viz_redirection_chain_to

Malware Discoverer Github Homepage.

Daily Threat Intelligence Report¶

This report contains following information

Overall statistics
1. Number of domains detected
2. Number of domains detected by Google Safe Browsing
3. IP address behind entry-level domains
4. date of collection
Top 10 domain statistics
1. count (number of redirection paths that contain this domain)
2. tier (1 is entry-level domain, 2 is intermediate hop, 3 is final landing domain)
3. registar
4. organization
Top 10 IP statistics
1. count
2. location (city, country, region)
3. hostname
4. organization
Consolidated redirection path
1. green: tier one domain
2. yellow: tier two domain
3. red: tier three domain

	num_domain	num_links	num_full_url	num_safebrowsing_malicious	num_vt_malicious	date	ip	user_agent
0	34	34	56	0	1	2021-04-16	185.53.177.73	Safari

	tier	domain	count	registrar	name_servers	org
0	tier_1	aevangelism.org	1	GoDaddy.com, LLC	NS1.PARKINGCREW.NET	None
1	tier_1	elitetrader.org	1	1API GmbH	NS1.PARKINGCREW.NET	['adaspect media UG haftungsbeschraenkt', 'REDACTED FOR PRIVACY']
2	tier_1	420rx.org	1	GoDaddy.com, LLC	NS1.PARKINGCREW.NET	CTI Holdings Inc.
3	tier_1	canadatrips.org	1	Epik Inc.	NS1.PARKINGCREW.NET	Hunley Media Group LLC
4	tier_1	cellphones.org	1	Moniker Online Services LLC	NS1.FASTPARK.NET	Moniker Privacy Services
5	tier_1	beingme.org	1	Domain.com, LLC	NS1.PARKINGCREW.NET	['Glocal Commerce Limited', 'REDACTED FOR PRIVACY']
6	tier_1	booking-flights.org	1	INWX GmbH & Co. KG	NS1.PARKINGCREW.NET	-
7	tier_1	bihar.org	1	Dynadot, LLC	NS1.PARKINGCREW.NET	None
8	tier_2	katie.v4.omgtnc.com	8	PSI-USA, Inc. dba Domain Robot	NS-1133.AWSDNS-13.ORG	None
9	tier_2	rd.bizrate.com	4	MarkMonitor, Inc.	NS-1189.AWSDNS-20.ORG	Meredith Corporation
10	tier_2	rd.connexity.net	4	None	None	None
11	tier_2	aristo-hag.com	3	Amazon Registrar, Inc.	NS-1226.AWSDNS-25.ORG	Whois Privacy Service
12	tier_2	api.apptap.com	2	Amazon Registrar, Inc.	NS-1256.AWSDNS-29.ORG	Whois Privacy Service
13	tier_2	r.lnk8j7.com	2	1&1 IONOS SE	NS-1314.AWSDNS-36.ORG	1&1 Internet Limited
14	tier_2	v6ur9n22r9.execute-api.us-east-1.amazonaws.com	2	None	None	None
15	tier_2	link.sylikes.com	2	None	None	None
16	tier_2	noclick.connexity.com	2	None	None	None
17	tier_2	trak.today-trip.com	1	NAMECHEAP INC	DNS1.REGISTRAR-SERVERS.COM	Privacy service provided by Withheld for Privacy ehf
18	tier_2	wirtgage-proxing.icu	1	Key-Systems GmbH	NS-1046.AWSDNS-02.ORG	c/o whoisproxy.com
19	tier_2	secureconv-ec.com	1	Key-Systems GmbH	NS-1437.AWSDNS-51.ORG	c/o whoisproxy.com
20	tier_2	patpat.sjv.io	1	GANDI SAS	NS-545.AWSDNS-04.NET	None
21	tier_2	patpat.com	1	ENOM, INC.	GINA.NS.CLOUDFLARE.COM	Whois Privacy Protection Service, Inc.
22	tier_2	tr.trackingsys.tech	1	DonDominio (SCIP)	NS1.DONDOMINIO.COM	Soluciones Corporativas IP, c/o Whois Proxy
23	tier_2	zen.affiliateland.io	1	NAMECHEAP INC	ALINA.NS.CLOUDFLARE.COM	None
24	tier_2	bridge.lga1.ap01.net	1	MarkMonitor, Inc.	A1-230.AKAM.NET	DNStination Inc.
25	tier_2	298126900.lga1.ampverified.com	1	None	None	None
26	tier_2	clixtrac.com	1	NAMECHEAP INC	NS1.CLIXTRAC.COM	WhoisGuard, Inc.
27	tier_2	secure.adnxs.com	1	MarkMonitor Inc.	NS1.GSLB.COM	None
28	tier_3	blair.com	2	CSC CORPORATE DOMAINS, INC.	NS-1237.AWSDNS-26.ORG	Bluestem Brands, Inc.
29	tier_3	wayfair.com	2	MarkMonitor, Inc.	A1-100.AKAM.NET	Wayfair, LLC
30	tier_3	us.patpat.com	1	ENOM, INC.	GINA.NS.CLOUDFLARE.COM	Whois Privacy Protection Service, Inc.
31	tier_3	loadfree-bestheavilyfile.best	1	NAMECHEAP INC	DNS1.REGISTRAR-SERVERS.COM	Privacy service provided by Withheld for Privacy ehf
32	tier_3	ram21.proasdf.com	1	GoDaddy.com, LLC	NS61.DOMAINCONTROL.COM	Domains By Proxy, LLC
33	tier_3	visitmusiccity.com	1	GoDaddy.com, LLC	NS-1504.AWSDNS-60.ORG	Nashville Convention & Visitors Corp.

