Malware Discoverer Github Homepage.

Daily Threat Intelligence Report

This report contains following information

1. Overall statistics
   1. Number of domains detected
   2. Number of domains detected by Google Safe Browsing
   3. IP address behind entry-level domains
   4. date of collection
2. Top 10 domain statistics
   1. count (number of redirection paths that contain this domain)
   2. tier (1 is entry-level domain, 2 is intermediate hop, 3 is final landing domain)
   3. registar
   4. organization
3. Top 10 IP statistics
   1. count
   2. location (city, country, region)
   3. hostname
   4. organization
4. Consolidated redirection path
   1. green: tier one domain
   2. yellow: tier two domain
   3. red: tier three domain

	num_domain	num_links	num_full_url	num_safebrowsing_malicious	num_vt_malicious	date	ip	user_agent
0	92	89	161	0	43	2021-02-17	103.224.182.207	Safari

	tier	domain	count	registrar	name_servers	org
0	tier_1	boytoyfashion.com	1	GoDaddy.com, LLC	NS1.ABOVE.COM	None
1	tier_1	animewapers.com	1	GoDaddy.com, LLC	NS1.ABOVE.COM	None
2	tier_1	alldownloadgames.com	1	GoDaddy.com, LLC	NS1.ABOVE.COM	None
3	tier_1	atcmia.com	1	GoDaddy.com, LLC	NS1.ABOVE.COM	None
4	tier_1	alixepress.com	1	GoDaddy.com, LLC	NS1.ABOVE.COM	None
5	tier_1	blacherreport.com	1	GoDaddy.com, LLC	NS1.ABOVE.COM	None
6	tier_1	arphanetbr.com	1	GoDaddy.com, LLC	NS1.ABOVE.COM	None
7	tier_1	allpose.com	1	GoDaddy.com, LLC	NS1.ABOVE.COM	None
8	tier_1	boardsgalore.com	1	GoDaddy.com, LLC	NS1.ABOVE.COM	None
9	tier_1	asignaturecommunity.com	1	GoDaddy.com, LLC	NS1.ABOVE.COM	None
10	tier_2	1redira.com	12	ABOVE.COM PTY LTD.	NS1.TRELLIAN.COM	REDACTED FOR PRIVACY
11	tier_2	xml.sedodna.com	8	PSI-USA, Inc. dba Domain Robot	NS-1222.AWSDNS-24.ORG	None
12	tier_2	click.expmediadirect.com	8	NAMECHEAP INC	NS1.LINODE.COM	WhoisGuard, Inc.
13	tier_2	0redirb.com	7	ABOVE.COM PTY LTD.	NS1.ABOVE.COM	REDACTED FOR PRIVACY
14	tier_2	qqnhwxpz.ancientopossum.com	6	None	None	None
15	tier_2	seemlast.monster	6	None	None	None
16	tier_2	salo57.admedit.net	4	None	None	None
17	tier_2	ww2.siteplug.com	4	DOMAINPEOPLE, INC.	NS-1263.AWSDNS-29.ORG	REDACTED FOR PRIVACY
18	tier_2	track.vcdc.com	3	Key-Systems GmbH	GUY.NS.CLOUDFLARE.COM	c/o whoisproxy.com
19	tier_2	changeslots.com	2	Instra Corporation Pty Ltd.	CLEO.NS.CLOUDFLARE.COM	REDACTED FOR PRIVACY
20	tier_3	macpaw.com	6	GANDI SAS	NS-1492.AWSDNS-58.ORG	MacPaw Family Ltd.
21	tier_3	theconnectvpn.com	2	DonDominio (SCIP)	ARNOLD.NS.CLOUDFLARE.COM	Soluciones Corporativas IP, c/o Whois Proxy
22	tier_3	searchfrequently.com	2	GoDaddy.com, LLC	NEIL.NS.CLOUDFLARE.COM	Domains By Proxy, LLC
23	tier_3	cyberghostvpn.com	2	GANDI SAS	NS01.CYBERGHOSTVPN.COM	CyberGhost SA
24	tier_3	iosrecommendedvpn.com	2	None	None	None
25	tier_3	bodybuilding.com	2	MarkMonitor, Inc.	NS1.BODYBUILDING.COM	Vitalize, LLC
26	tier_3	best.aliexpress.com	2	Alibaba Cloud Computing (Beijing) Co., Ltd.	NS1.ALIBABADNS.COM	None
27	tier_3	free2update.yourbettercleanplayer.info	1	NAMECHEAP INC	DNS1.REGISTRAR-SERVERS.COM	WhoisGuard, Inc.
28	tier_3	modcloth.com	1	GoDaddy.com, LLC	NS0.DNSMADEEASY.COM	ModCloth Inc
29	tier_3	upalways.thebettercleanplayers.info	1	NAMECHEAP INC	DNS1.REGISTRAR-SERVERS.COM	WhoisGuard, Inc.

