viz_redirection_chain_to

Malware Discoverer Github Homepage.

Daily Threat Intelligence Report¶

This report contains following information

Overall statistics
1. Number of domains detected
2. Number of domains detected by Google Safe Browsing
3. IP address behind entry-level domains
4. date of collection
Top 10 domain statistics
1. count (number of redirection paths that contain this domain)
2. tier (1 is entry-level domain, 2 is intermediate hop, 3 is final landing domain)
3. registar
4. organization
Top 10 IP statistics
1. count
2. location (city, country, region)
3. hostname
4. organization
Consolidated redirection path
1. green: tier one domain
2. yellow: tier two domain
3. red: tier three domain

	num_domain	num_links	num_full_url	num_safebrowsing_malicious	num_vt_malicious	date	ip	user_agent
0	22	21	45	0	0	2021-04-12	185.53.177.73	Safari

	tier	domain	count	registrar	name_servers	org
0	tier_1	1link.in	1	TLD Registrar Solutions Ltd.	ns1.parkingcrew.net	None
1	tier_1	achannelnews.ca	1	dot-ca-registry.ca (Burmac Business Systems Ltd)	None	None
2	tier_1	abram.ca	1	dot-ca-registry.ca (Burmac Business Systems Ltd)	None	None
3	tier_1	vasileios.gr	1	None	None	None
4	tier_1	ad-aware.ca	1	None	None	None
5	tier_1	a-l.ca	1	dot-ca-registry.ca (Burmac Business Systems Ltd)	None	None
6	tier_1	a1signs.ca	1	None	None	None
7	tier_1	1844.ca	1	dot-ca-registry.ca (Burmac Business Systems Ltd)	None	None
8	tier_1	3500.ca	1	dot-ca-registry.ca (Burmac Business Systems Ltd)	None	None
9	tier_2	katie.v4.omgtnc.com	9	PSI-USA, Inc. dba Domain Robot	NS-1133.AWSDNS-13.ORG	None
10	tier_2	nizephoros-pom.com	4	Amazon Registrar, Inc.	NS-1192.AWSDNS-21.ORG	Whois Privacy Service
11	tier_2	managerformula.com	4	None	None	None
12	tier_2	api.apptap.com	2	Amazon Registrar, Inc.	NS-1256.AWSDNS-29.ORG	Whois Privacy Service
13	tier_2	redirect.viglink.com	2	Amazon Registrar, Inc.	NS1.VIGLINK.COM	Whois Privacy Service
14	tier_2	link.sylikes.com	2	MarkMonitor, Inc.	NS-1063.AWSDNS-04.ORG	Connexity, Inc.
15	tier_2	rd.bizrate.com	2	None	None	None
16	tier_2	rd.connexity.net	2	None	None	None
17	tier_3	s3.amazonaws.com	4	MarkMonitor, Inc.	R1.AMAZONAWS.COM	Amazon.com, Inc.
18	tier_3	ram21.proasdf.com	2	GoDaddy.com, LLC	NS61.DOMAINCONTROL.COM	Domains By Proxy, LLC
19	tier_3	rpa21.proasdf.com	1	GoDaddy.com, LLC	NS61.DOMAINCONTROL.COM	Domains By Proxy, LLC
20	tier_3	venus.com	1	GoDaddy.com, LLC	NS0.DNSMADEEASY.COM	Venus Fashion, Inc.
21	tier_3	theory.com	1	CSC CORPORATE DOMAINS, INC.	NS0.DNSMADEEASY.COM	Theory LLC

	ip	city	region	org	postal	country_name	tier	count	hostname
0	104.247.81.73	Wyandotte	Michigan	AS206834 Team Internet AG	48192	United States	tier_1	9	nan
1	52.45.77.217	Ashburn	Virginia	AS14618 Amazon.com, Inc.	20149	United States	tier_2	8	ec2-52-45-77-217.compute-1.amazonaws.com
2	192.138.218.207	Seattle	Washington	AS14332 Connexity, Inc.	98111	United States	tier_2	4	nan
3	34.207.43.7	Ashburn	Virginia	AS14618 Amazon.com, Inc.	20149	United States	tier_2	2	ec2-34-207-43-7.compute-1.amazonaws.com
4	172.232.19.177	Newark	New Jersey	AS20940 Akamai International B.V.	07175	United States	tier_2	2	a172-232-19-177.deploy.static.akamaitechnologies.com
5	172.232.19.136	Newark	New Jersey	AS20940 Akamai International B.V.	07175	United States	tier_2	2	a172-232-19-136.deploy.static.akamaitechnologies.com
6	52.205.177.114	Ashburn	Virginia	AS14618 Amazon.com, Inc.	20149	United States	tier_2	2	ec2-52-205-177-114.compute-1.amazonaws.com
7	34.225.128.119	Ashburn	Virginia	AS14618 Amazon.com, Inc.	20149	United States	tier_2	2	ec2-34-225-128-119.compute-1.amazonaws.com
8	192.138.218.139	Seattle	Washington	AS14332 Connexity, Inc.	98111	United States	tier_2	2	rd.connexity.net
9	34.197.176.2	Ashburn	Virginia	AS14618 Amazon.com, Inc.	20149	United States	tier_2	1	ec2-34-197-176-2.compute-1.amazonaws.com
10	52.22.6.66	Ashburn	Virginia	AS14618 Amazon.com, Inc.	20149	United States	tier_2	1	ec2-52-22-6-66.compute-1.amazonaws.com
11	52.206.108.38	Ashburn	Virginia	AS14618 Amazon.com, Inc.	20149	United States	tier_2	1	ec2-52-206-108-38.compute-1.amazonaws.com
12	162.243.10.151	New York City	New York	AS14061 DigitalOcean, LLC	10011	United States	tier_3	3	nan
13	52.217.74.38	Ashburn	Virginia	AS16509 Amazon.com, Inc.	20149	United States	tier_3	2	s3-1.amazonaws.com
14	52.216.130.37	Ashburn	Virginia	AS16509 Amazon.com, Inc.	20149	United States	tier_3	1	s3-1.amazonaws.com
15	52.216.113.197	Ashburn	Virginia	AS16509 Amazon.com, Inc.	20149	United States	tier_3	1	s3-1.amazonaws.com
16	23.33.103.173	New York City	New York	AS16625 Akamai Technologies, Inc.	10004	United States	tier_3	1	a23-33-103-173.deploy.static.akamaitechnologies.com
17	23.33.111.200	New York City	New York	AS16625 Akamai Technologies, Inc.	10004	United States	tier_3	1	a23-33-111-200.deploy.static.akamaitechnologies.com

Aggregated redirection graph of domains located on current IP address.¶

The redirection flows from left to right
Leftmost domains are initial domains hosted on current IP
Rightmost domains are final landing domains we were able to crawl

Screenshot of high-occurrence final landing domains¶

Zhouhan Chen, NYU Center for Data Science, zc1245@nyu.edu, Personal Website

Malware Discoverer Github Homepage.

Daily Threat Intelligence Report¶

Aggregated redirection graph of domains located on current IP address.¶

Screenshot of high-occurrence final landing domains¶

Have other ideas? / Want to subscribe to get threat intelligence report? / Contact¶