viz_redirection_chain_to

Malware Discoverer Github Homepage.

Daily Threat Intelligence Report¶

This report contains following information

Overall statistics
1. Number of domains detected
2. Number of domains detected by Google Safe Browsing
3. IP address behind entry-level domains
4. date of collection
Top 10 domain statistics
1. count (number of redirection paths that contain this domain)
2. tier (1 is entry-level domain, 2 is intermediate hop, 3 is final landing domain)
3. registar
4. organization
Top 10 IP statistics
1. count
2. location (city, country, region)
3. hostname
4. organization
Consolidated redirection path
1. green: tier one domain
2. yellow: tier two domain
3. red: tier three domain

	num_domain	num_links	num_full_url	num_safebrowsing_malicious	num_vt_malicious	date	ip	user_agent
0	165	168	638	0	127	2021-02-18	37.48.65.149	Safari

	tier	domain	count	registrar	name_servers	org
0	tier_1	hochkrimmel.de	1	None	None	None
1	tier_1	arxivi.org	1	GoDaddy.com, LLC	NS1.COMMONMX.COM	None
2	tier_1	cavallord.com	1	TUCOWS, INC.	NS1.COMMONMX.COM	Contact Privacy Inc. Customer 0159513995
3	tier_1	endominicana.net	1	GoDaddy.com, LLC	NS1.COMMONMX.COM	None
4	tier_1	ebookwarez.com	1	DYNADOT10 LLC	NS1.COMMONMX.COM	None
5	tier_1	abcdwap.com	1	GoDaddy.com, LLC	NS1.COMMONMX.COM	None
6	tier_1	diziindir.org	1	Domainhysteria.com LLC	NS1.COMMONMX.COM	None
7	tier_1	indianfreestuff.in	1	Dynadot LLC	ns1.commonmx.com	None
8	tier_1	dominiosinnova.com	1	GoDaddy.com, LLC	NS1.COMMONMX.COM	None
9	tier_1	flyingsg.com	1	TUCOWS, INC.	NS1.COMMONMX.COM	Contact Privacy Inc. Customer 0158841585
10	tier_2	dprtb.com	76	1API GmbH	NS1.DNSIMPLE.COM	REDACTED FOR PRIVACY
11	tier_2	bradamante-per.com	48	Amazon Registrar, Inc.	NS-1026.AWSDNS-00.ORG	Whois Privacy Service
12	tier_2	1496.wcitianka.com	40	GoDaddy Online Services Cayman Islands LTD	NS-1096.AWSDNS-09.ORG	None
13	tier_2	americanlisted.com	39	ilait AB	NS1.TELECOM3.NET	Integration 3 Group AB
14	tier_2	click.appcast.io	39	101Domain GRS Ltd	NS-85.AWSDNS-10.COM	None
15	tier_2	btpnative.com	19	1API GmbH	NS1.DNSIMPLE.COM	Registrant of btpnative.com
16	tier_2	infopicked.com	18	NAMECHEAP INC	NS0.DNSMADEEASY.COM	WhoisGuard, Inc.
17	tier_2	managerformula.com	18	NAMECHEAP INC	DNS1.REGISTRAR-SERVERS.COM	WhoisGuard, Inc.
18	tier_2	alfik-fik.com	12	Amazon Registrar, Inc.	NS-1264.AWSDNS-30.ORG	Whois Privacy Service
19	tier_2	joblift.com	12	INWX GmbH & Co. KG	NS-CLOUD-E1.GOOGLEDOMAINS.COM	REDACTED FOR PRIVACY
20	tier_3	managerformula.com	29	NAMECHEAP INC	DNS1.REGISTRAR-SERVERS.COM	WhoisGuard, Inc.
21	tier_3	careerbuilder.com	25	CSC CORPORATE DOMAINS, INC.	BROCK.CBJOBS.NET	CareerBuilder, LLC
22	tier_3	s3.amazonaws.com	18	MarkMonitor, Inc.	R1.AMAZONAWS.COM	Amazon.com, Inc.
23	tier_3	affbank.com	5	DANESCO TRADING LTD	GABE.NS.CLOUDFLARE.COM	Advertecy LTD
24	tier_3	crutchfield.com	5	Domain.com, LLC	NS1.CRUTCHFIELD.COM	REDACTED FOR PRIVACY
25	tier_3	nextcareernow.com	4	GoDaddy.com, LLC	NS53.DOMAINCONTROL.COM	Domains By Proxy, LLC
26	tier_3	iosrecommendedvpn.com	3	None	None	None
27	tier_3	jobleads.com	3	united domains AG	CRUZ.NS.CLOUDFLARE.COM	None
28	tier_3	joblift.com	2	INWX GmbH & Co. KG	NS-CLOUD-E1.GOOGLEDOMAINS.COM	REDACTED FOR PRIVACY
29	tier_3	bing.com	2	MarkMonitor, Inc.	DNS1.P09.NSONE.NET	Microsoft Corporation

