COM Redacted for Privacy Purposes
12 tier_2 p274639.mybetterdl.com 59 NAMECHEAP INC NS0.DNSMADEEASY.COM Redacted for Privacy Purposes
13 tier_2 changeslots.com 58 Instra Corporation Pty Ltd. CLEO.NS.CLOUDFLARE.COM REDACTED FOR PRIVACY
14 tier_2 api.apptap.com 57 Amazon Registrar, Inc. NS-1256.AWSDNS-29.ORG Whois Privacy Service
15 tier_2 api.mplayit.com 57 Amazon Registrar, Inc. NS-1236.AWSDNS-26.ORG Whois Privacy Service
16 tier_2 redirect.viglink.com 57 Amazon Registrar, Inc. NS1.VIGLINK.COM Whois Privacy Service
17 tier_2 link.sylikes.com 57 MarkMonitor, Inc. NS-1063.AWSDNS-04.ORG Connexity, Inc.
18 tier_2 api.quotes.com 56 Internet Domain Service BS Corp. NS-CANADA.TOPDNS.COM Whois Privacy Corp.
19 tier_2 rd.bizrate.com 43 None None None
20 tier_2 rd.connexity.net 39 None None None
21 tier_2 rd.connexity.net_LOOP_1 30 None None None
22 tier_2 petcareclub.com 29 Rebel.com PDNS11.DOMAINCONTROL.COM Privacy Hero Inc.
23 tier_2 bostonproper.com 7 Amazon Registrar, Inc. NS-117.AWSDNS-14.COM Whois Privacy Service
24 tier_2 c.clickprotects.com 4 GoDaddy.com, LLC NS63.DOMAINCONTROL.COM Domains By Proxy, LLC
25 tier_2 11165151.addotnet.com 4 GoDaddy.com, LLC NS75.DOMAINCONTROL.COM Domains By Proxy, LLC
26 tier_2 geo.itunes.apple.com 4 CSC CORPORATE DOMAINS, INC. A.NS.APPLE.COM Apple Inc.
27 tier_2 itunes.apple.com 4 CSC CORPORATE DOMAINS, INC. A.NS.APPLE.COM Apple Inc.
28 tier_2 ww2.affinity.net 3 DOMAINPEOPLE, INC. NS-1183.AWSDNS-19.ORG WhoisProtector Inc.
29 tier_2 cj.dotomi.com 3 GoDaddy.com, LLC ASIA9.AKAM.NET Conversant LLC
30 tier_3 theconnectvpn.com 58 DonDominio (SCIP) ARNOLD.NS.CLOUDFLARE.COM Soluciones Corporativas IP, c/o Whois Proxy
31 tier_3 petcareclub.com_LOOP_1 29 None None None
32 tier_3 rd.bizrate.com 14 MarkMonitor, Inc. NS-1189.AWSDNS-20.ORG Meredith Corporation
33 tier_3 bostonproper.com_LOOP_1 7 None None None
34 tier_3 petcareclub.com 4 Rebel.com PDNS11.DOMAINCONTROL.COM Privacy Hero Inc.
35 tier_3 music.apple.com 4 CSC CORPORATE DOMAINS, INC. A.NS.APPLE.COM Apple Inc.
36 tier_3 godaddy.com 2 GoDaddy.com, LLC A1-245.AKAM.NET Go Daddy Operating Company, LLC
37 tier_3 captcha-app.com 2 DANESCO TRADING LTD AIDEN.NS.CLOUDFLARE.COM DANESCO TRADING LTD.
38 tier_3 ww1.netfiex.com 1 Media Elite Holdings Limited NS1.DNSNUTS.COM Fundacion Privacy Services LTD
39 tier_3 replacements.com 1 Network Solutions, LLC JEREMY.NS.CLOUDFLARE.COM REPLACEMENTS, LTD
40 tier_3 brownells.com_LOOP_2 1 None None None
41 tier_3 theory.com 1 CSC CORPORATE DOMAINS, INC. NS0.DNSMADEEASY.COM Theory LLC
42 tier_3 myfood.ltd 1 None None None
43 tier_3 citypass.com_LOOP_1 1 None None None
44 tier_3 booking.com 1 MarkMonitor, Inc. NS0.BKNGS.COM Booking.com B.V.
45 tier_3 avenue.com 1 CSC CORPORATE DOMAINS, INC. PDNS81.ULTRADNS.BIZ Avenue Online LLC
46 tier_3 shopnsave.world 1 None None None
ip city region org postal country_name tier count hostname anycast
