viz_redirection_chain_to

Malware Discoverer Github Homepage.

Daily Threat Intelligence Report¶

This report contains following information

Overall statistics
1. Number of domains detected
2. Number of domains detected by Google Safe Browsing
3. IP address behind entry-level domains
4. date of collection
Top 10 domain statistics
1. count (number of redirection paths that contain this domain)
2. tier (1 is entry-level domain, 2 is intermediate hop, 3 is final landing domain)
3. registar
4. organization
Top 10 IP statistics
1. count
2. location (city, country, region)
3. hostname
4. organization
Consolidated redirection path
1. green: tier one domain
2. yellow: tier two domain
3. red: tier three domain

	num_domain	num_links	num_full_url	num_safebrowsing_malicious	num_vt_malicious	date	ip	user_agent
0	29	28	84	0	0	2020-10-08	64.32.8.68	Android

	tier	domain	count	registrar	name_servers	org
0	tier_1	usakanalist.com	1	Free Spirit Domains, LLC	NS1.DNSNUTS.COM	None
1	tier_1	we-are-gamers.com	1	The Domains LLC	NS1.DNSNUTS.COM	The Management Group II
2	tier_1	nhahangthanbien.com	1	NamePal.com #8012 Inc.	NS1.DNSNUTS.COM	None
3	tier_1	easybed.nl	1	EuroDNS S.A.	ns1.dnsnuts.com	None
4	tier_1	msnboard.net	1	eNom457, Incorporated	NS1.DNSNUTS.COM	None
5	tier_1	1kc-stare.net	1	AtlanticFriendNames.com LLC	NS1.DNSNUTS.COM	None
6	tier_1	monroecountycommunitycreditunion.com	1	Sea Wasp, LLC	NS1.DNSNUTS.COM	Savvy Investments, LLC Privacy ID# 959006
7	tier_1	daohd.com	1	Domainstreetdirect.com LLC	NS1.DNSNUTS.COM	The Management Group II
8	tier_1	wallsbase.net	1	eNom Corporate, Inc.	NS1.DNSNUTS.COM	The Management Group II
9	tier_1	hqoboi.com	1	NamePal.com #8009 Inc.	NS1.DNSNUTS.COM	None
10	tier_2	dprtb.com	7	GoDaddy.com, LLC	NS1.DNSIMPLE.COM	Domains By Proxy, LLC
11	tier_2	get.popplunder.com	7	NAMECHEAP INC	DNS1.REGISTRAR-SERVERS.COM	WhoisGuard, Inc.
12	tier_2	trustedpush.com	7	NAMECHEAP INC	NS-1142.AWSDNS-14.ORG	WhoisGuard, Inc.
13	tier_2	win1.trustedpush.com	7	None	None	None
14	tier_2	win2.trustedpush.com	7	NAMECHEAP INC	NS-1142.AWSDNS-14.ORG	WhoisGuard, Inc.
15	tier_2	win3.trustedpush.com	7	None	None	None
16	tier_2	usd.mnason-hec.com	6	Amazon Registrar, Inc.	NS-1205.AWSDNS-22.ORG	Whois Privacy Service
17	tier_2	win4.trustedpush.com	4	NameCheap, Inc.	NS-1142.AWSDNS-14.ORG	None
18	tier_2	usa.claudia-luc.com	3	Amazon Registrar, Inc.	NS-1534.AWSDNS-63.ORG	Whois Privacy Service
19	tier_2	trackyourmpg.com	2	UNIREGISTRAR CORP	HUGH.NS.CLOUDFLARE.COM	None
20	tier_3	win4.trustedpush.com	3	None	None	None
21	tier_3	gladmpath.xyz	2	Epik LLC	MARJORY.NS.CLOUDFLARE.COM	Anonymize, Inc.
22	tier_3	win5.trustedpush.com	2	None	None	None
23	tier_3	gaugecreate.club	1	None	None	None
24	tier_3	win7.trustedpush.com	1	None	None	None
25	tier_3	win6.trustedpush.com	1	NAMECHEAP INC	NS-1142.AWSDNS-14.ORG	WhoisGuard, Inc.

