viz_redirection_chain_to

Malware Discoverer Github Homepage.

Daily Threat Intelligence Report¶

This report contains following information

Overall statistics
1. Number of domains detected
2. Number of domains detected by Google Safe Browsing
3. IP address behind entry-level domains
4. date of collection
Top 10 domain statistics
1. count (number of redirection paths that contain this domain)
2. tier (1 is entry-level domain, 2 is intermediate hop, 3 is final landing domain)
3. registar
4. organization
Top 10 IP statistics
1. count
2. location (city, country, region)
3. hostname
4. organization
Consolidated redirection path
1. green: tier one domain
2. yellow: tier two domain
3. red: tier three domain

	num_domain	num_links	num_full_url	num_safebrowsing_malicious	num_vt_malicious	date	ip	user_agent
0	145	142	507	0	29	2021-02-08	64.32.8.70	Android

	tier	domain	count	registrar	name_servers	org
0	tier_1	bugpoint.net	1	eNom413, Incorporated	NS1.DNSNUTS.COM	None
1	tier_1	animehentaitube.net	1	Heavydomains.net LLC	NS1.DNSNUTS.COM	None
2	tier_1	economictims.com	1	Domain Landing Zone LLC	NS1.DNSNUTS.COM	None
3	tier_1	alhasanah.net	1	Deep Dive Domains, LLC	NS1.DNSNUTS.COM	None
4	tier_1	dxnewradio.com	1	Aquila Domains LLC	NS1.DNSNUTS.COM	None
5	tier_1	aj01.net	1	Atomicdomainnames.com LLC	NS1.DNSNUTS.COM	The Management Group II
6	tier_1	almanarschool.net	1	AtlanticFriendNames.com LLC	NS1.DNSNUTS.COM	None
7	tier_1	advancetools.net	1	DomainSprouts.com LLC	NS1.DNSNUTS.COM	None
8	tier_1	eelfie.com	1	eNom419, Incorporated	NS1.DNSNUTS.COM	None
9	tier_1	being-bianca.com	1	Gozerdomains.com LLC	NS1.DNSNUTS.COM	The Management Group II
10	tier_2	alfik-fik.com	81	Amazon Registrar, Inc.	NS-1264.AWSDNS-30.ORG	Whois Privacy Service
11	tier_2	track.vcdc.com	69	Key-Systems GmbH	GUY.NS.CLOUDFLARE.COM	c/o whoisproxy.com
12	tier_2	atnpx.com	55	GoDaddy.com, LLC	BECKY.NS.CLOUDFLARE.COM	Domains By Proxy, LLC
13	tier_2	media-px.com	14	GoDaddy.com, LLC	BECKY.NS.CLOUDFLARE.COM	Domains By Proxy, LLC
14	tier_2	servedby.flashtalking.com	14	MESH DIGITAL LIMITED	NS1.P09.DYNECT.NET	Flashtalking, Inc.
15	tier_2	dprtb.com	10	1API GmbH	NS1.DNSIMPLE.COM	REDACTED FOR PRIVACY
16	tier_2	ad.doubleclick.net	7	MarkMonitor, Inc.	NS1.GOOGLE.COM	Google Inc.
17	tier_2	timply-powidered.com	5	Amazon Registrar, Inc.	NS-1421.AWSDNS-49.ORG	Whois Privacy Service
18	tier_2	click.expmediadirect.com	5	NAMECHEAP INC	NS1.LINODE.COM	WhoisGuard, Inc.
19	tier_2	rtbstream.com	3	1API GmbH	NS1.DNSIMPLE.COM	Registrant of rtbstream.com
20	tier_3	kbb.com	52	CSC CORPORATE DOMAINS, INC.	PDNS164.ULTRADNS.BIZ	Autotrader.com
21	tier_3	socalhondadealers.com	14	DREAMHOST	NS1.DREAMHOST.COM	Proxy Protection LLC
22	tier_3	dprtb.com	7	1API GmbH	NS1.DNSIMPLE.COM	REDACTED FOR PRIVACY
23	tier_3	rtbstream.com	6	1API GmbH	NS1.DNSIMPLE.COM	Registrant of rtbstream.com
24	tier_3	squirt.org	5	NAMECHEAP INC	NS5.DNSMADEEASY.COM	WhoisGuard, Inc.
25	tier_3	storystudio.sfgate.com	3	CSC CORPORATE DOMAINS, INC.	NS1.HEARSTNP.COM	Hearst Communications, Inc.
26	tier_3	btpnative.com	3	1API GmbH	NS1.DNSIMPLE.COM	Registrant of btpnative.com
27	tier_3	robogarden.io	3	GoDaddy.com, LLC	BECKY.NS.CLOUDFLARE.COM	None
28	tier_3	searchfrequently.com	2	GoDaddy.com, LLC	NEIL.NS.CLOUDFLARE.COM	Domains By Proxy, LLC
29	tier_3	b.delightcmain.xyz	2	Epik LLC	MARJORY.NS.CLOUDFLARE.COM	Anonymize, Inc.

