viz_redirection_chain_to

Malware Discoverer Github Homepage.

Daily Threat Intelligence Report¶

This report contains following information

Overall statistics
1. Number of domains detected
2. Number of domains detected by Google Safe Browsing
3. IP address behind entry-level domains
4. date of collection
Top 10 domain statistics
1. count (number of redirection paths that contain this domain)
2. tier (1 is entry-level domain, 2 is intermediate hop, 3 is final landing domain)
3. registar
4. organization
Top 10 IP statistics
1. count
2. location (city, country, region)
3. hostname
4. organization
Consolidated redirection path
1. green: tier one domain
2. yellow: tier two domain
3. red: tier three domain

	num_domain	num_links	num_full_url	num_safebrowsing_malicious	num_vt_malicious	date	ip	user_agent
0	293	303	1332	0	14	2021-04-10	207.244.67.215	Android

	tier	domain	count	registrar	name_servers	org
0	tier_1	imle.us	1	Dynadot LLC	ns2.commonmx.com	None
1	tier_1	iamtuhin.co	1	Communigal Communication Ltd	ns2.commonmx.com	None
2	tier_1	channel3000.co	1	Communigal Communication Ltd	ns1.commonmx.com	None
3	tier_1	bcmcon.org	1	GoDaddy.com, LLC	NS1.COMMONMX.COM	None
4	tier_1	hypersia.co	1	GoDaddy.com, LLC	ns2.commonmx.com	None
5	tier_1	influenciador.net	1	Shining Star Domains, LLC	NS1.COMMONMX.COM	None
6	tier_1	drsureshshuklachandra.com	1	GoDaddy.com, LLC	NS1.COMMONMX.COM	None
7	tier_1	asisucedio.co	1	Communigal Communication Ltd	ns2.commonmx.com	None
8	tier_1	avsarangg.com	1	TUCOWS, INC.	NS1.COMMONMX.COM	Contact Privacy Inc. Customer 0158852301
9	tier_1	auburnpeople.co	1	Communigal Communication Ltd	ns2.commonmx.com	None
10	tier_2	btpnav.com	111	1API GmbH	NS1.DNSIMPLE.COM	Registrant of btpnav.com
11	tier_2	aristo-hag.com	75	Amazon Registrar, Inc.	NS-1226.AWSDNS-25.ORG	Whois Privacy Service
12	tier_2	nizephoros-pom.com	55	Amazon Registrar, Inc.	NS-1192.AWSDNS-21.ORG	Whois Privacy Service
13	tier_2	get.popplunder.com	55	None	None	None
14	tier_2	trustedpush.com	55	NAMECHEAP INC	NS-1142.AWSDNS-14.ORG	Privacy service provided by Withheld for Privacy ehf
15	tier_2	win1.trustedpush.com	54	NAMECHEAP INC	NS-1142.AWSDNS-14.ORG	Privacy service provided by Withheld for Privacy ehf
16	tier_2	win2.trustedpush.com	43	NAMECHEAP INC	NS-1142.AWSDNS-14.ORG	Privacy service provided by Withheld for Privacy ehf
17	tier_2	ads35.adtelligent.com	36	DANESCO TRADING LTD	NS.ANYCASTNS1.ORG	Vertamedia,LLC
18	tier_2	dsp35.adtelligent.com	36	DANESCO TRADING LTD	NS.ANYCASTNS1.ORG	Vertamedia,LLC
19	tier_2	aibm1.mysearch.space	36	None	None	None
20	tier_2	externals-1953518744.us-east-1.elb.amazonaws.com	36	MarkMonitor, Inc.	R1.AMAZONAWS.COM	Amazon.com, Inc.
21	tier_2	search.snjsearch.com	36	GoDaddy.com, LLC	NS73.DOMAINCONTROL.COM	Domains By Proxy, LLC
22	tier_2	search-checker.com	36	Name.com, Inc.	BETH.NS.CLOUDFLARE.COM	Domain Protection Services, Inc.
23	tier_2	m.onlineweb.mobi	36	GoDaddy.com, LLC	None	None
24	tier_2	win3.trustedpush.com	32	NAMECHEAP INC	NS-1142.AWSDNS-14.ORG	Privacy service provided by Withheld for Privacy ehf
25	tier_2	win4.trustedpush.com	18	NAMECHEAP INC	NS-1142.AWSDNS-14.ORG	Privacy service provided by Withheld for Privacy ehf
