iQ Risk Alert Reports

Across Multiple TLDs: No

Pattern: The domain names follow a consistent pattern of "pokerdom-casino-" followed by a 2-3 letter/number combination. This pattern suggests a bulk registration of domains related to the "Pokerdom Casino" brand. The use of various suffixes could indicate an attempt to create multiple entry points for a gambling-related website or potentially for phishing purposes.

Sample Domains:

pokerdom-casino-dap
pokerdom-casino-bop
pokerdom-casino-wep
pokerdom-casino-hup
pokerdom-casino-gep
pokerdom-casino-pik
pokerdom-casino-yep
pokerdom-casino-pih
pokerdom-casino-bof
pokerdom-casino-tof
pokerdom-casino-wek
pokerdom-casino-toh
pokerdom-casino-rusf
pokerdom-casino-boo
pokerdom-casino-hug
pokerdom-casino-wed
pokerdom-casino-rusd
pokerdom-casino-piv
pokerdom-casino-wes
pokerdom-casino-piz

‍

Note: This list is a snippet of a larger dataset and not exhaustive.

About this Data: This report was generated using advanced algorithms and techniques to identify patterns and anomalies indicative of malicious activity. While this data has been carefully analysed, it is possible that some domains may be false positives. For more info, visit https://iq.global/iq-risk-score

Across Multiple TLDs: Yes (7)

Pattern: The pattern consists of 6-digit numbers (occasionally 5 or 7 digits) used as domain names. These numeric domains are registered across multiple TLD. The  volume of similar numeric domains suggests a coordinated, automated registration effort, which is often associated with potentially malicious activities. Registering the same numeric patterns across various top-level domains could be an attempt to create redundancy or evade blocking/filtering measures

Sample Domains:

684858
684867
684148
684589
684971
688658
693718
683599
683867
743558
665858
479858
657808
481858
686868
486858
684361
788428
479708
688438

‍

Note: This list is a snippet of a larger dataset and not exhaustive.

About this Data: This report was generated using advanced algorithms and techniques to identify patterns and anomalies indicative of malicious activity. While this data has been carefully analysed, it is possible that some domains may be false positives. For more info, visit https://iq.global/iq-risk-score

Across Multiple TLDs: No

Pattern: Once again we're seeing usage of multiple casino brand names. The pattern consists of various online casino brand names (e.g., "vavada", "lev", "leonbets", "kent", "gama", "eldorado", "champion", "r7", "pokerdom", "jozz") followed by "-casino-" and a three-letter combination. Some variations include numbers or slightly different formats.

Sample Domains:

vavada-casino-vnj

vavada-casino-oxd

lev-casino-rph

lev-casino-jiz

leonbets-casino-y5o4

kent-casino-rtr

gama-casino-vpa

gama-casino-sqs

eldorado-casino-doz

champion-casino-lyh

r7-casino-zis

pokerdom-casino-huj

pokerdom-3psk22

leonbets-casino-k9cd

jozz-casino-tjo

gama-casino-gkw

eldorado-casino-xu

eldorado-casino-vwl

eldorado-casino-teb

eldorado-casino-rhl

‍

Note: This list is a snippet of a larger dataset and not exhaustive.

About this Data: This report was generated using advanced algorithms and techniques to identify patterns and anomalies indicative of malicious activity. While this data has been carefully analysed, it is possible that some domains may be false positives. For more info, visit https://iq.global/iq-risk-score

Across Multiple TLDs: No

Pattern: The pattern consists of cleaning service keywords (primarily "housecleaning", but also "guttercleaning", "windowcleaning", and "washpressurecleaning") followed by "-vort" or "-vortps", then a combination of letters and numbers (e.g., "tta5", "ttp1", "ffpal3"), and ending with location identifiers and sequential numbers.

Sample Domains:

housecleaning-vortps-tta5-and
housecleaning-vortps-tta5-adi
housecleaning-vortps-tt-nky
housecleaning-vortps-tta3-rmv-ae
housecleaning-vortps-tta5-nky-ca
housecleaning-vort-ttp1-bob
housecleaning-vortps-tta5-man-5-ca
housecleaning-vortps-tta5-sam-ca
housecleaning-vortps-tta3-nky-us
housecleaning-vort-p1-bob
housecleaning-vortps-tta6-bob
housecleaning-vort-ff-nky
guttercleaning-vortps-tta3-nky
windowcleaning-vortps-tta6-mks-gb
discoverwashpressurecleaning-vortps-tta5-sam-us
discovercleaningservices-vortps-tta6-nky
guttercleaning-vortps-tta3-mks-us
washpressurecleaning-vortps-tta3-adi-us
‍

Note: This list is a snippet of a larger dataset and not exhaustive.

About this Data: This report was generated using advanced algorithms and techniques to identify patterns and anomalies indicative of malicious activity. While this data has been carefully analysed, it is possible that some domains may be false positives. For more info, visit https://iq.global/iq-risk-score

Across Multiple TLDs: No

Pattern: The pattern consists of "leonbets-casino-" followed by a combination of 4 characters, typically including lowercase letters and numbers. In some cases, "bk-" is inserted before the 4-character combination.

