viz_redirection_chain_to

Malware Discoverer Github Homepage.

Daily Threat Intelligence Report¶

This report contains following information

Overall statistics
1. Number of domains detected
2. Number of domains detected by Google Safe Browsing
3. IP address behind entry-level domains
4. date of collection
Top 10 domain statistics
1. count (number of redirection paths that contain this domain)
2. tier (1 is entry-level domain, 2 is intermediate hop, 3 is final landing domain)
3. registar
4. organization
Top 10 IP statistics
1. count
2. location (city, country, region)
3. hostname
4. organization
Consolidated redirection path
1. green: tier one domain
2. yellow: tier two domain
3. red: tier three domain

	num_domain	num_links	num_full_url	num_safebrowsing_malicious	num_vt_malicious	date	ip	user_agent
0	132	137	458	0	14	2021-04-19	64.32.8.68	Android

	tier	domain	count	registrar	name_servers	org
0	tier_1	bugpoint.net	1	eNom413, Incorporated	NS1.DNSNUTS.COM	None
1	tier_1	garden-variety.net	1	EUNameFlood.com LLC	NS1.DNSNUTS.COM	None
2	tier_1	ciliguai.com	1	eNom437, Incorporated	NS1.DNSNUTS.COM	The Management Group II
3	tier_1	aharonic.net	1	Gradeadomainnames.com LLC	NS1.DNSNUTS.COM	None
4	tier_1	albumkings.net	1	Snoqulamiedomains.com LLC	NS1.DNSNUTS.COM	The Management Group II
5	tier_1	fudgebananaswirl.com	1	Name Connection Spot LLC	NS1.DNSNUTS.COM	The Management Group II
6	tier_1	bagustekno.net	1	Zone of Domains LLC	NS1.DNSNUTS.COM	None
7	tier_1	aiss.cc	1	Top Shelf Domains LLC	NS1.DNSNUTS.COM	None
8	tier_1	dashitz.com	1	Name Nelly, LLC	NS1.DNSNUTS.COM	None
9	tier_1	guias-trucos-juegos.com	1	SNAPNAMES 24, LLC	NS1.DNSNUTS.COM	None
10	tier_2	aristo-hag.com	58	Amazon Registrar, Inc.	NS-1226.AWSDNS-25.ORG	Whois Privacy Service
11	tier_2	track.vcdc.com	56	Key-Systems GmbH	GUY.NS.CLOUDFLARE.COM	c/o whoisproxy.com
12	tier_2	atnpx.com	47	GoDaddy.com, LLC	BECKY.NS.CLOUDFLARE.COM	Domains By Proxy, LLC
13	tier_2	api.apptap.com	15	Amazon Registrar, Inc.	NS-1256.AWSDNS-29.ORG	Whois Privacy Service
14	tier_2	redirect.viglink.com	15	Amazon Registrar, Inc.	NS1.VIGLINK.COM	Whois Privacy Service
15	tier_2	link.sylikes.com	15	MarkMonitor, Inc.	NS-1063.AWSDNS-04.ORG	Connexity, Inc.
16	tier_2	btpnav.com	13	1API GmbH	NS1.DNSIMPLE.COM	Registrant of btpnav.com
17	tier_2	clk.rtpdn12.com	11	None	None	None
18	tier_2	rd.bizrate.com	10	MarkMonitor, Inc.	NS-1189.AWSDNS-20.ORG	Meredith Corporation
19	tier_2	rd.connexity.net	9	None	None	None
20	tier_2	api.mplayit.com	6	Amazon Registrar, Inc.	NS-1236.AWSDNS-26.ORG	Whois Privacy Service
21	tier_2	rd.connexity.net_LOOP_1	4	None	None	None
22	tier_2	overstock.com	3	None	None	None
23	tier_2	63084.click.validclick.net	3	Safenames Ltd	NS1.FULLMAILBOX.COM	None
24	tier_2	click.junmediadirect.com	3	None	None	None
25	tier_2	click.expmediadirect.com	2	NAMECHEAP INC	NS1.LINODE.COM	Privacy service provided by Withheld for Privacy ehf
26	tier_2	tq.adventurefeeds.com	2	GoDaddy.com, LLC	NS75.DOMAINCONTROL.COM	Domains By Proxy, LLC
27	tier_2	clk.rtpdn12.com_LOOP_1	2	None	None	None
28	tier_2	62887.click.validclick.net	2	Safenames Ltd	NS1.FULLMAILBOX.COM	None
29	tier_2	62992.click.validclick.net	2	Safenames Ltd	NS1.FULLMAILBOX.COM	None
30	tier_3	kbb.com	30	CSC CORPORATE DOMAINS, INC.	PDNS164.ULTRADNS.BIZ	Autotrader.com
31	tier_3	robogarden.io	17	GoDaddy.com, LLC	BECKY.NS.CLOUDFLARE.COM	None
32	tier_3	storystudio.sfgate.com	10	CSC CORPORATE DOMAINS, INC.	NS1.HEARSTNP.COM	Hearst Communications, Inc.
33	tier_3	rd.bizrate.com	5	MarkMonitor, Inc.	NS-1189.AWSDNS-20.ORG	Meredith Corporation
34	tier_3	overstock.com	4	None	None	None
35	tier_3	overstock.com_LOOP_1	3	None	None	None
36	tier_3	fanatics.com	2	None	None	None
37	tier_3	a.dollarsurvey365.online	1	URL Solutions Inc.	CRYSTAL.NS.CLOUDFLARE.COM	None
38	tier_3	amazon.com	1	None	None	None
39	tier_3	filter.onwardclick.com	1	NAMECHEAP INC	NS1.ENCONTEXT.COM	Privacy service provided by Withheld for Privacy ehf
40	tier_3	win3.trustedpush.com	1	NAMECHEAP INC	NS-1142.AWSDNS-14.ORG	Privacy service provided by Withheld for Privacy ehf
41	tier_3	ram21.proasdf.com	1	GoDaddy.com, LLC	NS61.DOMAINCONTROL.COM	Domains By Proxy, LLC
42	tier_3	beyourxfriend.com	1	GoDaddy.com, LLC	NS0.DNSMADEEASY.COM	None
43	tier_3	track.vcdc.com	1	Key-Systems GmbH	GUY.NS.CLOUDFLARE.COM	c/o whoisproxy.com
44	tier_3	fanatics.com_LOOP_1	1	None	None	None

