Malware Discoverer Github Homepage.

Daily Threat Intelligence Report

This report contains following information

1. Overall statistics
   1. Number of domains detected
   2. Number of domains detected by Google Safe Browsing
   3. IP address behind entry-level domains
   4. date of collection
2. Top 10 domain statistics
   1. count (number of redirection paths that contain this domain)
   2. tier (1 is entry-level domain, 2 is intermediate hop, 3 is final landing domain)
   3. registar
   4. organization
3. Top 10 IP statistics
   1. count
   2. location (city, country, region)
   3. hostname
   4. organization
4. Consolidated redirection path
   1. green: tier one domain
   2. yellow: tier two domain
   3. red: tier three domain

	num_domain	num_links	num_full_url	num_safebrowsing_malicious	num_vt_malicious	date	ip	user_agent
0	39	37	54	0	1	2021-04-14	185.53.177.73	Chrome

	tier	domain	count	registrar	name_servers	org
0	tier_1	1link.in	1	TLD Registrar Solutions Ltd.	ns1.parkingcrew.net	None
1	tier_1	bitcoinclub.pl	1	Aftermarket.pl Limited	n	None
2	tier_1	ggogle.dk	1	None	ns1.parkingcrew.net	None
3	tier_1	giogle.dk	1	None	ns1.parkingcrew.net	None
4	tier_1	mcinternet.dk	1	None	ns1.parkingcrew.net	None
5	tier_1	nordera.dk	1	None	ns1.parkingcrew.net	None
6	tier_1	hairdesign.dk	1	None	ns1.parkingcrew.net	None
7	tier_1	gooogle.dk	1	None	ns1.parkingcrew.net	None
8	tier_1	leasplan.dk	1	None	ns1.parkingcrew.net	None
9	tier_1	patientvejledningen.dk	1	None	ns1.parkingcrew.net	None
10	tier_2	katie.v4.omgtnc.com	9	PSI-USA, Inc. dba Domain Robot	NS-1133.AWSDNS-13.ORG	None
11	tier_2	recode.pw	3	GANDI SAS	NS-1611.AWSDNS-09.CO.UK	PPCBUZZ
12	tier_2	us.redirectbuzz.club	2	Gandi SAS	ns-2.awsdns-00.com	PPCBUZZ
13	tier_2	technoblogs.net	2	GANDI SAS	NS-1196.AWSDNS-21.ORG	PPCBUZZ
14	tier_2	paid.outbrain.com	2	Network Solutions, LLC	DNS1.P07.NSONE.NET	None
15	tier_2	clk.rtpdn12.com	1	NAMECHEAP INC	DNS1.REGISTRAR-SERVERS.COM	Privacy service provided by Withheld for Privacy ehf
16	tier_2	traff0121.com	1	NAMECHEAP INC	HANS.NS.CLOUDFLARE.COM	Privacy service provided by Withheld for Privacy ehf
17	tier_2	contentgate.art	1	URL Solutions Inc.	HEATHER.NS.CLOUDFLARE.COM	GLOBAL DOMAIN PRIVACY SERVICES INC
18	tier_2	0.contentgate.art	1	URL Solutions Inc.	HEATHER.NS.CLOUDFLARE.COM	GLOBAL DOMAIN PRIVACY SERVICES INC
19	tier_2	1.contentgate.art	1	URL Solutions Inc.	HEATHER.NS.CLOUDFLARE.COM	GLOBAL DOMAIN PRIVACY SERVICES INC
20	tier_2	2.contentgate.art	1	URL Solutions Inc.	HEATHER.NS.CLOUDFLARE.COM	GLOBAL DOMAIN PRIVACY SERVICES INC
21	tier_2	3.contentgate.art	1	URL Solutions Inc.	HEATHER.NS.CLOUDFLARE.COM	GLOBAL DOMAIN PRIVACY SERVICES INC
22	tier_2	trfktunnel.com	1	NAMECHEAP INC	DAVE.NS.CLOUDFLARE.COM	Privacy service provided by Withheld for Privacy ehf
23	tier_2	betalonflamechan.com	1	URL SOLUTIONS INC.	NS-1305.AWSDNS-35.ORG	GLOBAL DOMAIN PRIVACY SERVICES INC
24	tier_2	t.sslrt4.com	1	NAMECHEAP INC	NS-1092.AWSDNS-08.ORG	Privacy service provided by Withheld for Privacy ehf
25	tier_2	batores-dimineer.com	1	Amazon Registrar, Inc.	NS-111.AWSDNS-13.COM	Whois Privacy Service
26	tier_2	trkppc.com	1	NAMECHEAP INC	PDNS1.REGISTRAR-SERVERS.COM	Privacy service provided by Withheld for Privacy ehf
27	tier_2	capitaloneshopping.sjv.io	1	GANDI SAS	NS-545.AWSDNS-04.NET	None
28	tier_2	ojrq.net	1	GANDI SAS	NS-1151.AWSDNS-15.ORG	Impact Radius
29	tier_2	capitaloneshopping.sjv.io_LOOP_1	1	None	None	None
30	tier_3	mergerinvesting.com	2	NAMECHEAP INC	DNS1.REGISTRAR-SERVERS.COM	Privacy service provided by Withheld for Privacy ehf
31	tier_3	ram21.proasdf.com	2	GoDaddy.com, LLC	NS61.DOMAINCONTROL.COM	Domains By Proxy, LLC
32	tier_3	auth.bitbay.net	1	NAMECHEAP INC	EMMA.NS.CLOUDFLARE.COM	Privacy service provided by Withheld for Privacy ehf
33	tier_3	shop.threesbrewing.com	1	None	None	None
34	tier_3	crutchfield.com	1	Domain.com, LLC	NS1.CRUTCHFIELD.COM	REDACTED FOR PRIVACY
35	tier_3	capitaloneshopping.com	1	CSC CORPORATE DOMAINS, INC.	IVY.NS.CLOUDFLARE.COM	Capital One Services, LLC
36	tier_3	surveystarz.com	1	GoDaddy.com, LLC	NS13.DOMAINCONTROL.COM	Domains By Proxy, LLC
37	tier_3	dropped-click.com	1	NAMECHEAP INC	INES.NS.CLOUDFLARE.COM	Privacy service provided by Withheld for Privacy ehf

