viz_redirection_chain_to

Malware Discoverer Github Homepage.

Daily Threat Intelligence Report¶

This report contains following information

Overall statistics
1. Number of domains detected
2. Number of domains detected by Google Safe Browsing
3. IP address behind entry-level domains
4. date of collection
Top 10 domain statistics
1. count (number of redirection paths that contain this domain)
2. tier (1 is entry-level domain, 2 is intermediate hop, 3 is final landing domain)
3. registar
4. organization
Top 10 IP statistics
1. count
2. location (city, country, region)
3. hostname
4. organization
Consolidated redirection path
1. green: tier one domain
2. yellow: tier two domain
3. red: tier three domain

	num_domain	num_links	num_full_url	num_safebrowsing_malicious	num_vt_malicious	date	ip	user_agent
0	166	175	727	0	28	2021-01-21	37.48.65.151	Android

	tier	domain	count	registrar	name_servers	org
0	tier_1	mcoo.me	1	Dynadot, LLC	None	None
1	tier_1	cjiasuapp.me	1	GoDaddy.com, LLC	None	None
2	tier_1	imagie.me	1	Dynadot, LLC	None	None
3	tier_1	bbpress.me	1	Dynadot, LLC	None	None
4	tier_1	maahi.me	1	GoDaddy.com, LLC	None	None
5	tier_1	lich.me	1	GoDaddy.com, LLC	None	None
6	tier_1	buyerbest.me	1	Dynadot, LLC	None	None
7	tier_1	docx.me	1	Dynadot, LLC	None	None
8	tier_1	gowebinar.me	1	Dynadot, LLC	None	None
9	tier_1	balena.me	1	Dynadot, LLC	None	None
10	tier_2	1496.wcitianka.com	103	GoDaddy Online Services Cayman Islands LTD	NS-1096.AWSDNS-09.ORG	None
11	tier_2	americanlisted.com	98	ilait AB	NS1.TELECOM3.NET	Integration 3 Group AB
12	tier_2	click.appcast.io	80	101Domain GRS Ltd	NS-85.AWSDNS-10.COM	None
13	tier_2	careerbliss.com	49	GoDaddy.com, LLC	NS10.DNSMADEEASY.COM	Domains By Proxy, LLC
14	tier_2	trk.careerbliss.com	44	GoDaddy.com, LLC	NS10.DNSMADEEASY.COM	Domains By Proxy, LLC
15	tier_2	click.appcast.io_LOOP_1	29	None	None	None
16	tier_2	open.app.jobrapido.com	10	Marcaria.com International, Inc.	NS-CLOUD-D1.GOOGLEDOMAINS.COM	GDPR Masked
17	tier_2	us.jobrapido.com	10	Marcaria.com International, Inc.	NS-CLOUD-D1.GOOGLEDOMAINS.COM	GDPR Masked
18	tier_2	alfik-fik.com	9	Amazon Registrar, Inc.	NS-1264.AWSDNS-30.ORG	Whois Privacy Service
19	tier_2	joblift.com	8	INWX GmbH & Co. KG	NS-CLOUD-E1.GOOGLEDOMAINS.COM	None
20	tier_3	careerbliss.com	31	GoDaddy.com, LLC	NS10.DNSMADEEASY.COM	Domains By Proxy, LLC
21	tier_3	google.com	18	MarkMonitor, Inc.	NS1.GOOGLE.COM	Google LLC
22	tier_3	linkedin.com	7	None	None	None
23	tier_3	trk.careerbliss.com	5	GoDaddy.com, LLC	NS10.DNSMADEEASY.COM	Domains By Proxy, LLC
24	tier_3	job-openings.monster.com	5	CSC CORPORATE DOMAINS, INC.	NS1.TMPW.NET	Monster Worldwide, Inc.
25	tier_3	delightcmain.xyz	5	None	None	None
26	tier_3	open.app.jobrapido.com_LOOP_1	5	None	None	None
27	tier_3	us.tideri.com	4	united domains AG	NS.UDAG.DE	None
28	tier_3	glassdoor.com	4	MarkMonitor, Inc.	JILL.NS.CLOUDFLARE.COM	Glassdoor, Inc.
29	tier_3	americanlisted.com	4	ilait AB	NS1.TELECOM3.NET	Integration 3 Group AB