0 162.210.196.166 Washington Washington, D.C. AS30633 Leaseweb USA, Inc. 20045 United States tier_1 14 nan nan
1 199.115.115.119 Washington Washington, D.C. AS30633 Leaseweb USA, Inc. 20045 United States tier_1 13 nan nan
2 207.244.67.216 Washington Washington, D.C. AS30633 Leaseweb USA, Inc. 20045 United States tier_1 12 nan nan
3 162.210.196.168 Washington Washington, D.C. AS30633 Leaseweb USA, Inc. 20045 United States tier_1 11 nan nan
4 162.210.196.167 Washington Washington, D.C. AS30633 Leaseweb USA, Inc. 20045 United States tier_1 11 nan nan
5 207.244.67.218 Washington Washington, D.C. AS30633 Leaseweb USA, Inc. 20045 United States tier_1 10 nan nan
6 199.115.116.216 Washington Washington, D.C. AS30633 Leaseweb USA, Inc. 20045 United States tier_1 10 nan nan
7 199.115.115.102 Washington Washington, D.C. AS30633 Leaseweb USA, Inc. 20045 United States tier_1 8 nan nan
8 199.115.115.118 Washington Washington, D.C. AS30633 Leaseweb USA, Inc. 20045 United States tier_1 6 nan nan
9 207.244.67.214 Washington Washington, D.C. AS30633 Leaseweb USA, Inc. 20045 United States tier_1 6 nan nan
10 173.192.101.24 Dallas Texas AS36351 SoftLayer Technologies Inc. 75270 United States tier_2 118 18.65.c0ad.ip4.static.sl-reverse.com nan
11 192.138.218.207 Seattle Washington AS14332 Connexity, Inc. 98111 United States tier_3 14 rd.bizrate.com nan
12 209.15.13.136 Toronto Ontario AS13768 Aptum Technologies M5N Canada tier_2 60 nan nan
13 18.204.186.203 Ashburn Virginia AS14618 Amazon.com, Inc. 20149 United States tier_2 58 ec2-18-204-186-203.compute-1.amazonaws.com nan
14 5.79.68.236 Amsterdam North Holland AS60781 LeaseWeb Netherlands B.V. 1012 Netherlands tier_2 56 nan nan
15 3.94.243.95 Ashburn Virginia AS14618 Amazon.com, Inc. 20149 United States tier_2 47 ec2-3-94-243-95.compute-1.amazonaws.com nan
16 192.138.218.139 Seattle Washington AS14332 Connexity, Inc. 98111 United States tier_2 39 rd.connexity.net nan
17 3.227.76.128 Ashburn Virginia AS14618 Amazon.com, Inc. 20149 United States tier_2 38 ec2-3-227-76-128.compute-1.amazonaws.com nan
18 3.223.13.191 Ashburn Virginia AS14618 Amazon.com, Inc. 20149 United States tier_2 33 ec2-3-223-13-191.compute-1.amazonaws.com nan
19 100.37.135.2 New York City New York AS701 MCI Communications Services, Inc. d/b/a Verizon Business 10004 United States tier_3 42 pool-100-37-135-2.nycmny.fios.verizon.net nan
20 44.196.82.117 Ashburn Virginia AS14618 Amazon.com, Inc. 20149 United States tier_2 29 ec2-44-196-82-117.compute-1.amazonaws.com nan
21 192.124.249.108 Menifee California AS30148 Sucuri 92584 United States tier_3 4 cloudproxy10108.sucuri.net True
22 34.195.100.186 Ashburn Virginia AS14618 Amazon.com, Inc. 20149 United States tier_2 24 ec2-34-195-100-186.compute-1.amazonaws.com nan
23 159.127.43.26 Washington Washington, D.C. AS25751 Conversant, Inc. 20045 United States tier_2 9 nan nan
24 209.132.243.15 Los Angeles California AS7296 Alchemy Communications, Inc. 90009 United States tier_2 8 nan nan