	ip	hostname	city	region	org	postal	country_name	tier	count	anycast
0	64.32.8.68	customer.sharktech.net	Los Angeles	California	AS46844 Sharktech	90009	United States	tier_1	19	nan
1	64.32.8.70	customer.sharktech.net	Los Angeles	California	AS46844 Sharktech	90009	United States	tier_1	18	nan
2	185.107.56.60	nan	Rotterdam	South Holland	AS43350 NForce Entertainment B.V.	3012	Netherlands	tier_1	10	nan
3	185.107.56.57	nan	Rotterdam	South Holland	AS43350 NForce Entertainment B.V.	3012	Netherlands	tier_1	9	nan
4	64.32.8.67	customer.sharktech.net	Los Angeles	California	AS46844 Sharktech	90009	United States	tier_1	7	nan
5	64.32.8.69	customer.sharktech.net	Los Angeles	California	AS46844 Sharktech	90009	United States	tier_1	7	nan
6	185.107.56.58	nan	Rotterdam	South Holland	AS43350 NForce Entertainment B.V.	3012	Netherlands	tier_1	6	nan
7	185.107.56.59	nan	Rotterdam	South Holland	AS43350 NForce Entertainment B.V.	3012	Netherlands	tier_1	3	nan
8	167.233.8.197	static.197.8.233.167.clients.your-server.de	Nürnberg	Bavaria	AS24940 Hetzner Online GmbH	90402	Germany	tier_3	1	nan
9	192.138.218.207	rd.bizrate.com	Seattle	Washington	AS14332 Connexity, Inc.	98111	United States	tier_3	5	nan
10	172.67.74.77	nan	San Francisco	California	AS13335 Cloudflare, Inc.	94107	United States	tier_2	18	True
11	54.208.107.202	ec2-54-208-107-202.compute-1.amazonaws.com	Ashburn	Virginia	AS14618 Amazon.com, Inc.	20149	United States	tier_2	17	nan
12	18.235.67.128	ec2-18-235-67-128.compute-1.amazonaws.com	Ashburn	Virginia	AS14618 Amazon.com, Inc.	20149	United States	tier_2	16	nan
13	209.15.13.136	nan	Toronto	Ontario	AS13768 Aptum Technologies	M5N	Canada	tier_2	15	nan
14	52.72.29.7	ec2-52-72-29-7.compute-1.amazonaws.com	Ashburn	Virginia	AS14618 Amazon.com, Inc.	20149	United States	tier_2	15	nan
15	104.26.10.53	nan	San Francisco	California	AS13335 Cloudflare, Inc.	94107	United States	tier_2	15	True
16	104.26.11.53	nan	San Francisco	California	AS13335 Cloudflare, Inc.	94107	United States	tier_2	14	True
17	173.239.53.32	nan	New York City	New York	AS27257 Webair Internet Development Company Inc.	10004	United States	tier_3	1	nan
18	3.224.109.140	ec2-3-224-109-140.compute-1.amazonaws.com	Ashburn	Virginia	AS14618 Amazon.com, Inc.	20149	United States	tier_2	12	nan
19	34.197.176.2	ec2-34-197-176-2.compute-1.amazonaws.com	Ashburn	Virginia	AS14618 Amazon.com, Inc.	20149	United States	tier_2	11	nan
20	204.44.79.214	204.44.79.214.static.quadranet.com	Los Angeles	California	AS8100 QuadraNet Enterprises LLC	90014	United States	tier_2	10	nan
21	34.195.100.186	ec2-34-195-100-186.compute-1.amazonaws.com	Ashburn	Virginia	AS14618 Amazon.com, Inc.	20149	United States	tier_2	9	nan
22	192.138.218.139	rd.connexity.net	Seattle	Washington	AS14332 Connexity, Inc.	98111	United States	tier_2	9	nan
23	100.37.135.2	pool-100-37-135-2.nycmny.fios.verizon.net	New York City	New York	AS701 MCI Communications Services, Inc. d/b/a Verizon Business	10004	United States	tier_3	5	nan
24	3.223.13.191	ec2-3-223-13-191.compute-1.amazonaws.com	Ashburn	Virginia	AS14618 Amazon.com, Inc.	20149	United States	tier_2	6	nan
