viz_redirection_chain_to

Malware Discoverer Github Homepage.

Daily Threat Intelligence Report¶

This report contains following information

Overall statistics
1. Number of domains detected
2. Number of domains detected by Google Safe Browsing
3. IP address behind entry-level domains
4. date of collection
Top 10 domain statistics
1. count (number of redirection paths that contain this domain)
2. tier (1 is entry-level domain, 2 is intermediate hop, 3 is final landing domain)
3. registar
4. organization
Top 10 IP statistics
1. count
2. location (city, country, region)
3. hostname
4. organization
Consolidated redirection path
1. green: tier one domain
2. yellow: tier two domain
3. red: tier three domain

	num_domain	num_links	num_full_url	num_safebrowsing_malicious	num_vt_malicious	date	ip	user_agent
0	149	150	813	0	10	2021-03-15	64.32.8.68	Android

	tier	domain	count	registrar	name_servers	org
0	tier_1	bugpoint.net	1	SNAPNAMES 42, LLC	NS1.DNSNUTS.COM	None
1	tier_1	albumkings.net	1	Snoqulamiedomains.com LLC	NS1.DNSNUTS.COM	None
2	tier_1	h-dougadb.net	1	SNAPNAMES 16, LLC	NS1.DNSNUTS.COM	None
3	tier_1	fcmexpert.net	1	Baracuda Domains, LLC	NS1.DNSNUTS.COM	None
4	tier_1	asb-sakray.net	1	Domain Name Root LLC	NS1.DNSNUTS.COM	None
5	tier_1	divxgay.net	1	SNAPNAMES 49, LLC	NS1.DNSNUTS.COM	None
6	tier_1	dconvert.net	1	SNAPNAMES 91, LLC	NS1.DNSNUTS.COM	None
7	tier_1	ava-producao.net	1	SNAPNAMES 45, LLC	NS1.DNSNUTS.COM	None
8	tier_1	dkca.net	1	Domain Name Origin, LLC	NS1.DNSNUTS.COM	None
9	tier_1	genuinagente.net	1	Name Find Source LLC	NS1.DNSNUTS.COM	None
10	tier_2	alfik-fik.com	73	Amazon Registrar, Inc.	NS-1264.AWSDNS-30.ORG	Whois Privacy Service
11	tier_2	track.vcdc.com	58	Key-Systems GmbH	GUY.NS.CLOUDFLARE.COM	c/o whoisproxy.com
12	tier_2	ads35.adtelligent.com	48	DANESCO TRADING LTD	NS.ANYCASTNS1.ORG	Vertamedia,LLC
13	tier_2	dsp35.adtelligent.com	48	DANESCO TRADING LTD	NS.ANYCASTNS1.ORG	Vertamedia,LLC
14	tier_2	aibm1.mysearch.space	48	None	None	None
15	tier_2	externals-1953518744.us-east-1.elb.amazonaws.com	48	MarkMonitor, Inc.	R1.AMAZONAWS.COM	Amazon.com, Inc.
16	tier_2	search.snjsearch.com	48	GoDaddy.com, LLC	NS73.DOMAINCONTROL.COM	Domains By Proxy, LLC
17	tier_2	search-checker.com	48	Name.com, Inc.	BETH.NS.CLOUDFLARE.COM	Domain Protection Services, Inc.
18	tier_2	m.onlineweb.mobi	48	GoDaddy.com, LLC	None	None
19	tier_2	btpnav.com	24	1API GmbH	NS1.DNSIMPLE.COM	Registrant of btpnav.com
20	tier_3	bing.com	48	MarkMonitor, Inc.	DNS1.P09.NSONE.NET	Microsoft Corporation
21	tier_3	storystudio.sfgate.com	12	CSC CORPORATE DOMAINS, INC.	NS1.HEARSTNP.COM	Hearst Communications, Inc.
22	tier_3	trktraf.club	4	NAMECHEAP INC	dns1.registrar-servers.com	WhoisGuard, Inc.
23	tier_3	win5.trustedpush.com	4	NAMECHEAP INC	NS-1142.AWSDNS-14.ORG	WhoisGuard, Inc.
24	tier_3	squirt.org	3	NAMECHEAP INC	NS5.DNSMADEEASY.COM	WhoisGuard, Inc.
25	tier_3	robogarden.io	3	GoDaddy.com, LLC	BECKY.NS.CLOUDFLARE.COM	None
26	tier_3	win3.trustedpush.com	3	NAMECHEAP INC	NS-1142.AWSDNS-14.ORG	WhoisGuard, Inc.
27	tier_3	m.placesiteb.xyz	2	Sav.comLLC	HUGH.NS.CLOUDFLARE.COM	Privacy Protection
28	tier_3	win2.trustedpush.com	2	NAMECHEAP INC	NS-1142.AWSDNS-14.ORG	WhoisGuard, Inc.
29	tier_3	win6.trustedpush.com	2	NAMECHEAP INC	NS-1142.AWSDNS-14.ORG	WhoisGuard, Inc.

