viz_redirection_chain_to

Malware Discoverer Github Homepage.

Daily Threat Intelligence Report¶

This report contains following information

Overall statistics
1. Number of domains detected
2. Number of domains detected by Google Safe Browsing
3. IP address behind entry-level domains
4. date of collection
Top 10 domain statistics
1. count (number of redirection paths that contain this domain)
2. tier (1 is entry-level domain, 2 is intermediate hop, 3 is final landing domain)
3. registar
4. organization
Top 10 IP statistics
1. count
2. location (city, country, region)
3. hostname
4. organization
Consolidated redirection path
1. green: tier one domain
2. yellow: tier two domain
3. red: tier three domain

	num_domain	num_links	num_full_url	num_safebrowsing_malicious	num_vt_malicious	date	ip	user_agent
0	369	388	1815	0	0	2020-11-08	103.224.182.207	Android

	tier	domain	count	registrar	name_servers	org
0	tier_1	puracandelatv.com	1	GoDaddy.com, LLC	NS1.ABOVE.COM	None
1	tier_1	codanova.com	1	GoDaddy.com, LLC	NS1.ABOVE.COM	None
2	tier_1	secondnaturecd.com	1	GoDaddy.com, LLC	NS1.ABOVE.COM	None
3	tier_1	vvvgrace.net	1	GoDaddy.com, LLC	NS1.ABOVE.COM	None
4	tier_1	03calls.com	1	GoDaddy.com, LLC	NS1.ABOVE.COM	None
5	tier_1	ddiziizle.net	1	GoDaddy.com, LLC	NS1.ABOVE.COM	None
6	tier_1	benstreaming.com	1	GoDaddy.com, LLC	NS1.ABOVE.COM	None
7	tier_1	a-doctor-in-the-house.com	1	GoDaddy.com, LLC	NS1.ABOVE.COM	None
8	tier_1	ptidico.com	1	GoDaddy.com, LLC	NS1.ABOVE.COM	None
9	tier_1	posteos.com	1	GoDaddy.com, LLC	NS1.ABOVE.COM	None
10	tier_2	bidr.trellian.com	178	ABOVE.COM PTY LTD.	NS1.TRELLIAN.COM	REDACTED FOR PRIVACY
11	tier_2	us.redirectbuzz.club	116	Gandi SAS	ns-2.awsdns-00.com	PPCBUZZ
12	tier_2	recode.pw	116	Gandi SAS	NS-1611.AWSDNS-09.CO.UK	None
13	tier_2	portablemusic.mobi	112	GoDaddy.com, LLC	None	None
14	tier_2	trk77.onnur.xyz	87	NameSilo, LLC	PAITYN.NS.CLOUDFLARE.COM	See PrivacyGuardian.org
15	tier_2	thespook.xyz	60	Name.com, Inc.	MARK.NS.CLOUDFLARE.COM	Domain Protection Services, Inc.
16	tier_2	google.com	57	MarkMonitor, Inc.	NS1.GOOGLE.COM	Google LLC
17	tier_2	trkads.info	55	DANESCO TRADING LTD	NS1.DIGITALOCEAN.COM	DANESCO TRADING LTD.
18	tier_2	cmon.ueive.com	52	None	None	None
19	tier_2	go.doblevialatam.com	38	GoDaddy.com, LLC	NS.RACKSPACE.COM	Domains By Proxy, LLC
20	tier_3	google.com_LOOP_1	57	None	None	None
21	tier_3	for-ap.com	14	PDR Ltd. d/b/a PublicDomainRegistry.com	ALEX.NS.CLOUDFLARE.COM	Privacy Protect, LLC (PrivacyProtect.org)
22	tier_3	encryptalert.com	11	None	None	None
23	tier_3	winningpokernetwork.com	9	Safenames Ltd	NASH.NS.CLOUDFLARE.COM	None
24	tier_3	coercially.club	9	None	None	None
25	tier_3	wayfair.com	6	MarkMonitor, Inc.	A1-100.AKAM.NET	Wayfair, LLC
26	tier_3	panel-surveys.com	6	None	None	None
27	tier_3	sales.dvlatam.xyz	4	None	None	None
28	tier_3	portablemusic.mobi	4	GoDaddy.com, LLC	None	None
29	tier_3	nutaku.net	4	Eurodns S.A.	DNS1.P03.NSONE.NET	Whois Privacy (enumDNS dba)

