Malware Discoverer Github Homepage.

Daily Threat Intelligence Report

This report contains following information

  1. Overall statistics
    1. Number of domains detected
    2. Number of domains detected by Google Safe Browsing
    3. IP address behind entry-level domains
    4. date of collection
  2. Top 10 domain statistics
    1. count (number of redirection paths that contain this domain)
    2. tier (1 is entry-level domain, 2 is intermediate hop, 3 is final landing domain)
    3. registar
    4. organization
  3. Top 10 IP statistics
    1. count
    2. location (city, country, region)
    3. hostname
    4. organization
  4. Consolidated redirection path
    1. green: tier one domain
    2. yellow: tier two domain
    3. red: tier three domain
num_domainnum_linksnum_full_urlnum_safebrowsing_maliciousnum_vt_maliciousdateipuser_agent
02202349780152021-04-08185.107.56.199Android
tierdomaincountregistrarname_serversorg
0tier_1havaispark.com1TUCOWS, INC.NS1.COMMONMX.COMContact Privacy Inc. Customer 0159839698
1tier_1completeitprofessional.com1Heavydomains.net LLCNS1.COMMONMX.COMNone
2tier_1behm.de1NoneNoneNone
3tier_1javstreams.com1Top Pick Names LLCNS1.COMMONMX.COMNone
4tier_1champshubdxb.com1TUCOWS, INC.NS1.COMMONMX.COMContact Privacy Inc. Customer 0159166652
5tier_1examnotes.net1NameSilo, LLCNS1.COMMONMX.COMSee PrivacyGuardian.org
6tier_1iori-yagami.mobi1DYNADOT LLCNoneNone
7tier_1gokids.de1NoneNoneNone
8tier_1bloz.info1DYNADOT LLCNS1.COMMONMX.COMNone
9tier_1ivho.nl1Sombrero.de Gmbhns1.commonmx.comNone
10tier_2btpnav.com611API GmbHNS1.DNSIMPLE.COMRegistrant of btpnav.com
11tier_2rugab-ans.com58Amazon Registrar, Inc.NS-1165.AWSDNS-17.ORGWhois Privacy Service
12tier_2click.expmediadirect.com47NoneNoneNone
13tier_2api.apptap.com45Amazon Registrar, Inc.NS-1256.AWSDNS-29.ORGWhois Privacy Service
14tier_2redirect.viglink.com44Amazon Registrar, Inc.NS1.VIGLINK.COMWhois Privacy Service
15tier_2link.sylikes.com44MarkMonitor, Inc.NS-1063.AWSDNS-04.ORGConnexity, Inc.
16tier_2rd.bizrate.com38NoneNoneNone
17tier_2nizephoros-pom.com35Amazon Registrar, Inc.NS-1192.AWSDNS-21.ORGWhois Privacy Service
18tier_2get.popplunder.com35NoneNoneNone
19tier_2trustedpush.com35NoneNoneNone
20tier_2win1.trustedpush.com33NoneNoneNone
21tier_2rd.connexity.net31MarkMonitor, Inc.NS-1190.AWSDNS-20.ORGConnexity, Inc.
22tier_2atnpx.com28GoDaddy.com, LLCBECKY.NS.CLOUDFLARE.COMDomains By Proxy, LLC
23tier_2api.mplayit.com28Amazon Registrar, Inc.NS-1236.AWSDNS-26.ORGNone
24tier_2win2.trustedpush.com22NoneNoneNone
25tier_2trackyourmpg.com16GoDaddy Online Services Cayman Islands LTDHUGH.NS.CLOUDFLARE.COMNone
26tier_2win3.trustedpush.com14NoneNoneNone
27tier_2track.vcdc.com9Key-Systems GmbHGUY.NS.CLOUDFLARE.COMc/o whoisproxy.com
28tier_2win4.trustedpush.com6NoneNoneNone
29tier_2grandinroad.com5Network Solutions, LLCNS1.HSN.NETNone
30tier_3kbb.com16CSC CORPORATE DOMAINS, INC.PDNS164.ULTRADNS.BIZAutotrader.com