	ip	city	region	org	postal	country_name	tier	count	hostname	anycast
0	104.247.81.73	Wyandotte	Michigan	AS206834 Team Internet AG	48192	United States	tier_1	8	nan	nan
1	192.138.218.207	Seattle	Washington	AS14332 Connexity, Inc.	98111	United States	tier_2	6	rd.bizrate.com	nan
2	3.220.46.255	Ashburn	Virginia	AS14618 Amazon.com, Inc.	20149	United States	tier_2	5	ec2-3-220-46-255.compute-1.amazonaws.com	nan
3	192.138.218.139	Seattle	Washington	AS14332 Connexity, Inc.	98111	United States	tier_2	4	rd.connexity.net	nan
4	34.231.10.22	Ashburn	Virginia	AS14618 Amazon.com, Inc.	20149	United States	tier_2	3	ec2-34-231-10-22.compute-1.amazonaws.com	nan
5	52.45.77.217	Ashburn	Virginia	AS14618 Amazon.com, Inc.	20149	United States	tier_2	2	ec2-52-45-77-217.compute-1.amazonaws.com	nan
6	13.226.38.110	Newark	New Jersey	AS16509 Amazon.com, Inc.	07175	United States	tier_2	2	server-13-226-38-110.ewr53.r.cloudfront.net	nan
7	18.235.67.128	Ashburn	Virginia	AS14618 Amazon.com, Inc.	20149	United States	tier_2	2	ec2-18-235-67-128.compute-1.amazonaws.com	nan
8	192.138.218.215	Seattle	Washington	AS14332 Connexity, Inc.	98111	United States	tier_2	2	noclick.connexity.com	nan
9	104.218.72.13	New York City	New York	AS63190 adMarketplace, Inc.	10016	United States	tier_2	2	nan	nan
10	54.197.172.17	Ashburn	Virginia	AS14618 Amazon.com, Inc.	20149	United States	tier_2	1	ec2-54-197-172-17.compute-1.amazonaws.com	nan
11	35.172.107.150	Ashburn	Virginia	AS14618 Amazon.com, Inc.	20149	United States	tier_2	1	ec2-35-172-107-150.compute-1.amazonaws.com	nan
12	52.72.29.7	Ashburn	Virginia	AS14618 Amazon.com, Inc.	20149	United States	tier_2	1	ec2-52-72-29-7.compute-1.amazonaws.com	nan
13	54.162.253.78	Ashburn	Virginia	AS14618 Amazon.com, Inc.	20149	United States	tier_2	1	ec2-54-162-253-78.compute-1.amazonaws.com	nan
14	35.227.211.136	Kansas City	Missouri	AS15169 Google LLC	64121	United States	tier_2	1	136.211.227.35.bc.googleusercontent.com	True
15	104.18.107.83	San Francisco	California	AS13335 Cloudflare, Inc.	94107	United States	tier_3	1	nan	True
16	107.20.106.95	Ashburn	Virginia	AS14618 Amazon.com, Inc.	20149	United States	tier_2	1	ec2-107-20-106-95.compute-1.amazonaws.com	nan
17	52.22.6.66	Ashburn	Virginia	AS14618 Amazon.com, Inc.	20149	United States	tier_2	1	ec2-52-22-6-66.compute-1.amazonaws.com	nan
18	208.100.38.218	Chicago	Illinois	AS32748 Steadfast	60607	United States	tier_2	1	clixtrac.com	nan
19	68.67.161.206	New York City	New York	AS29990 AppNexus, Inc	10004	United States	tier_2	1	798.bm-nginx-loadbalancer.mgmt.nym2.adnexus.net	nan
20	54.84.4.127	Ashburn	Virginia	AS14618 Amazon.com, Inc.	20149	United States	tier_2	1	ec2-54-84-4-127.compute-1.amazonaws.com	nan
21	23.73.247.49	Edison	New Jersey	AS16625 Akamai Technologies, Inc.	08817	United States	tier_3	2	a23-73-247-49.deploy.static.akamaitechnologies.com	nan
22	23.39.32.237	Newark	New Jersey	AS16625 Akamai Technologies, Inc.	07175	United States	tier_3	2	a23-39-32-237.deploy.static.akamaitechnologies.com	nan
23	104.18.107.83	San Francisco	California	AS13335 Cloudflare, Inc.	94107	United States	tier_3	1	nan	True
24	52.20.53.118	Ashburn	Virginia	AS14618 Amazon.com, Inc.	20149	United States	tier_3	1	ec2-52-20-53-118.compute-1.amazonaws.com	nan
25	162.243.10.151	New York City	New York	AS14061 DigitalOcean, LLC	10011	United States	tier_3	1	nan	nan
26	54.164.213.169	Ashburn	Virginia	AS14618 Amazon.com, Inc.	20149	United States	tier_3	1	ec2-54-164-213-169.compute-1.amazonaws.com	nan

Aggregated redirection graph of domains located on current IP address.¶

The redirection flows from left to right
Leftmost domains are initial domains hosted on current IP
Rightmost domains are final landing domains we were able to crawl

Screenshot of high-occurrence final landing domains¶

Zhouhan Chen, NYU Center for Data Science, zc1245@nyu.edu, Personal Website

Malware Discoverer Github Homepage.

Daily Threat Intelligence Report¶

Aggregated redirection graph of domains located on current IP address.¶

Screenshot of high-occurrence final landing domains¶

Have other ideas? / Want to subscribe to get threat intelligence report? / Contact¶