	ip	hostname	city	region	org	postal	country_name	tier	count
0	103.224.182.207	lb-182-207.above.com	Caulfield South	Victoria	AS133618 Trellian Pty. Limited	3193	Australia	tier_1	213
1	103.224.182.206	bidr.trellian.com	Caulfield South	Victoria	AS133618 Trellian Pty. Limited	3193	Australia	tier_2	178
2	165.22.162.145	nan	Santa Clara	California	AS14061 DigitalOcean, LLC	95051	United States	tier_2	55
3	172.64.197.11	nan	San Francisco	California	AS13335 Cloudflare, Inc.	94107	United States	tier_2	48
4	172.64.196.11	nan	San Francisco	California	AS13335 Cloudflare, Inc.	94107	United States	tier_2	39
5	162.242.198.222	nan	Washington	Washington, D.C.	AS27357 Rackspace Hosting	20045	United States	tier_2	38
6	34.199.180.187	ec2-34-199-180-187.compute-1.amazonaws.com	Virginia Beach	Virginia	AS14618 Amazon.com, Inc.	23450	United States	tier_2	38
7	184.154.10.251	server04.com-2.mobi	Chicago	Illinois	AS32475 SingleHop LLC	60666	United States	tier_3	4
8	172.64.103.28	nan	San Francisco	California	AS13335 Cloudflare, Inc.	94107	United States	tier_2	31
9	213.32.106.141	ip141.ip-213-32-106.eu	Amsterdam	North Holland	AS16276 OVH SAS	1012	Netherlands	tier_2	30
10	37.187.75.92	ns3365200.ip-37-187-75.eu	Saumont	Nouvelle-Aquitaine	AS16276 OVH SAS	47600	France	tier_2	29
11	100.37.135.2	pool-100-37-135-2.nycmny.fios.verizon.net	New York City	New York	AS701 MCI Communications Services, Inc. d/b/a Verizon Business	10004	United States	tier_3	79
12	144.202.107.3	144.202.107.3.vultr.com	Live Oak	California	AS20473 Choopa, LLC	95953	United States	tier_3	13
13	172.67.139.49	nan	San Francisco	California	AS13335 Cloudflare, Inc.	94107	United States	tier_3	8
14	104.16.246.78	nan	San Francisco	California	AS13335 Cloudflare, Inc.	94107	United States	tier_3	6
15	217.163.30.151	217.163.30.151.vultr.com	Fuyong	Guangdong	AS20473 Choopa, LLC	nan	China	tier_3	6
16	104.18.45.36	nan	San Francisco	California	AS13335 Cloudflare, Inc.	94107	United States	tier_3	5
17	184.154.10.251	server04.com-2.mobi	Chicago	Illinois	AS32475 SingleHop LLC	60666	United States	tier_3	4
18	66.254.114.112	reflectededge.reflected.net	Hopewell	New Jersey	AS29789 Reflected Networks, Inc.	08525	United States	tier_3	4
19	167.114.209.62	ais-sa2-bhs04-1.cdnstream.com	Mississauga	Ontario	AS16276 OVH SAS	L5B	Canada	tier_3	3
20	45.33.9.36	li963-36.members.linode.com	Richardson	Texas	AS63949 Linode, LLC	75080	United States	tier_3	3

Zhouhan Chen, NYU Center for Data Science, zc1245@nyu.edu, Personal Website

Malware Discoverer Github Homepage.

Daily Threat Intelligence Report¶

Have other ideas? / Want to subscribe to get threat intelligence report? / Contact¶