viz_redirection_chain_to

Malware Discoverer Github Homepage.

Daily Threat Intelligence Report¶

This report contains following information

Overall statistics
1. Number of domains detected
2. Number of domains detected by Google Safe Browsing
3. IP address behind entry-level domains
4. date of collection
Top 10 domain statistics
1. count (number of redirection paths that contain this domain)
2. tier (1 is entry-level domain, 2 is intermediate hop, 3 is final landing domain)
3. registar
4. organization
Top 10 IP statistics
1. count
2. location (city, country, region)
3. hostname
4. organization
Consolidated redirection path
1. green: tier one domain
2. yellow: tier two domain
3. red: tier three domain

	num_domain	num_links	num_full_url	num_safebrowsing_malicious	num_vt_malicious	date	ip	user_agent
0	453	473	2703	2	0	2020-11-09	103.224.182.207	Android

	tier	domain	count	registrar	name_servers	org
0	tier_1	bellsoutj.net	1	GoDaddy.com, LLC	NS1.ABOVE.COM	None
1	tier_1	codanova.com	1	GoDaddy.com, LLC	NS1.ABOVE.COM	None
2	tier_1	channelfilipino.net	1	GoDaddy.com, LLC	NS1.ABOVE.COM	None
3	tier_1	soal-psikotest.com	1	GoDaddy.com, LLC	NS1.ABOVE.COM	None
4	tier_1	ddiziizle.net	1	GoDaddy.com, LLC	NS1.ABOVE.COM	None
5	tier_1	benstreaming.com	1	GoDaddy.com, LLC	NS1.ABOVE.COM	None
6	tier_1	ecatomb.net	1	GoDaddy.com, LLC	NS1.ABOVE.COM	None
7	tier_1	a-doctor-in-the-house.com	1	GoDaddy.com, LLC	NS1.ABOVE.COM	None
8	tier_1	ptidico.com	1	GoDaddy.com, LLC	NS1.ABOVE.COM	None
9	tier_1	azmovielist.net	1	GoDaddy.com, LLC	NS1.ABOVE.COM	None
10	tier_2	bidr.trellian.com	240	ABOVE.COM PTY LTD.	NS1.TRELLIAN.COM	REDACTED FOR PRIVACY
11	tier_2	us.redirectbuzz.club	173	Gandi SAS	ns-2.awsdns-00.com	PPCBUZZ
12	tier_2	recode.pw	170	Gandi SAS	NS-1611.AWSDNS-09.CO.UK	None
13	tier_2	portablemusic.mobi	167	GoDaddy.com, LLC	None	None
14	tier_2	thespook.xyz	139	Name.com, Inc.	MARK.NS.CLOUDFLARE.COM	Domain Protection Services, Inc.
15	tier_2	trk81.onnur.xyz	138	NameSilo, LLC	PAITYN.NS.CLOUDFLARE.COM	See PrivacyGuardian.org
16	tier_2	cmon.ueive.com	117	NAMECHEAP INC	COBY.NS.CLOUDFLARE.COM	WhoisGuard, Inc.
17	tier_2	go.doblevialatam.com	103	GoDaddy.com, LLC	NS.RACKSPACE.COM	Domains By Proxy, LLC
18	tier_2	sales.dvlatam.xyz	95	NAMECHEAP INC	DNS1.REGISTRAR-SERVERS.COM	WhoisGuard, Inc.
19	tier_2	cheaposflight.com	57	NAMECHEAP INC	DNS1.REGISTRAR-SERVERS.COM	WhoisGuard, Inc.
20	tier_3	google.com_LOOP_1	55	None	None	None
21	tier_3	for-ap.com	40	PDR Ltd. d/b/a PublicDomainRegistry.com	ALEX.NS.CLOUDFLARE.COM	None
22	tier_3	trustedpush.com	23	NAMECHEAP INC	NS-1142.AWSDNS-14.ORG	WhoisGuard, Inc.
23	tier_3	win1.trustedpush.com	14	NAMECHEAP INC	NS-1142.AWSDNS-14.ORG	WhoisGuard, Inc.
24	tier_3	win3.trustedpush.com	11	NAMECHEAP INC	NS-1142.AWSDNS-14.ORG	WhoisGuard, Inc.
25	tier_3	sales.dvlatam.xyz	8	NAMECHEAP INC	DNS1.REGISTRAR-SERVERS.COM	WhoisGuard, Inc.
26	tier_3	samsung.com	8	None	None	None
27	tier_3	win2.trustedpush.com	8	NAMECHEAP INC	NS-1142.AWSDNS-14.ORG	WhoisGuard, Inc.
28	tier_3	winningpokernetwork.com	7	Safenames Ltd	NASH.NS.CLOUDFLARE.COM	None
29	tier_3	playgames-win.com	7	Arsys Internet, S.L. dba NICLINE.COM	NS23.PIENSASOLUTIONS.COM	luis martinez agullo