	ip	city	region	org	postal	country_name	tier	count	hostname	anycast
0	207.244.67.215	Manassas	Virginia	AS30633 Leaseweb USA, Inc.	20108	United States	tier_1	21	nan	nan
1	207.244.67.218	Manassas	Virginia	AS30633 Leaseweb USA, Inc.	20108	United States	tier_1	20	nan	nan
2	207.244.67.216	Manassas	Virginia	AS30633 Leaseweb USA, Inc.	20108	United States	tier_1	16	nan	nan
3	206.221.176.184	New York City	New York	AS23470 ReliableSite.Net LLC	10004	United States	tier_1	11	nan	nan
4	207.244.67.214	Manassas	Virginia	AS30633 Leaseweb USA, Inc.	20108	United States	tier_1	10	nan	nan
5	104.243.45.179	New York City	New York	AS23470 ReliableSite.Net LLC	10004	United States	tier_1	8	nan	nan
6	104.243.45.190	New York City	New York	AS23470 ReliableSite.Net LLC	10004	United States	tier_1	7	nan	nan
7	104.243.45.178	New York City	New York	AS23470 ReliableSite.Net LLC	10004	United States	tier_1	6	nan	nan
8	37.48.65.148	Soest	Utrecht	AS60781 LeaseWeb Netherlands B.V.	3765	Netherlands	tier_1	4	nan	nan
9	185.107.56.200	Amsterdam	North Holland	AS43350 NForce Entertainment B.V.	1012	Netherlands	tier_1	3	nan	nan
10	198.54.112.216	San Jose	California	AS22612 Namecheap, Inc.	95103	United States	tier_2	103	nan	nan
11	35.209.61.240	Council Bluffs	Iowa	AS15169 Google LLC	51502	United States	tier_3	4	240.61.209.35.bc.googleusercontent.com	nan
12	207.38.44.116	Los Angeles	California	AS5693 Latisys-Irvine, LLC	90009	United States	tier_3	36	cbsmtp1.careerbliss.com	nan
13	100.37.135.2	New York City	New York	AS701 MCI Communications Services, Inc. d/b/a Verizon Business	10004	United States	tier_3	10	pool-100-37-135-2.nycmny.fios.verizon.net	nan
14	34.194.75.233	Virginia Beach	Virginia	AS14618 Amazon.com, Inc.	23479	United States	tier_2	42	ec2-34-194-75-233.compute-1.amazonaws.com	nan
15	3.211.178.164	Virginia Beach	Virginia	AS14618 Amazon.com, Inc.	23479	United States	tier_2	38	ec2-3-211-178-164.compute-1.amazonaws.com	nan
16	178.33.228.114	Roubaix	Hauts-de-France	AS16276 OVH SAS	59051 CEDEX 1	France	tier_2	10	ns3021656.ip-178-33-228.eu	nan
17	35.190.64.22	Kansas City	Missouri	AS15169 Google LLC	64121	United States	tier_2	8	22.64.190.35.bc.googleusercontent.com	True
18	34.200.146.95	Virginia Beach	Virginia	AS14618 Amazon.com, Inc.	23479	United States	tier_2	7	ec2-34-200-146-95.compute-1.amazonaws.com	nan
19	13.225.65.22	Newark	New Jersey	AS16509 Amazon.com, Inc.	07175	United States	tier_2	6	server-13-225-65-22.ewr53.r.cloudfront.net	nan
20	207.38.44.116	Los Angeles	California	AS5693 Latisys-Irvine, LLC	90009	United States	tier_3	36	cbsmtp1.careerbliss.com	nan
21	100.37.135.2	New York City	New York	AS701 MCI Communications Services, Inc. d/b/a Verizon Business	10004	United States	tier_3	10	pool-100-37-135-2.nycmny.fios.verizon.net	nan
22	172.217.12.132	Mountain View	California	AS15169 Google LLC	94043	United States	tier_3	8	lga34s19-in-f4.1e100.net	nan
23	104.18.82.149	San Francisco	California	AS13335 Cloudflare, Inc.	94107	United States	tier_3	7	nan	True
24	172.217.10.4	Mountain View	California	AS15169 Google LLC	94043	United States	tier_3	5	lga34s12-in-f4.1e100.net	nan
25	13.107.42.14	Redmond	Washington	AS8068 Microsoft Corporation	98052	United States	tier_3	5	nan	True
26	35.246.171.123	Frankfurt am Main	Hesse	AS15169 Google LLC	60311	Germany	tier_3	4	123.171.246.35.bc.googleusercontent.com	nan
27	35.209.61.240	Council Bluffs	Iowa	AS15169 Google LLC	51502	United States	tier_3	4	240.61.209.35.bc.googleusercontent.com	nan
28	172.67.75.236	San Francisco	California	AS13335 Cloudflare, Inc.	94107	United States	tier_3	3	nan	True
29	13.225.210.34	Newark	New Jersey	AS16509 Amazon.com, Inc.	07175	United States	tier_3	3	server-13-225-210-34.ewr50.r.cloudfront.net	nan

Aggregated redirection graph of domains located on current IP address.¶

The redirection flows from left to right
Leftmost domains are initial domains hosted on current IP
Rightmost domains are final landing domains we were able to crawl

Screenshot of high-occurrence final landing domains¶

Zhouhan Chen, NYU Center for Data Science, zc1245@nyu.edu, Personal Website

Malware Discoverer Github Homepage.

Daily Threat Intelligence Report¶

Aggregated redirection graph of domains located on current IP address.¶

Screenshot of high-occurrence final landing domains¶

Have other ideas? / Want to subscribe to get threat intelligence report? / Contact¶