25	54.84.4.127	ec2-54-84-4-127.compute-1.amazonaws.com	Ashburn	Virginia	AS14618 Amazon.com, Inc.	20149	United States	tier_2	5	nan
26	54.197.172.17	ec2-54-197-172-17.compute-1.amazonaws.com	Ashburn	Virginia	AS14618 Amazon.com, Inc.	20149	United States	tier_2	4	nan
27	23.195.109.38	a23-195-109-38.deploy.static.akamaitechnologies.com	Edison	New Jersey	AS16625 Akamai Technologies, Inc.	08817	United States	tier_3	2	nan
28	23.36.197.209	a23-36-197-209.deploy.static.akamaitechnologies.com	Philadelphia	Pennsylvania	AS16625 Akamai Technologies, Inc.	19099	United States	tier_3	26	nan
29	104.21.80.8	nan	San Francisco	California	AS13335 Cloudflare, Inc.	94107	United States	tier_3	11	True
30	151.101.0.200	nan	San Francisco	California	AS54113 Fastly	94107	United States	tier_3	10	True
31	172.67.172.143	nan	San Francisco	California	AS13335 Cloudflare, Inc.	94107	United States	tier_3	6	True
32	100.37.135.2	pool-100-37-135-2.nycmny.fios.verizon.net	New York City	New York	AS701 MCI Communications Services, Inc. d/b/a Verizon Business	10004	United States	tier_3	5	nan
33	192.138.218.207	rd.bizrate.com	Seattle	Washington	AS14332 Connexity, Inc.	98111	United States	tier_3	5	nan
34	23.1.205.179	a23-1-205-179.deploy.static.akamaitechnologies.com	Edison	New Jersey	AS16625 Akamai Technologies, Inc.	08817	United States	tier_3	4	nan
35	23.208.217.38	a23-208-217-38.deploy.static.akamaitechnologies.com	Edison	New Jersey	AS16625 Akamai Technologies, Inc.	08817	United States	tier_3	2	nan
36	23.195.109.38	a23-195-109-38.deploy.static.akamaitechnologies.com	Edison	New Jersey	AS16625 Akamai Technologies, Inc.	08817	United States	tier_3	2	nan
37	23.51.160.222	a23-51-160-222.deploy.static.akamaitechnologies.com	Philadelphia	Pennsylvania	AS16625 Akamai Technologies, Inc.	19099	United States	tier_3	2	nan
38	104.26.15.226	nan	San Francisco	California	AS13335 Cloudflare, Inc.	94107	United States	tier_3	1	True
39	99.84.37.174	server-99-84-37-174.ewr52.r.cloudfront.net	Newark	New Jersey	AS16509 Amazon.com, Inc.	07175	United States	tier_3	1	nan
40	173.239.53.32	nan	New York City	New York	AS27257 Webair Internet Development Company Inc.	10004	United States	tier_3	1	nan
41	162.243.10.151	nan	New York City	New York	AS14061 DigitalOcean, LLC	10011	United States	tier_3	1	nan
42	45.33.8.244	li962-244.members.linode.com	Richardson	Texas	AS63949 Linode, LLC	75080	United States	tier_3	1	nan
43	167.233.8.197	static.197.8.233.167.clients.your-server.de	Nürnberg	Bavaria	AS24940 Hetzner Online GmbH	90402	Germany	tier_3	1	nan

Aggregated redirection graph of domains located on current IP address.¶

The redirection flows from left to right
Leftmost domains are initial domains hosted on current IP
Rightmost domains are final landing domains we were able to crawl

Screenshot of high-occurrence final landing domains¶

Zhouhan Chen, NYU Center for Data Science, zc1245@nyu.edu, Personal Website

Malware Discoverer Github Homepage.

Daily Threat Intelligence Report¶

Aggregated redirection graph of domains located on current IP address.¶

Screenshot of high-occurrence final landing domains¶

Have other ideas? / Want to subscribe to get threat intelligence report? / Contact¶