viz_redirection_chain_to

Malware Discoverer Github Homepage.

Daily Threat Intelligence Report¶

This report contains following information

Overall statistics
1. Number of domains detected
2. Number of domains detected by Google Safe Browsing
3. IP address behind entry-level domains
4. date of collection
Top 10 domain statistics
1. count (number of redirection paths that contain this domain)
2. tier (1 is entry-level domain, 2 is intermediate hop, 3 is final landing domain)
3. registar
4. organization
Top 10 IP statistics
1. count
2. location (city, country, region)
3. hostname
4. organization
Consolidated redirection path
1. green: tier one domain
2. yellow: tier two domain
3. red: tier three domain

	num_domain	num_links	num_full_url	num_safebrowsing_malicious	num_vt_malicious	date	ip	user_agent
0	79	84	274	0	0	2020-10-19	207.244.67.218	Iphone

	tier	domain	count	registrar	name_servers	org
0	tier_1	kineticarsenal.net	1	Big House Services, LLC	NS1.DNSNUTS.COM	None
1	tier_1	palyacoburada.net	1	EuropeanConnectionOnline.com LLC	NS1.DNSNUTS.COM	None
2	tier_1	eazytrade.net	1	Domainsofvalue.com LLC	NS1.DNSNUTS.COM	None
3	tier_1	fjyocojp.net	1	DropJump.com, LLC	NS1.DNSNUTS.COM	None
4	tier_1	gwab.net	1	SNAPNAMES 84, LLC	NS1.DNSNUTS.COM	None
5	tier_1	genuinagente.net	1	Name Find Source LLC	NS1.DNSNUTS.COM	None
6	tier_1	miraner.net	1	Dropcatch Landing Spot LLC	NS1.DNSNUTS.COM	None
7	tier_1	unlimited2.net	1	Draftpick Domains LLC	NS1.DNSNUTS.COM	None
8	tier_1	gu-ru.net	1	Heavydomains.net LLC	NS1.DNSNUTS.COM	None
9	tier_1	nutkau.net	1	Nom Infinitum, LLC	NS1.DNSNUTS.COM	None
10	tier_2	changeslots.com	34	Instra Corporation Pty Ltd.	CLEO.NS.CLOUDFLARE.COM	REDACTED FOR PRIVACY
11	tier_2	infopicked.com	30	NAMECHEAP INC	NS0.DNSMADEEASY.COM	WhoisGuard, Inc.
12	tier_2	track.tkbo.com	21	Key-Systems GmbH	NS1.DNSRES.NET	c/o whoisproxy.com
13	tier_2	p246485.infopicked.com	15	NAMECHEAP INC	NS0.DNSMADEEASY.COM	WhoisGuard, Inc.
14	tier_2	go.trackinz.com	11	NAMECHEAP INC	NS-1139.AWSDNS-14.ORG	WhoisGuard, Inc.
15	tier_2	click.expmediadirect.com	10	NAMECHEAP INC	NS1.LINODE.COM	WhoisGuard, Inc.
16	tier_2	btpnative.com	10	GoDaddy.com, LLC	NS1.DNSIMPLE.COM	Domains By Proxy, LLC
17	tier_2	p274639.infopicked.com	9	NAMECHEAP INC	NS0.DNSMADEEASY.COM	WhoisGuard, Inc.
18	tier_2	p185689.infopicked.com	6	NAMECHEAP INC	NS0.DNSMADEEASY.COM	WhoisGuard, Inc.
19	tier_2	usa.hermes-vib.com	5	Amazon Registrar, Inc.	NS-1049.AWSDNS-03.ORG	Whois Privacy Service
20	tier_3	theconnectvpn.com	34	DonDominio (SCIP)	ARNOLD.NS.CLOUDFLARE.COM	Soluciones Corporativas IP, c/o Whois Proxy
21	tier_3	clickherefun.com	11	NAMECHEAP INC	NS-1036.AWSDNS-01.ORG	WhoisGuard, Inc.
22	tier_3	allbestsecureus.com	3	NAMECHEAP INC	DNS1.REGISTRAR-SERVERS.COM	WhoisGuard, Inc.
23	tier_3	delightcmain.xyz	2	Epik LLC	MARJORY.NS.CLOUDFLARE.COM	Anonymize, Inc.
24	tier_3	loveorfun.cc	1	NAMECHEAP INC	DNS1.REGISTRAR-SERVERS.COM	WhoisGuard, Inc.
25	tier_3	kinguin.net	1	GoDaddy.com, LLC	JIM.NS.CLOUDFLARE.COM	Domains By Proxy, LLC