	ip	city	region	org	postal	country_name	tier	count	hostname
0	207.244.67.215	Manassas	Virginia	AS30633 Leaseweb USA, Inc.	20108	United States	tier_1	2	nan
1	207.244.67.216	Manassas	Virginia	AS30633 Leaseweb USA, Inc.	20108	United States	tier_1	2	nan
2	207.244.67.218	Manassas	Virginia	AS30633 Leaseweb USA, Inc.	20108	United States	tier_1	2	nan
3	46.166.182.115	Amsterdam	North Holland	AS43350 NForce Entertainment B.V.	1012	Netherlands	tier_1	1	nan
4	37.48.65.150	Amsterdam	North Holland	AS60781 LeaseWeb Netherlands B.V.	1012	Netherlands	tier_1	1	nan
5	37.48.65.149	Amsterdam	North Holland	AS60781 LeaseWeb Netherlands B.V.	1012	Netherlands	tier_1	1	nan
6	207.244.67.214	Manassas	Virginia	AS30633 Leaseweb USA, Inc.	20108	United States	tier_1	1	nan
7	99.84.118.35	Newark	New Jersey	AS16509 Amazon.com, Inc.	07175	United States	tier_3	1	server-99-84-118-35.ewr52.r.cloudfront.net
8	99.84.118.87	Newark	New Jersey	AS16509 Amazon.com, Inc.	07175	United States	tier_2	12	server-99-84-118-87.ewr52.r.cloudfront.net
9	209.15.13.136	Toronto	Ontario	AS13768 Aptum Technologies	M5N	Canada	tier_2	7	nan
10	34.199.180.187	Virginia Beach	Virginia	AS14618 Amazon.com, Inc.	23471	United States	tier_2	7	ec2-34-199-180-187.compute-1.amazonaws.com
11	52.205.210.89	Virginia Beach	Virginia	AS14618 Amazon.com, Inc.	23471	United States	tier_2	5	ec2-52-205-210-89.compute-1.amazonaws.com
12	54.225.132.253	Virginia Beach	Virginia	AS14618 Amazon.com, Inc.	23471	United States	tier_2	5	ec2-54-225-132-253.compute-1.amazonaws.com
13	99.84.118.101	Newark	New Jersey	AS16509 Amazon.com, Inc.	07175	United States	tier_3	1	server-99-84-118-101.ewr52.r.cloudfront.net
14	99.84.118.103	Newark	New Jersey	AS16509 Amazon.com, Inc.	07175	United States	tier_2	4	server-99-84-118-103.ewr52.r.cloudfront.net
15	104.18.25.3	Atlantic City	New Jersey	AS13335 Cloudflare, Inc.	08404	United States	tier_2	2	nan
16	91.195.240.136	Munich	Bavaria	AS47846 SEDO GmbH	80331	Germany	tier_2	1	nan
17	100.37.135.2	New York City	New York	AS701 MCI Communications Services, Inc. d/b/a Verizon Business	10004	United States	tier_3	5	pool-100-37-135-2.nycmny.fios.verizon.net
18	104.18.82.149	Atlantic City	New Jersey	AS13335 Cloudflare, Inc.	08404	United States	tier_3	2	nan
19	149.28.49.220	New York City	New York	AS20473 Choopa, LLC	10004	United States	tier_3	1	149.28.49.220.vultr.com
20	99.84.118.101	Newark	New Jersey	AS16509 Amazon.com, Inc.	07175	United States	tier_3	1	server-99-84-118-101.ewr52.r.cloudfront.net
21	99.84.118.35	Newark	New Jersey	AS16509 Amazon.com, Inc.	07175	United States	tier_3	1	server-99-84-118-35.ewr52.r.cloudfront.net

Zhouhan Chen, NYU Center for Data Science, zc1245@nyu.edu, Personal Website

Malware Discoverer Github Homepage.

Daily Threat Intelligence Report¶

Have other ideas? / Want to subscribe to get threat intelligence report? / Contact¶