Sample Domains:

leonbets-casino-f2im

leonbets-casino-h2vy

leonbets-casino-y2ne

leonbets-casino-n2tc

leonbets-casino-ju3k

leonbets-casino-esy5

leonbets-casino-joxp

leonbets-casino-ma3s

leonbets-casino-uexr

leonbets-casino-ucm3

leonbets-casino-3oxb

leonbets-casino-vn5y

leonbets-casino-vbm2

leonbets-casino-pf9o

leonbets-casino-m42v

leonbets-casino-g6sv

leonbets-casino-g5na

leonbets-casino-a7ob

leonbets-casino-mg7u

leonbets-casino-m9p8
‍

Note: This list is a snippet of a larger dataset and not exhaustive.

About this Data: This report was generated using advanced algorithms and techniques to identify patterns and anomalies indicative of malicious activity. While this data has been carefully analysed, it is possible that some domains may be false positives. For more info, visit https://iq.global/iq-risk-score

Across Multiple TLDs: No

Pattern: The pattern consists of service-related keywords (e.g., "airconditionercompany", "securityservices", "concreterepaircompany") followed by "-vort-" or "-vortps-", then a combination of letters and numbers (e.g., "ttp1", "tta5", "ffpio"), and ending with location identifiers and sequential numbers.

Sample Domains:

airconditionercompany-vort-ttp1-kea-adtr

securityservices-vort-ttp1-kea-adtr

concreterepaircompany-vort-ttp1-kea-adtr

foundationrepair-vort-ttp1-kea-adtr

asphaltpaving-vort-ttp1-kea-adtr

paintingcontractors-vort-ttp1-kea-adtr

warehoadtreservices-vort-ttp1-kea-adtr

cleaningservices-vort-ttp1-kea-adtr

packingandmovingservices-vort-ttp1-kea-adtr

concreterepaircompany-vort-ttp1-sam-adtr-us

airconditionercompany-vort-ttp1-sam-adtr-us

caregiver-vort-ttp1-sam-adtr-us

cleanerservices-vort-ttp1-sam-adtr-us

airconditioning-vort-ttp1-vvs-adtr-us

landscapingservices-vort-ttp1-vvs-adtr-us

paintingcontractors-vortps-tta5-adi

homeremodeling-vort-ffkerch-sda-us

caregiver-vort-ffpio-kea-us

basementwaterproofing-vort-ffpio-kea-us

packingservices-vort-ffpio-kea-mx
‍

Note: This list is a snippet of a larger dataset and not exhaustive.

About this Data: This report was generated using advanced algorithms and techniques to identify patterns and anomalies indicative of malicious activity. While this data has been carefully analysed, it is possible that some domains may be false positives. For more info, visit https://iq.global/iq-risk-score

Across Multiple TLDs: Yes, 1

Pattern: The pattern consists of casino brand names ("pokerdom", "gama", "kent") followed by "-casino-" and a three-letter combination. The three-letter combinations appear to be randomly generated.

Sample Domains:

pokerdom-casino-weh

pokerdom-casino-toh

pokerdom-casino-pih

pokerdom-casino-wey

pokerdom-casino-wes

pokerdom-casino-wea

pokerdom-casino-weu

pokerdom-casino-geo

pokerdom-casino-ehu

pokerdom-casino-boi

gama-casino-pnc

gama-casino-mfp

gama-casino-rpx

gama-casino-fvk

gama-casino-gkn

kent-casino-plx

kent-casino-bkw

kent-casino-rd

kent-casino-dwb

kent-casino-vbz

‍

Note: This list is a snippet of a larger dataset and not exhaustive.

About this Data: This report was generated using advanced algorithms and techniques to identify patterns and anomalies indicative of malicious activity. While this data has been carefully analysed, it is possible that some domains may be false positives. For more info, visit https://iq.global/iq-risk-score

Date: 01-08-2024

Across Multiple TLDs: Yes, 1

Pattern: The pattern consists of cleaning service keywords (primarily "housecleaning", but also "guttercleaning" and "windowcleaning") followed by "-vort" or "-vortps", then a combination of letters and numbers (e.g., "ttp1", "tta3", "ffpal1"), and ending with location identifiers and sequential numbers.

Sample Domains:

housecleaning-vort-ttp1-bob

housecleaning-vort-p1-bob

housecleaning-vortps-tta3-bob

housecleaning-vort-ttg2-bob

housecleaning-vort-ffpal1-bob

housecleaning-vortps-tta6-bob

housecleaning-vortps-tta5-bob

housecleaning-vortps-tta5-adi

housecleaning-vortps-tt-nky

housecleaning-vortps-tta3-sam-us

housecleaning-vortps-tta5-sam-ca

housecleaning-vortps-tta3-rmv-ae

housecleaning-vortps-tta3-rmv-us

housecleaning-vortps-tta3-nky-us

housecleaning-vort-ff-nky

housecleaning-vortps-tta5-man-1-ca

housecleaning-vortps-tta6-bob-fr

housecleaning-vort-ttp1-asl-us

housecleaning-vort-ffpal-man

windowcleaning-vortps-tta6-mks-gb

Note: This list is a snippet of a larger dataset and not exhaustive.

About this Data: This report was generated using advanced algorithms and techniques to identify patterns and anomalies indicative of malicious activity. While this data has been carefully analysed, it is possible that some domains may be false positives. For more info, visit https://iq.global/iq-risk-score