26	tier_2	click.expmediadirect.com	17	NameCheap, Inc.	NS1.LINODE.COM	None
27	tier_2	btpnative.com	16	1API GmbH	NS1.DNSIMPLE.COM	Registrant of btpnative.com
28	tier_2	2893.rawlexi.com	16	GoDaddy Online Services Cayman Islands LTD	NS-128.AWSDNS-16.COM	None
29	tier_2	awakeningsco.com	16	GoDaddy Online Services Cayman Islands LTD	HUGH.NS.CLOUDFLARE.COM	None
30	tier_3	bing.com	36	MarkMonitor, Inc.	DNS1.P09.NSONE.NET	Microsoft Corporation
31	tier_3	win5.trustedpush.com	16	NAMECHEAP INC	NS-1142.AWSDNS-14.ORG	Privacy service provided by Withheld for Privacy ehf
32	tier_3	storystudio.sfgate.com	15	CSC CORPORATE DOMAINS, INC.	NS1.HEARSTNP.COM	Hearst Communications, Inc.
33	tier_3	win4.trustedpush.com	14	NAMECHEAP INC	NS-1142.AWSDNS-14.ORG	Privacy service provided by Withheld for Privacy ehf
34	tier_3	win2.trustedpush.com	11	None	None	None
35	tier_3	win3.trustedpush.com	11	NAMECHEAP INC	NS-1142.AWSDNS-14.ORG	Privacy service provided by Withheld for Privacy ehf
36	tier_3	m.placesiteb.xyz	8	Sav.comLLC	HUGH.NS.CLOUDFLARE.COM	Privacy Protection
37	tier_3	storystudio.mysanantonio.com	5	CSC CORPORATE DOMAINS, INC.	NS1.HEARSTNP.COM	The Hearst Corporation
38	tier_3	a.dollarsurvey365.online	3	URL Solutions Inc.	CRYSTAL.NS.CLOUDFLARE.COM	None
39	tier_3	filter.onwardclick.com	3	None	None	None
40	tier_3	aarpmedicareplans.com	3	CSC CORPORATE DOMAINS, INC.	EDNS4.ULTRADNS.BIZ	UnitedHealth Group Incorporated
41	tier_3	rd.bizrate.com	3	MarkMonitor, Inc.	NS-1189.AWSDNS-20.ORG	Meredith Corporation
42	tier_3	beyourxfriend.com	3	GoDaddy.com, LLC	NS0.DNSMADEEASY.COM	None
43	tier_3	storystudio.chron.com	3	CSC CORPORATE DOMAINS, INC.	NS1.HEARSTNP.COM	Hearst Newspapers, LLC
44	tier_3	htvnativeadsolutions.com	3	CSC CORPORATE DOMAINS, INC.	NS1.HEARSTNP.COM	Hearst Television Inc.
45	tier_3	dollarshaveclub.com	2	GoDaddy.com, LLC	NS-1465.AWSDNS-55.ORG	Domains By Proxy, LLC
46	tier_3	b.meeryslotspin.xyz	2	Epik LLC	MARJORY.NS.CLOUDFLARE.COM	Anonymize, Inc.
47	tier_3	win6.trustedpush.com	2	NAMECHEAP INC	NS-1142.AWSDNS-14.ORG	Privacy service provided by Withheld for Privacy ehf
48	tier_3	b.gladspaceplane.xyz	2	Epik LLC	MARJORY.NS.CLOUDFLARE.COM	Anonymize, Inc.
49	tier_3	m.gladplacespin.xyz	2	Epik LLC	MARJORY.NS.CLOUDFLARE.COM	Anonymize, Inc.
50	tier_3	moneyfinancegold.com	2	NameCheap, Inc.	ANNA.NS.CLOUDFLARE.COM	None
51	tier_3	aklief.com	2	NOM-IQ Ltd dba Com Laude	DNS1.COMLAUDE-DNS.COM	Galderma Holding SA
52	tier_3	thredup.com	2	GoDaddy.com, LLC	MATT.NS.CLOUDFLARE.COM	ThredUp Inc.
53	tier_3	b.funmapd.xyz	2	Sav.comLLC	HUGH.NS.CLOUDFLARE.COM	Privacy Protection
54	tier_3	uniqlo.com	1	1API GmbH	NS-1415.AWSDNS-48.ORG	None
55	tier_3	netradioplayer.com	1	GoDaddy.com, LLC	NS41.DOMAINCONTROL.COM	Domains By Proxy, LLC
56	tier_3	m.fastspotb.xyz	1	Sav.comLLC	HUGH.NS.CLOUDFLARE.COM	Privacy Protection
57	tier_3	michael-dowling.com	1	GoDaddy.com, LLC	NS77.DOMAINCONTROL.COM	Northwell Health
58	tier_3	btpnav.com	1	1API GmbH	NS1.DNSIMPLE.COM	Registrant of btpnav.com
59	tier_3	mbest.aliexpress.com	1	Alibaba Cloud Computing (Beijing) Co., Ltd.	NS1.ALIBABADNS.COM	None

