viz_redirection_chain_to

Malware Discoverer Github Homepage.

Daily Threat Intelligence Report¶

This report contains following information

Overall statistics
1. Number of domains detected
2. Number of domains detected by Google Safe Browsing
3. IP address behind entry-level domains
4. date of collection
Top 10 domain statistics
1. count (number of redirection paths that contain this domain)
2. tier (1 is entry-level domain, 2 is intermediate hop, 3 is final landing domain)
3. registar
4. organization
Top 10 IP statistics
1. count
2. location (city, country, region)
3. hostname
4. organization
Consolidated redirection path
1. green: tier one domain
2. yellow: tier two domain
3. red: tier three domain

	num_domain	num_links	num_full_url	num_safebrowsing_malicious	num_vt_malicious	date	ip	user_agent
0	181	198	552	0	0	2020-12-31	37.48.65.149	Android

	tier	domain	count	registrar	name_servers	org
0	tier_1	albasocial.net	1	Fushi Tarazu, LLC	NS1.DNSNUTS.COM	None
1	tier_1	brasilonline.tv	1	Sterling Domains LLC	NS1.DNSNUTS.COM	None
2	tier_1	ritterelementaryschool.com	1	NamePal.com #8014, LLC	NS1.DNSNUTS.COM	None
3	tier_1	nhahangthanbien.com	1	NamePal.com #8012, LLC	NS1.DNSNUTS.COM	None
4	tier_1	lankadrama.com	1	Namecatch LLC	NS1.DNSNUTS.COM	None
5	tier_1	putasatrevidas.com	1	SNAPNAMES 63, LLC	NS1.DNSNUTS.COM	None
6	tier_1	dutopia.info	1	UDomainName.com LLC	NS1.DNSNUTS.COM	The Management Group II
7	tier_1	beritatrendz.com	1	Nameselite, LLC	NS1.DNSNUTS.COM	None
8	tier_1	shireen-n.com	1	Nameselite, LLC	NS1.DNSNUTS.COM	None
9	tier_1	causticwow.net	1	Klaatudomains.com LLC	NS1.DNSNUTS.COM	None
10	tier_2	track.vcdc.com	45	Key-Systems GmbH	GUY.NS.CLOUDFLARE.COM	c/o whoisproxy.com
11	tier_2	alfik-fik.com	41	Amazon Registrar, Inc.	NS-1264.AWSDNS-30.ORG	Whois Privacy Service
12	tier_2	bradamante-per.com	27	Amazon Registrar, Inc.	NS-1026.AWSDNS-00.ORG	Whois Privacy Service
13	tier_2	get.popplunder.com	27	NAMECHEAP INC	DNS1.REGISTRAR-SERVERS.COM	WhoisGuard, Inc.
14	tier_2	trustedpush.com	26	NAMECHEAP INC	NS-1142.AWSDNS-14.ORG	WhoisGuard, Inc.
15	tier_2	win1.trustedpush.com	25	NAMECHEAP INC	NS-1142.AWSDNS-14.ORG	WhoisGuard, Inc.
16	tier_2	win2.trustedpush.com	22	NAMECHEAP INC	NS-1142.AWSDNS-14.ORG	WhoisGuard, Inc.
17	tier_2	win3.trustedpush.com	14	NAMECHEAP INC	NS-1142.AWSDNS-14.ORG	WhoisGuard, Inc.
18	tier_2	dprtb.com	12	GoDaddy.com, LLC	NS1.DNSIMPLE.COM	Bidtellect, Inc
19	tier_2	click.expmediadirect.com	12	NAMECHEAP INC	NS1.LINODE.COM	WhoisGuard, Inc.
20	tier_3	blog.sfgate.com	17	CSC CORPORATE DOMAINS, INC.	NS1.HEARSTNP.COM	Hearst Communications, Inc.
21	tier_3	blog.chron.com	17	CSC CORPORATE DOMAINS, INC.	NS1.HEARSTNP.COM	Hearst Newspapers, LLC
22	tier_3	win4.trustedpush.com	9	NAMECHEAP INC	NS-1142.AWSDNS-14.ORG	WhoisGuard, Inc.
23	tier_3	win3.trustedpush.com	8	NAMECHEAP INC	NS-1142.AWSDNS-14.ORG	WhoisGuard, Inc.
24	tier_3	findoffers.co	7	Key-Systems GmbH	ns4.monikerdns.net	Moniker Privacy Services
25	tier_3	track.vcdc.com	7	Key-Systems GmbH	GUY.NS.CLOUDFLARE.COM	c/o whoisproxy.com
26	tier_3	win5.trustedpush.com	4	NAMECHEAP INC	NS-1142.AWSDNS-14.ORG	WhoisGuard, Inc.
27	tier_3	win2.trustedpush.com	3	NameCheap, Inc.	NS-1142.AWSDNS-14.ORG	None
28	tier_3	medicare.healthcare.com	3	GoDaddy.com, LLC	NS-1455.AWSDNS-53.ORG	Domains By Proxy, LLC
29	tier_3	squirt.org	2	None	None	None

