viz_redirection_chain_to

Malware Discoverer Github Homepage.

Daily Threat Intelligence Report¶

This report contains following information

Overall statistics
1. Number of domains detected
2. Number of domains detected by Google Safe Browsing
3. IP address behind entry-level domains
4. date of collection
Top 10 domain statistics
1. count (number of redirection paths that contain this domain)
2. tier (1 is entry-level domain, 2 is intermediate hop, 3 is final landing domain)
3. registar
4. organization
Top 10 IP statistics
1. count
2. location (city, country, region)
3. hostname
4. organization
Consolidated redirection path
1. green: tier one domain
2. yellow: tier two domain
3. red: tier three domain

	num_domain	num_links	num_full_url	num_safebrowsing_malicious	num_vt_malicious	date	ip	user_agent
0	32	33	55	0	0	2021-04-19	185.53.177.73	Safari

	tier	domain	count	registrar	name_servers	org
0	tier_1	1link.in	1	TLD Registrar Solutions Ltd.	ns1.parkingcrew.net	None
1	tier_1	achannelnews.ca	1	dot-ca-registry.ca (Burmac Business Systems Ltd)	None	None
2	tier_1	forexplace.net	1	Sea Wasp, LLC	NS1.BIDOPARKING.COM	Savvy Investments, LLC Privacy ID# 858086
3	tier_1	abram.ca	1	dot-ca-registry.ca (Burmac Business Systems Ltd)	None	None
4	tier_1	vasileios.gr	1	None	None	None
5	tier_1	ad-aware.ca	1	dot-ca-registry.ca (Burmac Business Systems Ltd)	None	None
6	tier_1	a-l.ca	1	dot-ca-registry.ca (Burmac Business Systems Ltd)	None	None
7	tier_1	a1signs.ca	1	None	None	None
8	tier_1	1844.ca	1	None	None	None
9	tier_1	3500.ca	1	dot-ca-registry.ca (Burmac Business Systems Ltd)	None	None
10	tier_2	katie.v4.omgtnc.com	9	PSI-USA, Inc. dba Domain Robot	NS-1133.AWSDNS-13.ORG	None
11	tier_2	recode.pw	4	GANDI SAS	NS-1611.AWSDNS-09.CO.UK	PPCBUZZ
12	tier_2	us.redirectbuzz.club	4	Gandi SAS	ns-2.awsdns-00.com	PPCBUZZ
13	tier_2	paid.outbrain.com	4	Network Solutions, LLC	DNS1.P07.NSONE.NET	None
14	tier_2	api.apptap.com	2	Amazon Registrar, Inc.	NS-1256.AWSDNS-29.ORG	Whois Privacy Service
15	tier_2	gamers-net.com	2	GANDI SAS	NS-1298.AWSDNS-34.ORG	PPCBUZZ
16	tier_2	carsnspeed.net	1	GANDI SAS	NS-1120.AWSDNS-12.ORG	PPCBUZZ
17	tier_2	click.clkepd.com	1	None	None	None
18	tier_2	redirect.viglink.com	1	Amazon Registrar, Inc.	NS1.VIGLINK.COM	Whois Privacy Service
19	tier_2	link.sylikes.com	1	None	None	None
20	tier_2	rd.bizrate.com	1	None	None	None
21	tier_2	rd.connexity.net	1	None	None	None
22	tier_2	api.kelkoogroup.net	1	None	None	None
23	tier_2	us-go.kelkoogroup.net	1	None	None	None
24	tier_2	click.linksynergy.com	1	CSC CORPORATE DOMAINS, INC.	DNS1.P09.NSONE.NET	Rakuten Marketing
25	tier_2	newsinformer.net	1	GANDI SAS	NS-1092.AWSDNS-08.ORG	PPCBUZZ
26	tier_3	healthgrades.com	4	Amazon Registrar, Inc.	NS-1102.AWSDNS-09.ORG	Whois Privacy Service
27	tier_3	ram21.proasdf.com	2	GoDaddy.com, LLC	NS61.DOMAINCONTROL.COM	Domains By Proxy, LLC
28	tier_3	searchingmagnified.com	1	PDR Ltd. d/b/a PublicDomainRegistry.com	NS1004.ZTOMY.COM	Privacy Protect, LLC (PrivacyProtect.org)
29	tier_3	bostonproper.com	1	Amazon Registrar, Inc.	NS-117.AWSDNS-14.COM	Whois Privacy Service
30	tier_3	hypable.com	1	GoDaddy.com, LLC	LILY.NS.CLOUDFLARE.COM	Domains By Proxy, LLC
31	tier_3	splendid.com	1	GoDaddy.com, LLC	NS19.DOMAINCONTROL.COM	Domains By Proxy, LLC