	ip	city	region	org	postal	country_name	tier	count	hostname	anycast
0	185.107.56.60	Amsterdam	North Holland	AS43350 NForce Entertainment B.V.	1012	Netherlands	tier_1	19	nan	nan
1	64.32.8.68	Los Angeles	California	AS46844 Sharktech	90009	United States	tier_1	18	customer.sharktech.net	nan
2	64.32.8.69	Los Angeles	California	AS46844 Sharktech	90009	United States	tier_1	16	customer.sharktech.net	nan
3	185.107.56.59	Amsterdam	North Holland	AS43350 NForce Entertainment B.V.	1012	Netherlands	tier_1	13	nan	nan
4	64.32.8.67	Los Angeles	California	AS46844 Sharktech	90009	United States	tier_1	12	customer.sharktech.net	nan
5	64.32.8.70	Los Angeles	California	AS46844 Sharktech	90009	United States	tier_1	11	customer.sharktech.net	nan
6	185.107.56.57	Amsterdam	North Holland	AS43350 NForce Entertainment B.V.	1012	Netherlands	tier_1	10	nan	nan
7	185.107.56.58	Amsterdam	North Holland	AS43350 NForce Entertainment B.V.	1012	Netherlands	tier_1	6	nan	nan
8	167.233.8.197	Nürnberg	Bavaria	AS24940 Hetzner Online GmbH	90402	Germany	tier_2	69	static.197.8.233.167.clients.your-server.de	nan
9	34.200.146.95	Virginia Beach	Virginia	AS14618 Amazon.com, Inc.	23452	United States	tier_2	43	ec2-34-200-146-95.compute-1.amazonaws.com	nan
10	104.26.11.53	San Francisco	California	AS13335 Cloudflare, Inc.	94107	United States	tier_2	38	nan	True
11	54.84.27.165	Virginia Beach	Virginia	AS14618 Amazon.com, Inc.	23452	United States	tier_2	38	ec2-54-84-27-165.compute-1.amazonaws.com	nan
12	209.15.13.136	Toronto	Ontario	AS13768 Aptum Technologies	M5N	Canada	tier_3	16	nan	nan
13	205.185.216.42	Dallas	Texas	AS20446 Highwinds Network Group, Inc.	75201	United States	tier_2	11	map2.hwcdn.net	True
14	104.26.10.53	San Francisco	California	AS13335 Cloudflare, Inc.	94107	United States	tier_2	10	nan	True
15	172.67.74.77	San Francisco	California	AS13335 Cloudflare, Inc.	94107	United States	tier_2	7	nan	True
16	172.67.134.220	San Francisco	California	AS13335 Cloudflare, Inc.	94107	United States	tier_2	7	nan	True
17	104.21.6.127	San Francisco	California	AS13335 Cloudflare, Inc.	94107	United States	tier_2	7	nan	True
18	23.44.217.143	Newark	New Jersey	AS16625 Akamai Technologies, Inc.	07175	United States	tier_3	52	a23-44-217-143.deploy.static.akamaitechnologies.com	nan
19	209.15.13.136	Toronto	Ontario	AS13768 Aptum Technologies	M5N	Canada	tier_3	16	nan	nan
20	35.174.35.73	Virginia Beach	Virginia	AS14618 Amazon.com, Inc.	23452	United States	tier_3	8	ec2-35-174-35-73.compute-1.amazonaws.com	nan
21	34.207.4.240	Virginia Beach	Virginia	AS14618 Amazon.com, Inc.	23452	United States	tier_3	6	ec2-34-207-4-240.compute-1.amazonaws.com	nan
22	158.106.84.60	Toronto	Ontario	AS23498 COGECODATA	M5N	Canada	tier_3	5	desktop.squirt.org	nan
23	98.129.228.57	Dallas	Texas	AS33070 Rackspace Hosting	75270	United States	tier_3	3	nan	nan
24	172.67.138.156	San Francisco	California	AS13335 Cloudflare, Inc.	94107	United States	tier_3	2	nan	True
25	104.18.78.149	San Francisco	California	AS13335 Cloudflare, Inc.	94107	United States	tier_3	2	nan	True
26	104.21.80.8	San Francisco	California	AS13335 Cloudflare, Inc.	94107	United States	tier_3	2	nan	True
27	192.138.218.207	Seattle	Washington	AS14332 Connexity, Inc.	98111	United States	tier_3	2	rd.bizrate.com	nan

Aggregated redirection graph of domains located on current IP address.¶

The redirection flows from left to right
Leftmost domains are initial domains hosted on current IP
Rightmost domains are final landing domains we were able to crawl

Screenshot of high-occurrence final landing domains¶

Zhouhan Chen, NYU Center for Data Science, zc1245@nyu.edu, Personal Website

Malware Discoverer Github Homepage.

Daily Threat Intelligence Report¶

Aggregated redirection graph of domains located on current IP address.¶

Screenshot of high-occurrence final landing domains¶

Have other ideas? / Want to subscribe to get threat intelligence report? / Contact¶