25 23.14.153.3 New York City New York AS16625 Akamai Technologies, Inc. 10004 United States tier_2 4 a23-14-153-3.deploy.static.akamaitechnologies.com nan
26 23.60.0.23 Piscataway New Jersey AS16625 Akamai Technologies, Inc. 08854 United States tier_2 4 a23-60-0-23.deploy.static.akamaitechnologies.com nan
27 52.85.61.71 Newark New Jersey AS16509 Amazon.com, Inc. 07175 United States tier_2 3 server-52-85-61-71.ewr53.r.cloudfront.net nan
28 52.85.61.40 Newark New Jersey AS16509 Amazon.com, Inc. 07175 United States tier_2 3 server-52-85-61-40.ewr53.r.cloudfront.net nan
29 216.139.248.127 Austin Texas AS32400 Hostway Services, Inc. 78701 United States tier_2 3 216-139-248-127.aus.us.siteprotect.com nan
30 100.37.135.2 New York City New York AS701 MCI Communications Services, Inc. d/b/a Verizon Business 10004 United States tier_3 42 pool-100-37-135-2.nycmny.fios.verizon.net nan
31 172.67.181.234 San Francisco California AS13335 Cloudflare, Inc. 94107 United States tier_3 35 nan True
32 104.21.91.236 San Francisco California AS13335 Cloudflare, Inc. 94107 United States tier_3 23 nan True
33 192.138.218.207 Seattle Washington AS14332 Connexity, Inc. 98111 United States tier_3 14 rd.bizrate.com nan
34 192.124.249.108 Menifee California AS30148 Sucuri 92584 United States tier_3 4 cloudproxy10108.sucuri.net True
35 104.67.4.19 New York City New York AS16625 Akamai Technologies, Inc. 10004 United States tier_3 2 a104-67-4-19.deploy.static.akamaitechnologies.com nan
36 172.67.193.170 San Francisco California AS13335 Cloudflare, Inc. 94107 United States tier_3 2 nan True
37 199.59.242.153 New York City New York AS395082 Bodis, LLC 10004 United States tier_3 1 nan nan
38 104.18.116.150 San Francisco California AS13335 Cloudflare, Inc. 94107 United States tier_3 1 nan True
39 23.73.244.103 Edison New Jersey AS16625 Akamai Technologies, Inc. 08817 United States tier_3 1 a23-73-244-103.deploy.static.akamaitechnologies.com nan
40 94.31.29.128 London England AS12989 StackPath LLC EC1A United Kingdom tier_3 1 94.31.29.128.ipyx-077437-zyo.above.net True
41 185.28.222.11 Washington Washington, D.C. AS43996 Booking.com BV 20045 United States tier_3 1 nan nan
42 104.22.18.169 San Francisco California AS13335 Cloudflare, Inc. 94107 United States tier_3 1 nan True
43 67.227.241.125 Lansing Michigan AS32244 Liquid Web, L.L.C 48901 United States tier_3 1 host.encontext.com nan

Aggregated redirection graph of domains located on current IP address.

  • The redirection flows from left to right
  • Leftmost domains are initial domains hosted on current IP
  • Rightmost domains are final landing domains we were able to crawl

Screenshot of high-occurrence final landing domains

Have other ideas? / Want to subscribe to get threat intelligence report? / Contact

Zhouhan Chen, NYU Center for Data Science, zc1245@nyu.edu, Personal Website