31tier_3storystudio.sfgate.com14CSC CORPORATE DOMAINS, INC.NS1.HEARSTNP.COMHearst Communications, Inc.
32tier_3robogarden.io12GoDaddy.com, LLCBECKY.NS.CLOUDFLARE.COMNone
33tier_3win2.trustedpush.com11NoneNoneNone
34tier_3overstock.com11MarkMonitor, Inc.DNS1.P01.NSONE.NETOverstock.com, Inc - TMA606142
35tier_3m.placesiteb.xyz9Sav.comLLCHUGH.NS.CLOUDFLARE.COMPrivacy Protection
36tier_3win4.trustedpush.com8NoneNoneNone
37tier_3win3.trustedpush.com8NoneNoneNone
38tier_3rd.bizrate.com7MarkMonitor, Inc.NS-1189.AWSDNS-20.ORGMeredith Corporation
39tier_3frontgate.com7Network Solutions, LLCNS1.HSN.NETNone
40tier_3fanatics.com6NoneNoneNone
41tier_3win5.trustedpush.com5NoneNoneNone
42tier_3m.gladplacespin.xyz5Epik LLCMARJORY.NS.CLOUDFLARE.COMAnonymize, Inc.
43tier_3grandinroad.com_LOOP_14NoneNoneNone
44tier_3skechers.com4MarkMonitor, Inc.ALAN.NS.CLOUDFLARE.COMSkechers USA
45tier_3b.playspind.xyz2Sav.comLLCHUGH.NS.CLOUDFLARE.COMPrivacy Protection
46tier_3win1.trustedpush.com2NoneNoneNone
47tier_3youthewinner.net21API GmbHNS-1028.AWSDNS-00.ORGRegistrant of youthewinner.net
48tier_3click.expmediadirect.com1NoneNoneNone
49tier_3m.albeebaby.com1Network Solutions, LLCYNS1.YAHOO.COMNone
50tier_3careerbliss.com1GoDaddy.com, LLCNS10.DNSMADEEASY.COMDomains By Proxy, LLC
51tier_3keenfootwear.com_LOOP_11NoneNoneNone
52tier_3birkenstock.com1PSI-USA, Inc. dba Domain RobotA.NS14.NETBIRKENSTOCK SALES GMBH
53tier_3qksrv.net1MarkMonitor, Inc.ASIA9.AKAM.NETConversant, Inc.
54tier_3omahasteaks.com1CSC CORPORATE DOMAINS, INC.A1-3.AKAM.NETOmaha Steaks International, Inc.
55tier_3grandinroad.com_LOOP_21NoneNoneNone
56tier_3volvocars.com1CSC CORPORATE DOMAINS, INC.UDNS1.CSCDNS.NETVolvoCarCorporation
57tier_3owletcare.com_LOOP_11NoneNoneNone
58tier_3win6.trustedpush.com1NoneNoneNone
ipcityregionorgpostalcountry_nametiercounthostnameanycast
0207.244.67.215WashingtonWashington, D.C.AS30633 Leaseweb USA, Inc.20045United Statestier_124nannan
1207.244.67.216WashingtonWashington, D.C.AS30633 Leaseweb USA, Inc.20045United Statestier_121nannan
2207.244.67.218WashingtonWashington, D.C.AS30633 Leaseweb USA, Inc.20045United Statestier_119nannan
3207.244.67.214WashingtonWashington, D.C.AS30633 Leaseweb USA, Inc.20045United Statestier_119nannan
4104.243.45.178New York CityNew YorkAS23470 ReliableSite.Net LLC10004United Statestier_110nannan
5104.243.45.190New York CityNew YorkAS23470 ReliableSite.Net LLC10004United Statestier_110nannan
6104.243.45.179New York CityNew YorkAS23470 ReliableSite.Net LLC10004United Statestier_19nannan
7206.221.176.184NewarkNew JerseyAS23470 ReliableSite.Net LLC07175United Statestier_17nannan
837.48.65.151AmsterdamNorth HollandAS60781 LeaseWeb Netherlands B.V.1012Netherlandstier_14nannan
9185.107.56.199RotterdamSouth HollandAS43350 NForce Entertainment B.V.3012Netherlandstier_13nannan
10192.138.218.207SeattleWashingtonAS14332 Connexity, Inc.98111United Statestier_37rd.bizrate.comnan