	ip	city	region	org	postal	country_name	tier	count	hostname	anycast
0	104.247.81.73	Wyandotte	Michigan	AS206834 Team Internet AG	48192	United States	tier_1	9	nan	nan
1	185.253.212.22	Warsaw	Mazovia	AS48707 Marcin Waligorski Greener	00-010	Poland	tier_1	1	nan	nan
2	52.45.77.217	Ashburn	Virginia	AS14618 Amazon.com, Inc.	20149	United States	tier_2	8	ec2-52-45-77-217.compute-1.amazonaws.com	nan
3	178.62.225.201	Amsterdam	North Holland	AS14061 DigitalOcean, LLC	1012	Netherlands	tier_2	5	nan	nan
4	66.232.112.78	Tampa	Florida	AS29802 HIVELOCITY, Inc.	33606	United States	tier_2	3	nan	nan
5	66.232.112.72	Tampa	Florida	AS29802 HIVELOCITY, Inc.	33606	United States	tier_2	2	66-232-112-72.static.hvvc.us	nan
6	66.232.112.85	Tampa	Florida	AS29802 HIVELOCITY, Inc.	33606	United States	tier_2	2	66-232-112-85.static.hvvc.us	nan
7	199.232.66.132	Washington	Washington, D.C.	AS54113 Fastly	20045	United States	tier_2	2	nan	nan
8	88.99.101.106	Hohen Neuendorf	Brandenburg	AS24940 Hetzner Online GmbH	16540	Germany	tier_2	2	static.106.101.99.88.clients.your-server.de	nan
9	18.210.103.13	Ashburn	Virginia	AS14618 Amazon.com, Inc.	20149	United States	tier_2	2	ec2-18-210-103-13.compute-1.amazonaws.com	nan
10	3.220.46.255	Ashburn	Virginia	AS14618 Amazon.com, Inc.	20149	United States	tier_2	1	ec2-3-220-46-255.compute-1.amazonaws.com	nan
11	173.239.53.32	New York City	New York	AS27257 Webair Internet Development Company Inc.	10004	United States	tier_2	1	nan	nan
12	139.45.197.239	Amsterdam	North Holland	AS9002 RETN Limited	1012	Netherlands	tier_2	1	nan	nan
13	35.227.247.224	Kansas City	Missouri	AS15169 Google LLC	64121	United States	tier_2	1	224.247.227.35.bc.googleusercontent.com	True
14	35.227.211.136	Kansas City	Missouri	AS15169 Google LLC	64121	United States	tier_2	1	136.211.227.35.bc.googleusercontent.com	True
15	34.95.127.121	Kansas City	Missouri	AS15169 Google LLC	64121	United States	tier_2	1	121.127.95.34.bc.googleusercontent.com	True
16	100.37.135.2	New York City	New York	AS701 MCI Communications Services, Inc. d/b/a Verizon Business	10004	United States	tier_2	1	pool-100-37-135-2.nycmny.fios.verizon.net	nan
17	169.63.237.195	Dallas	Texas	AS36351 SoftLayer Technologies Inc.	75270	United States	tier_2	1	c3.ed.3fa9.ip4.static.sl-reverse.com	nan
18	45.55.189.248	Clifton	New Jersey	AS14061 DigitalOcean, LLC	07014	United States	tier_3	2	nan	nan
19	162.243.10.151	New York City	New York	AS14061 DigitalOcean, LLC	10011	United States	tier_3	2	nan	nan
20	104.18.5.135	San Francisco	California	AS13335 Cloudflare, Inc.	94107	United States	tier_3	1	nan	True
21	23.227.38.74	Ottawa	Ontario	AS13335 Cloudflare, Inc.	K2P	Canada	tier_3	1	nan	True
22	205.196.12.74	Hollymead	Virginia	AS54391 Crutchfield New Media LLC	22911	United States	tier_3	1	www.crutchfield.com	nan
23	104.18.16.24	San Francisco	California	AS13335 Cloudflare, Inc.	94107	United States	tier_3	1	nan	True
24	165.227.96.45	Clifton	New Jersey	AS14061 DigitalOcean, LLC	07014	United States	tier_3	1	109327.cloudwaysapps.com	nan
25	75.126.45.196	Dallas	Texas	AS36351 SoftLayer Technologies Inc.	75270	United States	tier_3	1	c4.2d.7e4b.ip4.static.sl-reverse.com	nan

Aggregated redirection graph of domains located on current IP address.

• The redirection flows from left to right
• Leftmost domains are initial domains hosted on current IP
• Rightmost domains are final landing domains we were able to crawl

Screenshot of high-occurrence final landing domains

Have other ideas? / Want to subscribe to get threat intelligence report? / Contact

Zhouhan Chen, NYU Center for Data Science, zc1245@nyu.edu, Personal Website