viz_redirection_chain_to

Malware Discoverer Github Homepage.

Daily Threat Intelligence Report¶

This report contains following information

Overall statistics
1. Number of domains detected
2. Number of domains detected by Google Safe Browsing
3. IP address behind entry-level domains
4. date of collection
Top 10 domain statistics
1. count (number of redirection paths that contain this domain)
2. tier (1 is entry-level domain, 2 is intermediate hop, 3 is final landing domain)
3. registar
4. organization
Top 10 IP statistics
1. count
2. location (city, country, region)
3. hostname
4. organization
Consolidated redirection path
1. green: tier one domain
2. yellow: tier two domain
3. red: tier three domain

	num_domain	num_links	num_full_url	num_safebrowsing_malicious	num_vt_malicious	date	ip	user_agent
0	163	165	633	0	121	2021-02-26	64.32.8.70	Android

	tier	domain	count	registrar	name_servers	org
0	tier_1	bugpoint.net	1	SNAPNAMES 42, LLC	NS1.DNSNUTS.COM	None
1	tier_1	drmommyonline.com	1	DevilDogDomains.com, LLC	NS1.DNSNUTS.COM	None
2	tier_1	dakmm.com	1	Private Domains, LLC	NS1.DNSNUTS.COM	None
3	tier_1	feby.net	1	NamePal.com #8024, LLC	NS1.DNSNUTS.COM	None
4	tier_1	18land.net	1	DuckbilledDomains.com LLC	NS1.DNSNUTS.COM	None
5	tier_1	aellaabroad.com	1	SNAPNAMES 35, LLC	NS1.DNSNUTS.COM	None
6	tier_1	bamporn.com	1	SNAPNAMES 50, LLC	NS1.DNSNUTS.COM	None
7	tier_1	being-bianca.com	1	Gozerdomains.com LLC	NS1.DNSNUTS.COM	None
8	tier_1	globalprintmonitor.org	1	Domainhawks.net LLC	NS1.DNSNUTS.COM	None
9	tier_1	deltathrottle.com	1	Pipeline Domains, LLC	NS1.DNSNUTS.COM	None
10	tier_2	8205.wcitianka.com	58	GoDaddy Online Services Cayman Islands LTD	NS-1096.AWSDNS-09.ORG	None
11	tier_2	go.revpush.cc	58	GoDaddy.com, LLC	NS43.DOMAINCONTROL.COM	Domains By Proxy, LLC
12	tier_2	afflat3c1.com	58	DNC Holdings, Inc	NS1.PEER1.NET	Savvy Investments, LLC Privacy ID# 14674509
13	tier_2	priceshopinsurance.go2cloud.org	58	NAMECHEAP INC	NS-1511.AWSDNS-60.ORG	['Seattle Technology', 'Redacted for Privacy Purposes']
14	tier_2	alfik-fik.com	42	Amazon Registrar, Inc.	NS-1264.AWSDNS-30.ORG	Whois Privacy Service
15	tier_2	track.vcdc.com	24	Key-Systems GmbH	GUY.NS.CLOUDFLARE.COM	c/o whoisproxy.com
16	tier_2	atnpx.com	17	GoDaddy.com, LLC	BECKY.NS.CLOUDFLARE.COM	Domains By Proxy, LLC
17	tier_2	dprtb.com	13	1API GmbH	NS1.DNSIMPLE.COM	REDACTED FOR PRIVACY
18	tier_2	ad.doubleclick.net	11	MarkMonitor, Inc.	NS1.GOOGLE.COM	Google Inc.
19	tier_2	trackyourmpg.com	6	GoDaddy Online Services Cayman Islands LTD	HUGH.NS.CLOUDFLARE.COM	None
20	tier_3	priceshopinsurance.com	58	GoDaddy.com, LLC	NS27.DOMAINCONTROL.COM	Domains By Proxy, LLC
21	tier_3	kbb.com	17	CSC CORPORATE DOMAINS, INC.	PDNS164.ULTRADNS.BIZ	Autotrader.com
22	tier_3	storystudio.sfgate.com	12	CSC CORPORATE DOMAINS, INC.	NS1.HEARSTNP.COM	Hearst Communications, Inc.
23	tier_3	atnpx.com	4	GoDaddy.com, LLC	BECKY.NS.CLOUDFLARE.COM	Domains By Proxy, LLC
24	tier_3	happymakesite.xyz	3	Epik LLC	MARJORY.NS.CLOUDFLARE.COM	Anonymize, Inc.
25	tier_3	lulus.com_LOOP_1	3	None	None	None
26	tier_3	m.placesiteb.xyz	3	Sav.comLLC	HUGH.NS.CLOUDFLARE.COM	Privacy Protection
27	tier_3	squirt.org	2	NAMECHEAP INC	NS5.DNSMADEEASY.COM	WhoisGuard, Inc.
28	tier_3	win2.trustedpush.com	2	NAMECHEAP INC	NS-1142.AWSDNS-14.ORG	WhoisGuard, Inc.
29	tier_3	android-data-alert.com	2	DANESCO TRADING LTD	KEENAN.NS.CLOUDFLARE.COM	DANESCO TRADING LTD.