11209.15.13.136TorontoOntarioAS13768 Aptum TechnologiesM5NCanadatier_270nannan
1299.84.114.98NewarkNew JerseyAS16509 Amazon.com, Inc.07175United Statestier_36server-99-84-114-98.ewr52.r.cloudfront.netnan
13198.134.116.30New York CityNew YorkAS27257 Webair Internet Development Company Inc.10013United Statestier_31nannan
1499.84.114.87NewarkNew JerseyAS16509 Amazon.com, Inc.07175United Statestier_34server-99-84-114-87.ewr52.r.cloudfront.netnan
1552.203.234.127AshburnVirginiaAS14618 Amazon.com, Inc.20149United Statestier_238ec2-52-203-234-127.compute-1.amazonaws.comnan
1634.199.180.187AshburnVirginiaAS14618 Amazon.com, Inc.20149United Statestier_235ec2-34-199-180-187.compute-1.amazonaws.comnan
17192.138.218.139SeattleWashingtonAS14332 Connexity, Inc.98111United Statestier_231rd.connexity.netnan
183.226.37.31AshburnVirginiaAS14618 Amazon.com, Inc.20149United Statestier_224ec2-3-226-37-31.compute-1.amazonaws.comnan
1918.235.67.128AshburnVirginiaAS14618 Amazon.com, Inc.20149United Statestier_220ec2-18-235-67-128.compute-1.amazonaws.comnan
2034.207.43.7AshburnVirginiaAS14618 Amazon.com, Inc.20149United Statestier_220ec2-34-207-43-7.compute-1.amazonaws.comnan
2134.239.57.120AshburnVirginiaAS14618 Amazon.com, Inc.20149United Statestier_220ec2-34-239-57-120.compute-1.amazonaws.comnan
2234.225.128.119AshburnVirginiaAS14618 Amazon.com, Inc.20149United Statestier_220ec2-34-225-128-119.compute-1.amazonaws.comnan
2334.197.176.2AshburnVirginiaAS14618 Amazon.com, Inc.20149United Statestier_219ec2-34-197-176-2.compute-1.amazonaws.comnan
24104.26.11.53San FranciscoCaliforniaAS13335 Cloudflare, Inc.94107United Statestier_218nanTrue
2599.84.114.90NewarkNew JerseyAS16509 Amazon.com, Inc.07175United Statestier_217server-99-84-114-90.ewr52.r.cloudfront.netnan
2654.208.107.202AshburnVirginiaAS14618 Amazon.com, Inc.20149United Statestier_217ec2-54-208-107-202.compute-1.amazonaws.comnan
273.228.164.227AshburnVirginiaAS14618 Amazon.com, Inc.20149United Statestier_215ec2-3-228-164-227.compute-1.amazonaws.comnan
2852.72.29.7AshburnVirginiaAS14618 Amazon.com, Inc.20149United Statestier_214ec2-52-72-29-7.compute-1.amazonaws.comnan
29204.44.79.214Los AngelesCaliforniaAS8100 QuadraNet Enterprises LLC90014United Statestier_214204.44.79.214.static.quadranet.comnan
30100.37.135.2New York CityNew YorkAS701 MCI Communications Services, Inc. d/b/a Verizon Business10004United Statestier_332pool-100-37-135-2.nycmny.fios.verizon.netnan
3123.44.217.143NewarkNew JerseyAS16625 Akamai Technologies, Inc.07175United Statestier_316a23-44-217-143.deploy.static.akamaitechnologies.comnan
3298.129.228.57DallasTexasAS33070 Rackspace Hosting75270United Statestier_314nannan
3323.41.189.213NewarkNew JerseyAS16625 Akamai Technologies, Inc.07175United Statestier_311a23-41-189-213.deploy.static.akamaitechnologies.comnan
34104.21.80.8San FranciscoCaliforniaAS13335 Cloudflare, Inc.94107United Statestier_311nanTrue