	ip	hostname	city	region	org	postal	country_name	tier	count
0	103.224.182.207	lb-182-207.above.com	Caulfield South	Victoria	AS133618 Trellian Pty. Limited	3193	Australia	tier_1	288
1	100.37.135.2	pool-100-37-135-2.nycmny.fios.verizon.net	New York City	New York	AS701 MCI Communications Services, Inc. d/b/a Verizon Business	10004	United States	tier_3	98
2	103.224.182.206	bidr.trellian.com	Caulfield South	Victoria	AS133618 Trellian Pty. Limited	3193	Australia	tier_2	240
3	162.242.198.222	nan	Washington	Washington, D.C.	AS27357 Rackspace Hosting	20045	United States	tier_2	103
4	184.154.10.251	server04.com-2.mobi	Chicago	Illinois	AS32475 SingleHop LLC	60666	United States	tier_3	8
5	34.199.180.187	ec2-34-199-180-187.compute-1.amazonaws.com	Virginia Beach	Virginia	AS14618 Amazon.com, Inc.	23450	United States	tier_2	90
6	172.64.197.11	nan	San Francisco	California	AS13335 Cloudflare, Inc.	94107	United States	tier_2	89
7	172.64.162.32	nan	San Francisco	California	AS13335 Cloudflare, Inc.	94107	United States	tier_2	62
8	165.22.162.145	nan	Santa Clara	California	AS14061 DigitalOcean, LLC	95051	United States	tier_2	55
9	172.64.163.32	nan	San Francisco	California	AS13335 Cloudflare, Inc.	94107	United States	tier_2	55
10	104.27.133.11	nan	San Francisco	California	AS13335 Cloudflare, Inc.	94107	United States	tier_2	54
11	172.64.196.11	nan	San Francisco	California	AS13335 Cloudflare, Inc.	94107	United States	tier_2	49
12	100.37.135.2	pool-100-37-135-2.nycmny.fios.verizon.net	New York City	New York	AS701 MCI Communications Services, Inc. d/b/a Verizon Business	10004	United States	tier_3	98
13	104.18.45.36	nan	San Francisco	California	AS13335 Cloudflare, Inc.	94107	United States	tier_3	16
14	172.67.139.49	nan	San Francisco	California	AS13335 Cloudflare, Inc.	94107	United States	tier_3	13
15	13.225.65.110	server-13-225-65-110.ewr53.r.cloudfront.net	Newark	New Jersey	AS16509 Amazon.com, Inc.	07175	United States	tier_3	13
16	104.18.44.36	nan	San Francisco	California	AS13335 Cloudflare, Inc.	94107	United States	tier_3	11
17	184.154.10.251	server04.com-2.mobi	Chicago	Illinois	AS32475 SingleHop LLC	60666	United States	tier_3	8
18	13.225.65.6	server-13-225-65-6.ewr53.r.cloudfront.net	Newark	New Jersey	AS16509 Amazon.com, Inc.	07175	United States	tier_3	7
19	23.38.172.65	a23-38-172-65.deploy.static.akamaitechnologies.com	Newark	New Jersey	AS16625 Akamai Technologies, Inc.	07175	United States	tier_3	7
20	13.225.65.102	server-13-225-65-102.ewr53.r.cloudfront.net	Newark	New Jersey	AS16509 Amazon.com, Inc.	07175	United States	tier_3	7
21	66.228.63.84	nb-66-228-63-84.atlanta.nodebalancer.linode.com	Atlanta	Georgia	AS63949 Linode, LLC	30302	United States	tier_3	7

Zhouhan Chen, NYU Center for Data Science, zc1245@nyu.edu, Personal Website

Malware Discoverer Github Homepage.

Daily Threat Intelligence Report¶

Have other ideas? / Want to subscribe to get threat intelligence report? / Contact¶