	ip	city	region	org	postal	country_name	tier	count	hostname	anycast
0	207.244.67.214	Manassas	Virginia	AS30633 Leaseweb USA, Inc.	20108	United States	tier_1	19	nan	nan
1	207.244.67.216	Manassas	Virginia	AS30633 Leaseweb USA, Inc.	20108	United States	tier_1	18	nan	nan
2	207.244.67.215	Manassas	Virginia	AS30633 Leaseweb USA, Inc.	20108	United States	tier_1	17	nan	nan
3	207.244.67.218	Manassas	Virginia	AS30633 Leaseweb USA, Inc.	20108	United States	tier_1	16	nan	nan
4	37.48.65.149	Amsterdam	North Holland	AS60781 LeaseWeb Netherlands B.V.	1012	Netherlands	tier_1	4	nan	nan
5	185.107.56.60	Amsterdam	North Holland	AS43350 NForce Entertainment B.V.	1012	Netherlands	tier_1	3	nan	nan
6	63.143.32.93	Dallas	Texas	AS46475 Limestone Networks, Inc.	75202	United States	tier_1	3	93-32-143-63.static.reverse.lstn.net	nan
7	63.143.32.94	Dallas	Texas	AS46475 Limestone Networks, Inc.	75202	United States	tier_1	2	94-32-143-63.static.reverse.lstn.net	nan
8	37.48.65.148	Amsterdam	North Holland	AS60781 LeaseWeb Netherlands B.V.	1012	Netherlands	tier_1	2	nan	nan
9	63.143.32.92	Dallas	Texas	AS46475 Limestone Networks, Inc.	75202	United States	tier_1	2	92-32-143-63.static.reverse.lstn.net	nan
10	13.224.211.117	Seattle	Washington	AS16509 Amazon.com, Inc.	98101	United States	tier_3	4	server-13-224-211-117.phl50.r.cloudfront.net	nan
11	34.226.113.11	Virginia Beach	Virginia	AS14618 Amazon.com, Inc.	23464	United States	tier_2	37	ec2-34-226-113-11.compute-1.amazonaws.com	nan
12	204.44.79.214	Los Angeles	California	AS8100 QuadraNet Enterprises LLC	90014	United States	tier_2	35	204.44.79.214.static.quadranet.com	nan
13	34.202.98.117	Virginia Beach	Virginia	AS14618 Amazon.com, Inc.	23464	United States	tier_2	31	ec2-34-202-98-117.compute-1.amazonaws.com	nan
14	34.199.180.187	Virginia Beach	Virginia	AS14618 Amazon.com, Inc.	23464	United States	tier_2	27	ec2-34-199-180-187.compute-1.amazonaws.com	nan
15	13.224.211.59	Seattle	Washington	AS16509 Amazon.com, Inc.	98101	United States	tier_2	25	server-13-224-211-59.phl50.r.cloudfront.net	nan
16	209.15.13.136	Toronto	Ontario	AS13768 Aptum Technologies	M5N	Canada	tier_2	23	nan	nan
17	13.224.211.119	Seattle	Washington	AS16509 Amazon.com, Inc.	98101	United States	tier_3	3	server-13-224-211-119.phl50.r.cloudfront.net	nan
18	94.130.186.231	Nürnberg	Bavaria	AS24940 Hetzner Online GmbH	90402	Germany	tier_2	17	static.231.186.130.94.clients.your-server.de	nan
19	94.130.185.237	Nürnberg	Bavaria	AS24940 Hetzner Online GmbH	90402	Germany	tier_2	14	static.237.185.130.94.clients.your-server.de	nan
20	151.101.0.200	San Francisco	California	AS54113 Fastly	94107	United States	tier_3	34	nan	True
21	100.37.135.2	New York City	New York	AS701 MCI Communications Services, Inc. d/b/a Verizon Business	10004	United States	tier_3	20	pool-100-37-135-2.nycmny.fios.verizon.net	nan
22	18.190.1.57	Columbus	Ohio	AS16509 Amazon.com, Inc.	43221	United States	tier_3	7	ec2-18-190-1-57.us-east-2.compute.amazonaws.com	nan
23	195.201.92.254	Nürnberg	Bavaria	AS24940 Hetzner Online GmbH	90402	Germany	tier_3	7	static.254.92.201.195.clients.your-server.de	nan
24	13.224.211.117	Seattle	Washington	AS16509 Amazon.com, Inc.	98101	United States	tier_3	4	server-13-224-211-117.phl50.r.cloudfront.net	nan
25	13.224.211.119	Seattle	Washington	AS16509 Amazon.com, Inc.	98101	United States	tier_3	3	server-13-224-211-119.phl50.r.cloudfront.net	nan
26	158.106.84.60	Toronto	Ontario	AS23498 COGECODATA	M5N	Canada	tier_3	2	gay-hookup.com	nan
27	34.237.115.112	Virginia Beach	Virginia	AS14618 Amazon.com, Inc.	23464	United States	tier_3	2	ec2-34-237-115-112.compute-1.amazonaws.com	nan
28	23.39.32.237	Newark	New Jersey	AS16625 Akamai Technologies, Inc.	07175	United States	tier_3	2	a23-39-32-237.deploy.static.akamaitechnologies.com	nan
29	13.224.211.22	Seattle	Washington	AS16509 Amazon.com, Inc.	98101	United States	tier_3	2	server-13-224-211-22.phl50.r.cloudfront.net	nan

Zhouhan Chen, NYU Center for Data Science, zc1245@nyu.edu, Personal Website

Malware Discoverer Github Homepage.

Daily Threat Intelligence Report¶

Have other ideas? / Want to subscribe to get threat intelligence report? / Contact¶