35104.18.78.149San FranciscoCaliforniaAS13335 Cloudflare, Inc.94107United Statestier_39nanTrue
36192.138.218.207SeattleWashingtonAS14332 Connexity, Inc.98111United Statestier_37rd.bizrate.comnan
3799.84.114.98NewarkNew JerseyAS16509 Amazon.com, Inc.07175United Statestier_36server-99-84-114-98.ewr52.r.cloudfront.netnan
38184.87.65.240NewarkNew JerseyAS16625 Akamai Technologies, Inc.07175United Statestier_36a184-87-65-240.deploy.static.akamaitechnologies.comnan
39184.87.71.113NewarkNew JerseyAS16625 Akamai Technologies, Inc.07175United Statestier_36a184-87-71-113.deploy.static.akamaitechnologies.comnan
4099.84.114.87NewarkNew JerseyAS16509 Amazon.com, Inc.07175United Statestier_34server-99-84-114-87.ewr52.r.cloudfront.netnan
41104.16.189.137San FranciscoCaliforniaAS13335 Cloudflare, Inc.94107United Statestier_34nanTrue
42104.18.79.149San FranciscoCaliforniaAS13335 Cloudflare, Inc.94107United Statestier_32nanTrue
43104.18.81.149San FranciscoCaliforniaAS13335 Cloudflare, Inc.94107United Statestier_32nanTrue
44104.18.80.149San FranciscoCaliforniaAS13335 Cloudflare, Inc.94107United Statestier_32nanTrue
4534.192.40.54AshburnVirginiaAS14618 Amazon.com, Inc.20149United Statestier_32ec2-34-192-40-54.compute-1.amazonaws.comnan
46198.134.116.30New York CityNew YorkAS27257 Webair Internet Development Company Inc.10013United Statestier_31nannan
47172.67.172.143San FranciscoCaliforniaAS13335 Cloudflare, Inc.94107United Statestier_31nanTrue
48185.246.209.11ChicagoIllinoisAS60068 Datacamp Limited60666United Statestier_31chicago-4.cdn77.comnan
49207.38.44.116Los AngelesCaliforniaAS5693 Latisys-Irvine, LLC90009United Statestier_31cbsmtp1.careerbliss.comnan
5023.38.170.120NewarkNew JerseyAS20940 Akamai International B.V.07175United Statestier_31a23-38-170-120.deploy.static.akamaitechnologies.comnan
51159.127.43.26WashingtonWashington, D.C.AS25751 Conversant, Inc.20045United Statestier_31nannan
52100.37.135.2New York CityNew YorkAS701 MCI Communications Services, Inc. d/b/a Verizon Business10004United Statestier_31pool-100-37-135-2.nycmny.fios.verizon.netnan
53184.85.12.124NewarkNew JerseyAS16625 Akamai Technologies, Inc.07175United Statestier_31a184-85-12-124.deploy.static.akamaitechnologies.comnan
54184.87.71.70NewarkNew JerseyAS16625 Akamai Technologies, Inc.07175United Statestier_31a184-87-71-70.deploy.static.akamaitechnologies.comnan
55104.18.82.149San FranciscoCaliforniaAS13335 Cloudflare, Inc.94107United Statestier_31nanTrue

Aggregated redirection graph of domains located on current IP address.

  • The redirection flows from left to right
  • Leftmost domains are initial domains hosted on current IP
  • Rightmost domains are final landing domains we were able to crawl

Screenshot of high-occurrence final landing domains

Have other ideas? / Want to subscribe to get threat intelligence report? / Contact

Zhouhan Chen, NYU Center for Data Science, zc1245@nyu.edu, Personal Website