	ip	city	region	org	postal	country_name	tier	count	hostname	anycast
0	104.247.81.73	Wyandotte	Michigan	AS206834 Team Internet AG	48192	United States	tier_1	9	nan	nan
1	141.8.224.130	Dallas	Texas	AS40034 Confluence Networks Inc	75270	United States	tier_1	1	nan	nan
2	3.220.46.255	Ashburn	Virginia	AS14618 Amazon.com, Inc.	20149	United States	tier_2	8	ec2-3-220-46-255.compute-1.amazonaws.com	nan
3	66.232.112.79	Tampa	Florida	AS29802 HIVELOCITY, Inc.	33606	United States	tier_2	4	66-232-112-79.static.hvvc.us	nan
4	151.101.202.132	Washington	Washington, D.C.	AS54113 Fastly	20045	United States	tier_2	3	nan	nan
5	66.232.112.74	Tampa	Florida	AS29802 HIVELOCITY, Inc.	33606	United States	tier_2	2	66-232-112-74.static.hvvc.us	nan
6	54.197.172.17	Ashburn	Virginia	AS14618 Amazon.com, Inc.	20149	United States	tier_2	2	ec2-54-197-172-17.compute-1.amazonaws.com	nan
7	192.138.218.207	Seattle	Washington	AS14332 Connexity, Inc.	98111	United States	tier_2	2	rd.bizrate.com	nan
8	66.232.112.85	Tampa	Florida	AS29802 HIVELOCITY, Inc.	33606	United States	tier_2	2	66-232-112-85.static.hvvc.us	nan
9	66.232.112.82	Tampa	Florida	AS29802 HIVELOCITY, Inc.	33606	United States	tier_2	2	66-232-112-82.static.hvvc.us	nan
10	66.232.112.90	Tampa	Florida	AS29802 HIVELOCITY, Inc.	33606	United States	tier_2	1	66-232-112-90.static.hvvc.us	nan
11	198.134.116.30	New York City	New York	AS27257 Webair Internet Development Company Inc.	10013	United States	tier_2	1	nan	nan
12	34.195.100.186	Ashburn	Virginia	AS14618 Amazon.com, Inc.	20149	United States	tier_2	1	ec2-34-195-100-186.compute-1.amazonaws.com	nan
13	192.138.218.139	Seattle	Washington	AS14332 Connexity, Inc.	98111	United States	tier_2	1	rd.connexity.net	nan
14	52.45.77.217	Ashburn	Virginia	AS14618 Amazon.com, Inc.	20149	United States	tier_2	1	ec2-52-45-77-217.compute-1.amazonaws.com	nan
15	99.84.114.64	Newark	New Jersey	AS16509 Amazon.com, Inc.	07175	United States	tier_2	1	server-99-84-114-64.ewr52.r.cloudfront.net	nan
16	95.211.116.27	Amsterdam	North Holland	AS60781 LeaseWeb Netherlands B.V.	1012	Netherlands	tier_2	1	dc1-ecs-pub-go-vip.kelkoo.com	nan
17	35.212.119.88	Washington	Washington, D.C.	AS15169 Google LLC	20045	United States	tier_2	1	88.119.212.35.bc.googleusercontent.com	nan
18	66.232.112.86	Tampa	Florida	AS29802 HIVELOCITY, Inc.	33606	United States	tier_2	1	66-232-112-86.static.hvvc.us	nan
19	151.101.250.132	Ashburn	Virginia	AS54113 Fastly	20149	United States	tier_2	1	nan	nan
20	143.204.148.2	Newark	New Jersey	AS16509 Amazon.com, Inc.	07175	United States	tier_3	4	server-143-204-148-2.ewr52.r.cloudfront.net	nan
21	162.243.10.151	New York City	New York	AS14061 DigitalOcean, LLC	10011	United States	tier_3	2	nan	nan
22	208.91.196.4	Dallas	Texas	AS40034 Confluence Networks Inc	75270	United States	tier_3	1	nan	nan
23	13.33.46.107	Newark	New Jersey	AS16509 Amazon.com, Inc.	07175	United States	tier_3	1	server-13-33-46-107.ewr52.r.cloudfront.net	nan
24	172.67.74.218	San Francisco	California	AS13335 Cloudflare, Inc.	94107	United States	tier_3	1	nan	True
25	151.101.1.124	San Francisco	California	AS54113 Fastly	94107	United States	tier_3	1	nan	True

Aggregated redirection graph of domains located on current IP address.¶

The redirection flows from left to right
Leftmost domains are initial domains hosted on current IP
Rightmost domains are final landing domains we were able to crawl

Screenshot of high-occurrence final landing domains¶

Zhouhan Chen, NYU Center for Data Science, zc1245@nyu.edu, Personal Website

Malware Discoverer Github Homepage.

Daily Threat Intelligence Report¶

Aggregated redirection graph of domains located on current IP address.¶

Screenshot of high-occurrence final landing domains¶

Have other ideas? / Want to subscribe to get threat intelligence report? / Contact¶