	ip	city	region	org	postal	country_name	tier	count	hostname	anycast
0	207.244.67.218	Washington	Washington, D.C.	AS30633 Leaseweb USA, Inc.	20045	United States	tier_1	27	nan	nan
1	207.244.67.216	Washington	Washington, D.C.	AS30633 Leaseweb USA, Inc.	20045	United States	tier_1	25	nan	nan
2	207.244.67.215	Washington	Washington, D.C.	AS30633 Leaseweb USA, Inc.	20045	United States	tier_1	25	nan	nan
3	207.244.67.214	Washington	Washington, D.C.	AS30633 Leaseweb USA, Inc.	20045	United States	tier_1	18	nan	nan
4	104.243.45.190	New York City	New York	AS23470 ReliableSite.Net LLC	10004	United States	tier_1	14	nan	nan
5	104.243.45.178	New York City	New York	AS23470 ReliableSite.Net LLC	10004	United States	tier_1	9	nan	nan
6	104.243.45.179	New York City	New York	AS23470 ReliableSite.Net LLC	10004	United States	tier_1	9	nan	nan
7	206.221.176.184	Newark	New Jersey	AS23470 ReliableSite.Net LLC	07175	United States	tier_1	8	nan	nan
8	82.192.82.227	Amsterdam	North Holland	AS60781 LeaseWeb Netherlands B.V.	1012	Netherlands	tier_1	4	nan	nan
9	185.107.56.197	Rotterdam	South Holland	AS43350 NForce Entertainment B.V.	3012	Netherlands	tier_1	4	nan	nan
10	209.15.13.136	Toronto	Ontario	AS13768 Aptum Technologies	M5N	Canada	tier_3	1	nan	nan
11	99.84.114.35	Newark	New Jersey	AS16509 Amazon.com, Inc.	07175	United States	tier_3	6	server-99-84-114-35.ewr52.r.cloudfront.net	nan
12	34.199.180.187	Ashburn	Virginia	AS14618 Amazon.com, Inc.	20149	United States	tier_2	55	ec2-34-199-180-187.compute-1.amazonaws.com	nan
13	99.84.114.90	Newark	New Jersey	AS16509 Amazon.com, Inc.	07175	United States	tier_3	2	server-99-84-114-90.ewr52.r.cloudfront.net	nan
14	99.84.114.87	Newark	New Jersey	AS16509 Amazon.com, Inc.	07175	United States	tier_3	5	server-99-84-114-87.ewr52.r.cloudfront.net	nan
15	99.84.114.98	Newark	New Jersey	AS16509 Amazon.com, Inc.	07175	United States	tier_3	5	server-99-84-114-98.ewr52.r.cloudfront.net	nan
16	209.205.202.42	New York City	New York	AS55081 24 SHELLS	10004	United States	tier_2	36	static-42-202-205-209.24shells.net	nan
17	209.205.202.43	New York City	New York	AS55081 24 SHELLS	10004	United States	tier_2	36	static-43-202-205-209.24shells.net	nan
18	35.162.164.74	Boardman	Oregon	AS16509 Amazon.com, Inc.	97818	United States	tier_2	36	ec2-35-162-164-74.us-west-2.compute.amazonaws.com	nan
19	204.44.79.214	Los Angeles	California	AS8100 QuadraNet Enterprises LLC	90014	United States	tier_2	32	204.44.79.214.static.quadranet.com	nan
20	104.21.41.235	San Francisco	California	AS13335 Cloudflare, Inc.	94107	United States	tier_2	27	nan	True
21	18.235.67.128	Ashburn	Virginia	AS14618 Amazon.com, Inc.	20149	United States	tier_2	26	ec2-18-235-67-128.compute-1.amazonaws.com	nan