	ip	city	region	org	postal	country_name	tier	count	hostname	anycast
0	185.107.56.59	Amsterdam	North Holland	AS43350 NForce Entertainment B.V.	1012	Netherlands	tier_1	17	nan	nan
1	185.107.56.60	Amsterdam	North Holland	AS43350 NForce Entertainment B.V.	1012	Netherlands	tier_1	17	nan	nan
2	64.32.8.67	Los Angeles	California	AS46844 Sharktech	90009	United States	tier_1	14	customer.sharktech.net	nan
3	64.32.8.69	Los Angeles	California	AS46844 Sharktech	90009	United States	tier_1	14	customer.sharktech.net	nan
4	64.32.8.68	Los Angeles	California	AS46844 Sharktech	90009	United States	tier_1	13	customer.sharktech.net	nan
5	64.32.8.70	Los Angeles	California	AS46844 Sharktech	90009	United States	tier_1	12	customer.sharktech.net	nan
6	185.107.56.58	Amsterdam	North Holland	AS43350 NForce Entertainment B.V.	1012	Netherlands	tier_1	11	nan	nan
7	185.107.56.57	Amsterdam	North Holland	AS43350 NForce Entertainment B.V.	1012	Netherlands	tier_1	11	nan	nan
8	198.54.112.216	San Jose	California	AS22612 Namecheap, Inc.	95103	United States	tier_2	59	nan	nan
9	34.199.107.160	Virginia Beach	Virginia	AS14618 Amazon.com, Inc.	23452	United States	tier_2	58	ec2-34-199-107-160.compute-1.amazonaws.com	nan
10	69.172.200.185	Toronto	Ontario	AS19324 Dosarrest Internet Security LTD	M5N	Canada	tier_2	58	maxbounty.com	nan
11	167.233.8.197	Nürnberg	Bavaria	AS24940 Hetzner Online GmbH	90402	Germany	tier_2	24	static.197.8.233.167.clients.your-server.de	nan
12	54.84.27.165	Virginia Beach	Virginia	AS14618 Amazon.com, Inc.	23452	United States	tier_2	23	ec2-54-84-27-165.compute-1.amazonaws.com	nan
13	34.200.146.95	Virginia Beach	Virginia	AS14618 Amazon.com, Inc.	23452	United States	tier_2	21	ec2-34-200-146-95.compute-1.amazonaws.com	nan
14	34.198.147.111	Virginia Beach	Virginia	AS14618 Amazon.com, Inc.	23452	United States	tier_2	20	ec2-34-198-147-111.compute-1.amazonaws.com	nan
15	52.205.36.237	Virginia Beach	Virginia	AS14618 Amazon.com, Inc.	23452	United States	tier_2	19	ec2-52-205-36-237.compute-1.amazonaws.com	nan
16	52.20.195.125	Virginia Beach	Virginia	AS14618 Amazon.com, Inc.	23452	United States	tier_2	19	ec2-52-20-195-125.compute-1.amazonaws.com	nan
17	209.15.13.136	Toronto	Ontario	AS13768 Aptum Technologies	M5N	Canada	tier_2	16	nan	nan
18	198.71.233.138	Ashburn	Virginia	AS26496 GoDaddy.com, LLC	20149	United States	tier_3	58	ip-198-71-233-138.ip.secureserver.net	nan
19	23.44.217.143	Newark	New Jersey	AS16625 Akamai Technologies, Inc.	07175	United States	tier_3	17	a23-44-217-143.deploy.static.akamaitechnologies.com	nan
20	98.129.228.57	Dallas	Texas	AS33070 Rackspace Hosting	75270	United States	tier_3	12	nan	nan
21	104.18.80.149	San Francisco	California	AS13335 Cloudflare, Inc.	94107	United States	tier_3	5	nan	True
22	100.37.135.2	New York City	New York	AS701 MCI Communications Services, Inc. d/b/a Verizon Business	10004	United States	tier_3	4	pool-100-37-135-2.nycmny.fios.verizon.net	nan
23	172.67.74.77	San Francisco	California	AS13335 Cloudflare, Inc.	94107	United States	tier_3	3	nan	True
24	158.106.84.60	Toronto	Ontario	AS23498 COGECODATA	M5N	Canada	tier_3	2	squirt.org	nan
25	104.26.10.53	San Francisco	California	AS13335 Cloudflare, Inc.	94107	United States	tier_3	1	nan	True
26	104.21.25.82	San Francisco	California	AS13335 Cloudflare, Inc.	94107	United States	tier_3	1	nan	True
27	34.206.66.177	Virginia Beach	Virginia	AS14618 Amazon.com, Inc.	23452	United States	tier_3	1	ec2-34-206-66-177.compute-1.amazonaws.com	nan

Aggregated redirection graph of domains located on current IP address.¶

The redirection flows from left to right
Leftmost domains are initial domains hosted on current IP
Rightmost domains are final landing domains we were able to crawl

Screenshot of high-occurrence final landing domains¶

Zhouhan Chen, NYU Center for Data Science, zc1245@nyu.edu, Personal Website

Malware Discoverer Github Homepage.

Daily Threat Intelligence Report¶

Aggregated redirection graph of domains located on current IP address.¶

Screenshot of high-occurrence final landing domains¶

Have other ideas? / Want to subscribe to get threat intelligence report? / Contact¶