	ip	city	region	org	postal	country_name	tier	count	hostname	anycast
0	185.107.56.59	Rotterdam	South Holland	AS43350 NForce Entertainment B.V.	3012	Netherlands	tier_1	15	nan	nan
1	64.32.8.70	Los Angeles	California	AS46844 Sharktech	90009	United States	tier_1	15	customer.sharktech.net	nan
2	64.32.8.67	Los Angeles	California	AS46844 Sharktech	90009	United States	tier_1	15	customer.sharktech.net	nan
3	185.107.56.57	Rotterdam	South Holland	AS43350 NForce Entertainment B.V.	3012	Netherlands	tier_1	13	nan	nan
4	64.32.8.68	Los Angeles	California	AS46844 Sharktech	90009	United States	tier_1	11	customer.sharktech.net	nan
5	185.107.56.60	Rotterdam	South Holland	AS43350 NForce Entertainment B.V.	3012	Netherlands	tier_1	10	nan	nan
6	64.32.8.69	Los Angeles	California	AS46844 Sharktech	90009	United States	tier_1	7	customer.sharktech.net	nan
7	185.107.56.58	Rotterdam	South Holland	AS43350 NForce Entertainment B.V.	3012	Netherlands	tier_1	6	nan	nan
8	167.233.8.197	Nürnberg	Bavaria	AS24940 Hetzner Online GmbH	90402	Germany	tier_2	58	static.197.8.233.167.clients.your-server.de	nan
9	209.205.202.42	New York City	New York	AS55081 24 SHELLS	10004	United States	tier_2	48	static-42-202-205-209.24shells.net	nan
10	209.205.202.43	New York City	New York	AS55081 24 SHELLS	10004	United States	tier_2	48	static-43-202-205-209.24shells.net	nan
11	35.162.164.74	Portland	Oregon	AS16509 Amazon.com, Inc.	97256	United States	tier_2	48	ec2-35-162-164-74.us-west-2.compute.amazonaws.com	nan
12	54.84.27.165	Virginia Beach	Virginia	AS14618 Amazon.com, Inc.	23458	United States	tier_2	46	ec2-54-84-27-165.compute-1.amazonaws.com	nan
13	34.200.146.95	Virginia Beach	Virginia	AS14618 Amazon.com, Inc.	23458	United States	tier_2	44	ec2-34-200-146-95.compute-1.amazonaws.com	nan
14	104.21.41.235	San Francisco	California	AS13335 Cloudflare, Inc.	94107	United States	tier_2	43	nan	True
15	192.241.228.85	San Francisco	California	AS14061 DigitalOcean, LLC	94124	United States	tier_2	28	nan	nan
16	13.225.230.57	New York City	New York	AS16509 Amazon.com, Inc.	10004	United States	tier_3	2	server-13-225-230-57.jfk51.r.cloudfront.net	nan
17	50.16.173.246	Virginia Beach	Virginia	AS14618 Amazon.com, Inc.	23458	United States	tier_2	27	ec2-50-16-173-246.compute-1.amazonaws.com	nan
18	204.79.197.200	Redmond	Washington	AS8068 Microsoft Corporation	98052	United States	tier_3	32	nan	True
19	13.107.21.200	Redmond	Washington	AS8068 Microsoft Corporation	98052	United States	tier_3	16	nan	True
20	98.129.228.57	Dallas	Texas	AS33070 Rackspace Hosting	75270	United States	tier_3	12	nan	nan
21	100.37.135.2	New York City	New York	AS701 MCI Communications Services, Inc. d/b/a Verizon Business	10004	United States	tier_3	8	pool-100-37-135-2.nycmny.fios.verizon.net	nan
22	104.248.224.185	North Bergen	New Jersey	AS14061 DigitalOcean, LLC	07047	United States	tier_3	4	nan	nan
23	158.106.84.60	Toronto	Ontario	AS23498 COGECODATA	M5N	Canada	tier_3	3	register.squirt.org	nan
24	104.18.80.149	San Francisco	California	AS13335 Cloudflare, Inc.	94107	United States	tier_3	2	nan	True
25	104.21.80.8	San Francisco	California	AS13335 Cloudflare, Inc.	94107	United States	tier_3	2	nan	True
26	13.225.230.12	New York City	New York	AS16509 Amazon.com, Inc.	10004	United States	tier_3	2	server-13-225-230-12.jfk51.r.cloudfront.net	nan
27	13.225.230.57	New York City	New York	AS16509 Amazon.com, Inc.	10004	United States	tier_3	2	server-13-225-230-57.jfk51.r.cloudfront.net	nan

Aggregated redirection graph of domains located on current IP address.¶

The redirection flows from left to right
Leftmost domains are initial domains hosted on current IP
Rightmost domains are final landing domains we were able to crawl

Screenshot of high-occurrence final landing domains¶

Zhouhan Chen, NYU Center for Data Science, zc1245@nyu.edu, Personal Website

Malware Discoverer Github Homepage.

Daily Threat Intelligence Report¶

Aggregated redirection graph of domains located on current IP address.¶

Screenshot of high-occurrence final landing domains¶

Have other ideas? / Want to subscribe to get threat intelligence report? / Contact¶