viz_redirection_chain_to

Malware Discoverer Github Homepage.

Daily Threat Intelligence Report¶

This report contains following information

Overall statistics
1. Number of domains detected
2. Number of domains detected by Google Safe Browsing
3. IP address behind entry-level domains
4. date of collection
Top 10 domain statistics
1. count (number of redirection paths that contain this domain)
2. tier (1 is entry-level domain, 2 is intermediate hop, 3 is final landing domain)
3. registar
4. organization
Top 10 IP statistics
1. count
2. location (city, country, region)
3. hostname
4. organization
Consolidated redirection path
1. green: tier one domain
2. yellow: tier two domain
3. red: tier three domain

	num_domain	num_links	num_full_url	num_safebrowsing_malicious	num_vt_malicious	date	ip	user_agent
0	245	249	776	0	157	2021-02-20	207.244.67.215	Android

	tier	domain	count	registrar	name_servers	org
0	tier_1	forrealzpiratebay.org	1	Biglizarddomains.com LLC	NS1.COMMONMX.COM	None
1	tier_1	ecomatt.co	1	GoDaddy.com, LLC	ns2.commonmx.com	None
2	tier_1	720pizle.co	1	GoDaddy.com, LLC	ns2.commonmx.com	None
3	tier_1	dudedigitalcodes.com	1	Chipshot Domains LLC	NS1.COMMONMX.COM	None
4	tier_1	baicung.com	1	GoDaddy.com, LLC	NS1.COMMONMX.COM	None
5	tier_1	desigay.org	1	Beartrapdomains.com LLC	NS1.COMMONMX.COM	None
6	tier_1	chagford-accom.co.uk	1	Virtua Drug Ltd t/a autoBackorder [Tag = AUTOBACKORDER]	n	None
7	tier_1	davmodeldgp.org	1	Domainamania.com LLC	NS1.COMMONMX.COM	None
8	tier_1	fueledup.co	1	Communigal Communication Ltd	ns2.commonmx.com	None
9	tier_1	cannalegit.co	1	Communigal Communication Ltd	ns2.commonmx.com	None
10	tier_2	2893.wcitianka.com	70	GoDaddy Online Services Cayman Islands LTD	NS-1096.AWSDNS-09.ORG	None
11	tier_2	awakeningsco.com	69	GoDaddy Online Services Cayman Islands LTD	HUGH.NS.CLOUDFLARE.COM	None
12	tier_2	dprtb.com	43	1API GmbH	NS1.DNSIMPLE.COM	REDACTED FOR PRIVACY
13	tier_2	bradamante-per.com	26	Amazon Registrar, Inc.	NS-1026.AWSDNS-00.ORG	Whois Privacy Service
14	tier_2	get.popplunder.com	26	NAMECHEAP INC	DNS1.REGISTRAR-SERVERS.COM	WhoisGuard, Inc.
15	tier_2	trustedpush.com	25	NAMECHEAP INC	NS-1142.AWSDNS-14.ORG	WhoisGuard, Inc.
16	tier_2	win1.trustedpush.com	22	NAMECHEAP INC	NS-1142.AWSDNS-14.ORG	WhoisGuard, Inc.
17	tier_2	alfik-fik.com	19	Amazon Registrar, Inc.	NS-1264.AWSDNS-30.ORG	Whois Privacy Service
18	tier_2	win2.trustedpush.com	13	None	None	None
19	tier_2	btpnative.com	8	1API GmbH	NS1.DNSIMPLE.COM	Registrant of btpnative.com
20	tier_3	dprtb.com	55	1API GmbH	NS1.DNSIMPLE.COM	REDACTED FOR PRIVACY
21	tier_3	b.funmapd.xyz	23	Sav.comLLC	HUGH.NS.CLOUDFLARE.COM	Privacy Protection
22	tier_3	m.fastspotb.xyz	16	Sav.comLLC	HUGH.NS.CLOUDFLARE.COM	Privacy Protection
23	tier_3	b.gladspaceplane.xyz	14	Epik LLC	MARJORY.NS.CLOUDFLARE.COM	Anonymize, Inc.
24	tier_3	storystudio.sfgate.com	12	CSC CORPORATE DOMAINS, INC.	NS1.HEARSTNP.COM	Hearst Communications, Inc.
25	tier_3	win3.trustedpush.com	11	NAMECHEAP INC	NS-1142.AWSDNS-14.ORG	WhoisGuard, Inc.
26	tier_3	b.delightcmain.xyz	11	Epik LLC	MARJORY.NS.CLOUDFLARE.COM	Anonymize, Inc.
27	tier_3	btpnative.com	11	1API GmbH	NS1.DNSIMPLE.COM	Registrant of btpnative.com
28	tier_3	win2.trustedpush.com	9	NAMECHEAP INC	NS-1142.AWSDNS-14.ORG	WhoisGuard, Inc.
29	tier_3	b.meeryslotspin.xyz	9	Epik LLC	MARJORY.NS.CLOUDFLARE.COM	Anonymize, Inc.