	ip	hostname	city	region	org	postal	country_name	tier	count	anycast
0	103.224.182.207	lb-182-207.above.com	Caulfield South	Victoria	AS133618 Trellian Pty. Limited	3193	Australia	tier_1	31	nan
1	103.224.182.206	bidr.trellian.com	Caulfield South	Victoria	AS133618 Trellian Pty. Limited	3193	Australia	tier_2	12	nan
2	91.195.240.136	nan	Munich	Bavaria	AS47846 SEDO GmbH	80331	Germany	tier_2	8	nan
3	173.239.53.32	nan	New York City	New York	AS27257 Webair Internet Development Company Inc.	10013	United States	tier_2	8	nan
4	198.134.116.30	nan	New York City	New York	AS27257 Webair Internet Development Company Inc.	10013	United States	tier_2	8	nan
5	103.224.212.247	lb-212-247.above.com	Caulfield South	Victoria	AS133618 Trellian Pty. Limited	3193	Australia	tier_2	7	nan
6	137.74.180.226	ip226.ip-137-74-180.eu	Strasbourg	Grand Est	AS16276 OVH SAS	67000	France	tier_2	5	nan
7	104.21.68.220	nan	San Francisco	California	AS13335 Cloudflare, Inc.	94107	United States	tier_2	4	True
8	85.17.29.187	nan	Amsterdam	North Holland	AS60781 LeaseWeb Netherlands B.V.	1012	Netherlands	tier_2	4	nan
9	216.139.248.127	216-139-248-127.aus.us.siteprotect.com	Austin	Texas	AS32400 Hostway Services, Inc.	73301	United States	tier_2	4	nan
10	23.36.196.16	a23-36-196-16.deploy.static.akamaitechnologies.com	Philadelphia	Pennsylvania	AS16625 Akamai Technologies, Inc.	19099	United States	tier_3	2	nan
11	35.224.231.200	200.231.224.35.bc.googleusercontent.com	Council Bluffs	Iowa	AS15169 Google LLC	51502	United States	tier_3	6	nan
12	54.162.183.76	ec2-54-162-183-76.compute-1.amazonaws.com	Virginia Beach	Virginia	AS14618 Amazon.com, Inc.	23452	United States	tier_3	5	nan
13	172.67.181.234	nan	San Francisco	California	AS13335 Cloudflare, Inc.	94107	United States	tier_3	2	True
14	104.20.174.46	nan	San Francisco	California	AS13335 Cloudflare, Inc.	94107	United States	tier_3	2	True
15	100.37.135.2	pool-100-37-135-2.nycmny.fios.verizon.net	New York City	New York	AS701 MCI Communications Services, Inc. d/b/a Verizon Business	10004	United States	tier_3	2	nan
16	23.193.181.211	a23-193-181-211.deploy.static.akamaitechnologies.com	New York City	New York	AS16625 Akamai Technologies, Inc.	10004	United States	tier_3	2	nan
17	23.36.196.16	a23-36-196-16.deploy.static.akamaitechnologies.com	Philadelphia	Pennsylvania	AS16625 Akamai Technologies, Inc.	19099	United States	tier_3	2	nan
18	104.21.8.61	nan	San Francisco	California	AS13335 Cloudflare, Inc.	94107	United States	tier_3	1	True
19	104.16.79.42	nan	San Francisco	California	AS13335 Cloudflare, Inc.	94107	United States	tier_3	1	True
20	104.19.182.41	nan	San Francisco	California	AS13335 Cloudflare, Inc.	94107	United States	tier_3	1	True

Aggregated redirection graph of domains located on current IP address.

• The redirection flows from left to right
• Leftmost domains are initial domains hosted on current IP
• Rightmost domains are final landing domains we were able to crawl

Screenshot of high-occurrence final landing domains

Have other ideas? / Want to subscribe to get threat intelligence report? / Contact

Zhouhan Chen, NYU Center for Data Science, zc1245@nyu.edu, Personal Website