	ip	city	region	org	postal	country_name	tier	count	hostname	anycast
0	207.244.67.215	Manassas	Virginia	AS30633 Leaseweb USA, Inc.	20108	United States	tier_1	21	nan	nan
1	207.244.67.218	Manassas	Virginia	AS30633 Leaseweb USA, Inc.	20108	United States	tier_1	17	nan	nan
2	207.244.67.216	Manassas	Virginia	AS30633 Leaseweb USA, Inc.	20108	United States	tier_1	16	nan	nan
3	207.244.67.214	Manassas	Virginia	AS30633 Leaseweb USA, Inc.	20108	United States	tier_1	10	nan	nan
4	104.243.45.190	New York City	New York	AS23470 ReliableSite.Net LLC	10004	United States	tier_1	8	nan	nan
5	104.243.45.179	New York City	New York	AS23470 ReliableSite.Net LLC	10004	United States	tier_1	7	nan	nan
6	185.107.56.197	Amsterdam	North Holland	AS43350 NForce Entertainment B.V.	1012	Netherlands	tier_1	6	nan	nan
7	104.243.45.178	New York City	New York	AS23470 ReliableSite.Net LLC	10004	United States	tier_1	6	nan	nan
8	185.107.56.199	Amsterdam	North Holland	AS43350 NForce Entertainment B.V.	1012	Netherlands	tier_1	3	nan	nan
9	185.107.56.198	Amsterdam	North Holland	AS43350 NForce Entertainment B.V.	1012	Netherlands	tier_1	3	nan	nan
10	209.15.13.136	Toronto	Ontario	AS13768 Aptum Technologies	M5N	Canada	tier_2	95	nan	nan
11	198.54.112.216	San Jose	California	AS22612 Namecheap, Inc.	95103	United States	tier_2	40	nan	nan
12	35.209.61.240	Council Bluffs	Iowa	AS15169 Google LLC	51502	United States	tier_2	39	240.61.209.35.bc.googleusercontent.com	nan
13	54.84.27.165	Virginia Beach	Virginia	AS14618 Amazon.com, Inc.	23452	United States	tier_2	30	ec2-54-84-27-165.compute-1.amazonaws.com	nan
14	34.200.146.95	Virginia Beach	Virginia	AS14618 Amazon.com, Inc.	23452	United States	tier_2	30	ec2-34-200-146-95.compute-1.amazonaws.com	nan
15	3.234.136.137	Virginia Beach	Virginia	AS14618 Amazon.com, Inc.	23452	United States	tier_2	20	ec2-3-234-136-137.compute-1.amazonaws.com	nan
16	173.192.101.24	Dallas	Texas	AS36351 SoftLayer Technologies Inc.	75270	United States	tier_2	19	18.65.c0ad.ip4.static.sl-reverse.com	nan
17	52.0.220.89	Virginia Beach	Virginia	AS14618 Amazon.com, Inc.	23452	United States	tier_2	19	ec2-52-0-220-89.compute-1.amazonaws.com	nan
18	192.138.218.207	Seattle	Washington	AS14332 Connexity, Inc.	98111	United States	tier_2	12	rd.bizrate.com	nan
19	35.190.64.22	Kansas City	Missouri	AS15169 Google LLC	64121	United States	tier_2	12	22.64.190.35.bc.googleusercontent.com	True
20	23.43.56.211	New York City	New York	AS20940 Akamai International B.V.	10004	United States	tier_3	9	a23-43-56-211.deploy.static.akamaitechnologies.com	nan
21	23.43.56.200	New York City	New York	AS20940 Akamai International B.V.	10004	United States	tier_3	8	a23-43-56-200.deploy.static.akamaitechnologies.com	nan
22	13.224.211.40	Seattle	Washington	AS16509 Amazon.com, Inc.	98101	United States	tier_3	8	server-13-224-211-40.phl50.r.cloudfront.net	nan
23	13.224.211.117	Seattle	Washington	AS16509 Amazon.com, Inc.	98101	United States	tier_3	7	server-13-224-211-117.phl50.r.cloudfront.net	nan
24	13.224.211.92	Seattle	Washington	AS16509 Amazon.com, Inc.	98101	United States	tier_3	6	server-13-224-211-92.phl50.r.cloudfront.net	nan
25	35.156.139.229	Frankfurt am Main	Hesse	AS16509 Amazon.com, Inc.	60311	Germany	tier_3	5	ec2-35-156-139-229.eu-central-1.compute.amazonaws.com	nan
26	205.196.12.74	Washington	Washington, D.C.	AS54391 Crutchfield New Media LLC	20045	United States	tier_3	5	www.crutchfield.com	nan
27	100.37.135.2	New York City	New York	AS701 MCI Communications Services, Inc. d/b/a Verizon Business	10004	United States	tier_3	5	pool-100-37-135-2.nycmny.fios.verizon.net	nan
28	23.43.56.201	New York City	New York	AS20940 Akamai International B.V.	10004	United States	tier_3	4	a23-43-56-201.deploy.static.akamaitechnologies.com	nan
29	13.224.211.9	Seattle	Washington	AS16509 Amazon.com, Inc.	98101	United States	tier_3	4	server-13-224-211-9.phl50.r.cloudfront.net	nan

Aggregated redirection graph of domains located on current IP address.¶

The redirection flows from left to right
Leftmost domains are initial domains hosted on current IP
Rightmost domains are final landing domains we were able to crawl

Screenshot of high-occurrence final landing domains¶

Zhouhan Chen, NYU Center for Data Science, zc1245@nyu.edu, Personal Website

Malware Discoverer Github Homepage.

Daily Threat Intelligence Report¶

Aggregated redirection graph of domains located on current IP address.¶

Screenshot of high-occurrence final landing domains¶

Have other ideas? / Want to subscribe to get threat intelligence report? / Contact¶