	ip	city	region	postal	country_name	tier	count	hostname
0	207.244.67.215	Manassas	Virginia	20108	United States	tier_1	11	nan
1	207.244.67.214	Manassas	Virginia	20108	United States	tier_1	9	nan
2	207.244.67.218	Manassas	Virginia	20108	United States	tier_1	9	nan
3	37.48.65.150	Amsterdam	North Holland	1012	Netherlands	tier_1	5	nan
4	37.48.65.149	Amsterdam	North Holland	1012	Netherlands	tier_1	4	nan
5	185.107.56.57	Rotterdam	South Holland	3012	Netherlands	tier_1	3	nan
6	37.48.65.151	Amsterdam	North Holland	1012	Netherlands	tier_1	2	nan
7	185.107.56.60	Rotterdam	South Holland	3012	Netherlands	tier_1	2	nan
8	185.107.56.58	Rotterdam	South Holland	3012	Netherlands	tier_1	2	nan
9	207.244.67.216	Manassas	Virginia	20108	United States	tier_1	2	nan
10	173.192.101.24	Dallas	Texas	75270	United States	tier_2	64	18.65.c0ad.ip4.static.sl-reverse.com
11	34.207.32.33	Virginia Beach	Virginia	23471	United States	tier_2	34	ec2-34-207-32-33.compute-1.amazonaws.com
12	198.134.116.30	New York City	New York	10013	United States	tier_2	12	nan
13	34.226.252.28	Virginia Beach	Virginia	23471	United States	tier_2	11	ec2-34-226-252-28.compute-1.amazonaws.com
14	209.15.13.136	Toronto	Ontario	M5N	Canada	tier_2	10	nan
15	94.130.186.231	Nürnberg	Bavaria	90402	Germany	tier_2	7	static.231.186.130.94.clients.your-server.de
16	94.130.185.237	Nürnberg	Bavaria	90402	Germany	tier_2	5	static.237.185.130.94.clients.your-server.de
17	138.201.252.161	Geldern	North Rhine-Westphalia	47608	Germany	tier_2	4	proxy.traffic.club
18	144.76.0.242	Nürnberg	Bavaria	90402	Germany	tier_2	3	static.242.0.76.144.clients.your-server.de
19	54.39.130.163	Langford	British Columbia	V9B	Canada	tier_3	3	ns568503.ip-54-39-130.net
20	104.27.187.165	Atlantic City	New Jersey	08404	United States	tier_3	15	nan
21	172.67.181.234	New York City	New York	10004	United States	tier_3	15	nan
22	144.202.92.101	Washington	Virginia	22747	United States	tier_3	11	144.202.92.101.vultr.com
23	104.27.186.165	Atlantic City	New Jersey	08404	United States	tier_3	4	nan
24	54.39.130.163	Langford	British Columbia	V9B	Canada	tier_3	3	ns568503.ip-54-39-130.net
25	216.239.38.21	San Jose	California	95103	United States	tier_3	1	any-in-2615.1e100.net
26	104.18.80.149	New York City	New York	10004	United States	tier_3	1	nan
27	104.18.78.149	New York City	New York	10004	United States	tier_3	1	nan
28	104.17.190.85	New York City	New York	10004	United States	tier_3	1	nan

Zhouhan Chen, NYU Center for Data Science, zc1245@nyu.edu, Personal Website

Malware Discoverer Github Homepage.

Daily Threat Intelligence Report¶

Have other ideas? / Want to subscribe to get threat intelligence report? / Contact¶