Daily Threat Intelligence Report

This report contains following information

  1. Overall statistics
    1. Number of domains detected
    2. Number of domains detected by Google Safe Browsing
    3. IP address behind entry-level domains
    4. date of collection
  2. Top 10 domain statistics
    1. count (number of redirection paths that contain this domain)
    2. tier (1 is entry-level domain, 2 is intermediate hop, 3 is final landing domain)
    3. registar
    4. organization
  3. Top 10 IP statistics
    1. count
    2. location (city, country, region)
    3. hostname
    4. organization
  4. Consolidated redirection path
    1. green: tier one domain
    2. yellow: tier two domain
    3. red: tier three domain
num_domain num_links num_full_url num_safebrowsing_malicious num_vt_malicious date ip user_agent
0 22 21 45 0 0 2021-04-12 185.53.177.73 Safari
tier domain count registrar name_servers org
0 tier_1 1link.in 1 TLD Registrar Solutions Ltd. ns1.parkingcrew.net None
1 tier_1 achannelnews.ca 1 dot-ca-registry.ca (Burmac Business Systems Ltd) None None
2 tier_1 abram.ca 1 dot-ca-registry.ca (Burmac Business Systems Ltd) None None
3 tier_1 vasileios.gr 1 None None None
4 tier_1 ad-aware.ca 1 None None None
5 tier_1 a-l.ca 1 dot-ca-registry.ca (Burmac Business Systems Ltd) None None
6 tier_1 a1signs.ca 1 None None None
7 tier_1 1844.ca 1 dot-ca-registry.ca (Burmac Business Systems Ltd) None None
8 tier_1 3500.ca 1 dot-ca-registry.ca (Burmac Business Systems Ltd) None None
9 tier_2 katie.v4.omgtnc.com 9 PSI-USA, Inc. dba Domain Robot NS-1133.AWSDNS-13.ORG None
10 tier_2 nizephoros-pom.com 4 Amazon Registrar, Inc. NS-1192.AWSDNS-21.ORG Whois Privacy Service
11 tier_2 managerformula.com 4 None None None
12 tier_2 api.apptap.com 2 Amazon Registrar, Inc. NS-1256.AWSDNS-29.ORG Whois Privacy Service
13 tier_2 redirect.viglink.com 2 Amazon Registrar, Inc. NS1.VIGLINK.COM Whois Privacy Service
14 tier_2 link.sylikes.com 2 MarkMonitor, Inc. NS-1063.AWSDNS-04.ORG Connexity, Inc.
15 tier_2 rd.bizrate.com 2 None None None
16 tier_2 rd.connexity.net 2 None None None
17 tier_3 s3.amazonaws.com 4 MarkMonitor, Inc. R1.AMAZONAWS.COM Amazon.com, Inc.
18 tier_3 ram21.proasdf.com 2 GoDaddy.com, LLC NS61.DOMAINCONTROL.COM Domains By Proxy, LLC
19 tier_3 rpa21.proasdf.com 1 GoDaddy.com, LLC NS61.DOMAINCONTROL.COM Domains By Proxy, LLC
20 tier_3 venus.com 1 GoDaddy.com, LLC NS0.DNSMADEEASY.COM Venus Fashion, Inc.
21 tier_3 theory.com 1 CSC CORPORATE DOMAINS, INC. NS0.DNSMADEEASY.COM Theory LLC
ip city region org postal country_name tier count hostname
0 104.247.81.73 Wyandotte Michigan AS206834 Team Internet AG 48192 United States tier_1 9 nan
1 52.45.77.217 Ashburn Virginia AS14618 Amazon.com, Inc. 20149 United States tier_2 8 ec2-52-45-77-217.compute-1.amazonaws.com
2 192.138.218.207 Seattle Washington AS14332 Connexity, Inc. 98111 United States tier_2 4 nan
3 34.207.43.7 Ashburn Virginia AS14618 Amazon.com, Inc. 20149 United States tier_2 2 ec2-34-207-43-7.compute-1.amazonaws.com
4 172.232.19.177 Newark New Jersey AS20940 Akamai International B.V. 07175 United States tier_2 2 a172-232-19-177.deploy.static.akamaitechnologies.com
5 172.232.19.136 Newark New Jersey AS20940 Akamai International B.V. 07175 United States tier_2 2 a172-232-19-136.deploy.static.akamaitechnologies.com
6 52.205.177.114 Ashburn Virginia AS14618 Amazon.com, Inc. 20149 United States tier_2 2 ec2-52-205-177-114.compute-1.amazonaws.com
7 34.225.128.119 Ashburn Virginia AS14618 Amazon.com, Inc. 20149 United States tier_2 2 ec2-34-225-128-119.compute-1.amazonaws.com
8 192.138.218.139 Seattle Washington AS14332 Connexity, Inc. 98111 United States tier_2 2 rd.connexity.net
9 34.197.176.2 Ashburn Virginia AS14618 Amazon.com, Inc. 20149 United States tier_2 1 ec2-34-197-176-2.compute-1.amazonaws.com
10 52.22.6.66 Ashburn Virginia AS14618 Amazon.com, Inc. 20149 United States tier_2 1 ec2-52-22-6-66.compute-1.amazonaws.com
11 52.206.108.38 Ashburn Virginia AS14618 Amazon.com, Inc. 20149 United States tier_2 1 ec2-52-206-108-38.compute-1.amazonaws.com
12 162.243.10.151 New York City New York AS14061 DigitalOcean, LLC 10011 United States tier_3 3 nan
13 52.217.74.38 Ashburn Virginia AS16509 Amazon.com, Inc. 20149 United States tier_3 2 s3-1.amazonaws.com
14 52.216.130.37 Ashburn Virginia AS16509 Amazon.com, Inc. 20149 United States tier_3 1 s3-1.amazonaws.com
15 52.216.113.197 Ashburn Virginia AS16509 Amazon.com, Inc. 20149 United States tier_3 1 s3-1.amazonaws.com
16 23.33.103.173 New York City New York AS16625 Akamai Technologies, Inc. 10004 United States tier_3 1 a23-33-103-173.deploy.static.akamaitechnologies.com
17 23.33.111.200 New York City New York AS16625 Akamai Technologies, Inc. 10004 United States tier_3 1 a23-33-111-200.deploy.static.akamaitechnologies.com

Aggregated redirection graph of domains located on current IP address.

  • The redirection flows from left to right
  • Leftmost domains are initial domains hosted on current IP
  • Rightmost domains are final landing domains we were able to crawl

Screenshot of high-occurrence final landing domains

Have other ideas? / Want to subscribe to get threat intelligence report? / Contact

Zhouhan Chen, NYU Center for Data Science, zc1245@nyu.edu, Personal Website