22	52.72.29.7	Ashburn	Virginia	AS14618 Amazon.com, Inc.	20149	United States	tier_2	23	ec2-52-72-29-7.compute-1.amazonaws.com	nan
23	192.241.229.243	San Francisco	California	AS14061 DigitalOcean, LLC	94124	United States	tier_2	23	nan	nan
24	54.208.107.202	Ashburn	Virginia	AS14618 Amazon.com, Inc.	20149	United States	tier_2	23	ec2-54-208-107-202.compute-1.amazonaws.com	nan
25	34.207.43.7	Ashburn	Virginia	AS14618 Amazon.com, Inc.	20149	United States	tier_2	22	ec2-34-207-43-7.compute-1.amazonaws.com	nan
26	52.29.135.45	Frankfurt am Main	Hesse	AS16509 Amazon.com, Inc.	60311	Germany	tier_2	21	ec2-52-29-135-45.eu-central-1.compute.amazonaws.com	nan
27	50.16.173.246	Ashburn	Virginia	AS14618 Amazon.com, Inc.	20149	United States	tier_2	21	ec2-50-16-173-246.compute-1.amazonaws.com	nan
28	34.197.176.2	Ashburn	Virginia	AS14618 Amazon.com, Inc.	20149	United States	tier_2	21	ec2-34-197-176-2.compute-1.amazonaws.com	nan
29	52.206.108.38	Ashburn	Virginia	AS14618 Amazon.com, Inc.	20149	United States	tier_2	20	ec2-52-206-108-38.compute-1.amazonaws.com	nan
30	100.37.135.2	New York City	New York	AS701 MCI Communications Services, Inc. d/b/a Verizon Business	10004	United States	tier_3	40	pool-100-37-135-2.nycmny.fios.verizon.net	nan
31	98.129.228.57	Dallas	Texas	AS33070 Rackspace Hosting	75270	United States	tier_3	24	nan	nan
32	204.79.197.200	Redmond	Washington	AS8068 Microsoft Corporation	98052	United States	tier_3	22	a-0001.a-msedge.net	True
33	13.107.21.200	Redmond	Washington	AS8068 Microsoft Corporation	98052	United States	tier_3	14	nan	True
34	99.84.114.35	Newark	New Jersey	AS16509 Amazon.com, Inc.	07175	United States	tier_3	6	server-99-84-114-35.ewr52.r.cloudfront.net	nan
35	99.84.114.87	Newark	New Jersey	AS16509 Amazon.com, Inc.	07175	United States	tier_3	5	server-99-84-114-87.ewr52.r.cloudfront.net	nan
36	104.18.80.149	San Francisco	California	AS13335 Cloudflare, Inc.	94107	United States	tier_3	5	nan	True
37	99.84.114.98	Newark	New Jersey	AS16509 Amazon.com, Inc.	07175	United States	tier_3	5	server-99-84-114-98.ewr52.r.cloudfront.net	nan
38	104.18.78.149	San Francisco	California	AS13335 Cloudflare, Inc.	94107	United States	tier_3	4	nan	True
39	104.18.79.149	San Francisco	California	AS13335 Cloudflare, Inc.	94107	United States	tier_3	4	nan	True
40	104.18.82.149	San Francisco	California	AS13335 Cloudflare, Inc.	94107	United States	tier_3	3	nan	True
41	173.239.53.32	New York City	New York	AS27257 Webair Internet Development Company Inc.	10004	United States	tier_3	3	nan	nan
42	184.85.16.190	Newark	New Jersey	AS16625 Akamai Technologies, Inc.	07175	United States	tier_3	3	a184-85-16-190.deploy.static.akamaitechnologies.com	nan