	ip	city	region	org	postal	country_name	tier	count	anycast	hostname
0	207.244.67.215	Manassas	Virginia	AS30633 Leaseweb USA, Inc.	20108	United States	tier_1	28	nan	nan
1	207.244.67.216	Manassas	Virginia	AS30633 Leaseweb USA, Inc.	20108	United States	tier_1	26	nan	nan
2	207.244.67.214	Manassas	Virginia	AS30633 Leaseweb USA, Inc.	20108	United States	tier_1	25	nan	nan
3	207.244.67.218	Manassas	Virginia	AS30633 Leaseweb USA, Inc.	20108	United States	tier_1	22	nan	nan
4	206.221.176.184	New York City	New York	AS23470 ReliableSite.Net LLC	10004	United States	tier_1	19	nan	nan
5	104.243.45.179	New York City	New York	AS23470 ReliableSite.Net LLC	10004	United States	tier_1	13	nan	nan
6	104.243.45.178	New York City	New York	AS23470 ReliableSite.Net LLC	10004	United States	tier_1	12	nan	nan
7	37.48.65.150	Soest	Utrecht	AS60781 LeaseWeb Netherlands B.V.	3765	Netherlands	tier_1	8	nan	nan
8	37.48.65.149	Soest	Utrecht	AS60781 LeaseWeb Netherlands B.V.	3765	Netherlands	tier_1	4	nan	nan
9	104.243.45.190	New York City	New York	AS23470 ReliableSite.Net LLC	10004	United States	tier_1	4	nan	nan
10	198.54.112.216	San Jose	California	AS22612 Namecheap, Inc.	95103	United States	tier_2	70	nan	nan
11	209.15.13.136	Toronto	Ontario	AS13768 Aptum Technologies	M5N	Canada	tier_3	66	nan	nan
12	104.18.2.198	San Francisco	California	AS13335 Cloudflare, Inc.	94107	United States	tier_2	46	True	nan
13	34.199.180.187	Virginia Beach	Virginia	AS14618 Amazon.com, Inc.	23452	United States	tier_2	26	nan	ec2-34-199-180-187.compute-1.amazonaws.com
14	104.18.3.198	San Francisco	California	AS13335 Cloudflare, Inc.	94107	United States	tier_2	23	True	nan
15	34.200.146.95	Virginia Beach	Virginia	AS14618 Amazon.com, Inc.	23452	United States	tier_2	23	nan	ec2-34-200-146-95.compute-1.amazonaws.com
16	54.84.27.165	Virginia Beach	Virginia	AS14618 Amazon.com, Inc.	23452	United States	tier_2	22	nan	ec2-54-84-27-165.compute-1.amazonaws.com
17	13.225.218.47	New York City	New York	AS16509 Amazon.com, Inc.	10004	United States	tier_2	18	nan	server-13-225-218-47.jfk51.r.cloudfront.net
18	204.44.79.214	Los Angeles	California	AS8100 QuadraNet Enterprises LLC	90014	United States	tier_2	17	nan	204.44.79.214.static.quadranet.com
19	13.225.218.79	New York City	New York	AS16509 Amazon.com, Inc.	10004	United States	tier_2	16	nan	server-13-225-218-79.jfk51.r.cloudfront.net
20	209.15.13.136	Toronto	Ontario	AS13768 Aptum Technologies	M5N	Canada	tier_3	66	nan	nan
21	104.18.82.149	San Francisco	California	AS13335 Cloudflare, Inc.	94107	United States	tier_3	28	True	nan
22	100.37.135.2	New York City	New York	AS701 MCI Communications Services, Inc. d/b/a Verizon Business	10004	United States	tier_3	18	nan	pool-100-37-135-2.nycmny.fios.verizon.net
23	98.129.228.57	Dallas	Texas	AS33070 Rackspace Hosting	75270	United States	tier_3	17	nan	nan
24	104.18.81.149	San Francisco	California	AS13335 Cloudflare, Inc.	94107	United States	tier_3	15	True	nan
25	104.18.78.149	San Francisco	California	AS13335 Cloudflare, Inc.	94107	United States	tier_3	13	True	nan
26	104.18.80.149	San Francisco	California	AS13335 Cloudflare, Inc.	94107	United States	tier_3	11	True	nan
27	104.18.79.149	San Francisco	California	AS13335 Cloudflare, Inc.	94107	United States	tier_3	6	True	nan
28	13.225.218.113	New York City	New York	AS16509 Amazon.com, Inc.	10004	United States	tier_3	4	nan	server-13-225-218-113.jfk51.r.cloudfront.net
29	104.21.95.173	San Francisco	California	AS13335 Cloudflare, Inc.	94107	United States	tier_3	2	True	nan

Aggregated redirection graph of domains located on current IP address.¶

The redirection flows from left to right
Leftmost domains are initial domains hosted on current IP
Rightmost domains are final landing domains we were able to crawl

Screenshot of high-occurrence final landing domains¶

Zhouhan Chen, NYU Center for Data Science, zc1245@nyu.edu, Personal Website

Malware Discoverer Github Homepage.

Daily Threat Intelligence Report¶

Aggregated redirection graph of domains located on current IP address.¶

Screenshot of high-occurrence final landing domains¶

Have other ideas? / Want to subscribe to get threat intelligence report? / Contact¶