43	192.138.218.207	Seattle	Washington	AS14332 Connexity, Inc.	98111	United States	tier_3	3	nan	nan
44	45.33.8.244	Richardson	Texas	AS63949 Linode, LLC	75080	United States	tier_3	3	li962-244.members.linode.com	nan
45	151.101.0.200	San Francisco	California	AS54113 Fastly	94107	United States	tier_3	3	nan	True
46	99.84.114.90	Newark	New Jersey	AS16509 Amazon.com, Inc.	07175	United States	tier_3	2	server-99-84-114-90.ewr52.r.cloudfront.net	nan
47	151.101.1.9	San Francisco	California	AS54113 Fastly	94107	United States	tier_3	2	nan	True
48	104.26.14.226	San Francisco	California	AS13335 Cloudflare, Inc.	94107	United States	tier_3	2	nan	True
49	104.18.81.149	San Francisco	California	AS13335 Cloudflare, Inc.	94107	United States	tier_3	2	nan	True
50	104.21.95.173	San Francisco	California	AS13335 Cloudflare, Inc.	94107	United States	tier_3	2	nan	True
51	151.101.194.216	San Francisco	California	AS54113 Fastly	94107	United States	tier_3	2	nan	True
52	23.201.25.61	Newark	New Jersey	AS16625 Akamai Technologies, Inc.	07175	United States	tier_3	1	a23-201-25-61.deploy.static.akamaitechnologies.com	nan
53	52.20.164.166	Ashburn	Virginia	AS14618 Amazon.com, Inc.	20149	United States	tier_3	1	ec2-52-20-164-166.compute-1.amazonaws.com	nan
54	209.15.13.136	Toronto	Ontario	AS13768 Aptum Technologies	M5N	Canada	tier_3	1	nan	nan
55	104.26.15.226	San Francisco	California	AS13335 Cloudflare, Inc.	94107	United States	tier_3	1	nan	True
56	184.85.14.232	Newark	New Jersey	AS16625 Akamai Technologies, Inc.	07175	United States	tier_3	1	a184-85-14-232.deploy.static.akamaitechnologies.com	nan
57	23.59.250.106	Newark	New Jersey	AS20940 Akamai International B.V.	07175	United States	tier_3	1	a23-59-250-106.deploy.static.akamaitechnologies.com	nan
58	151.101.2.126	San Francisco	California	AS54113 Fastly	94107	United States	tier_3	1	nan	True
59	52.3.4.129	Ashburn	Virginia	AS14618 Amazon.com, Inc.	20149	United States	tier_3	1	ec2-52-3-4-129.compute-1.amazonaws.com	nan

Aggregated redirection graph of domains located on current IP address.¶

The redirection flows from left to right
Leftmost domains are initial domains hosted on current IP
Rightmost domains are final landing domains we were able to crawl

Screenshot of high-occurrence final landing domains¶

Zhouhan Chen, NYU Center for Data Science, zc1245@nyu.edu, Personal Website

Malware Discoverer Github Homepage.

Daily Threat Intelligence Report¶

Aggregated redirection graph of domains located on current IP address.¶

Screenshot of high-occurrence final landing domains¶

Have other ideas? / Want to subscribe to get threat intelligence report? / Contact¶