Malware Discoverer Github Homepage.

Daily Threat Intelligence Report

This report contains following information

  1. Overall statistics
    1. Number of domains detected
    2. Number of domains detected by Google Safe Browsing
    3. IP address behind entry-level domains
    4. date of collection
  2. Top 10 domain statistics
    1. count (number of redirection paths that contain this domain)
    2. tier (1 is entry-level domain, 2 is intermediate hop, 3 is final landing domain)
    3. registar
    4. organization
  3. Top 10 IP statistics
    1. count
    2. location (city, country, region)
    3. hostname
    4. organization
  4. Consolidated redirection path
    1. green: tier one domain
    2. yellow: tier two domain
    3. red: tier three domain
num_domainnum_linksnum_full_urlnum_safebrowsing_maliciousnum_vt_maliciousdateipuser_agent
0262265117901112021-02-21207.244.67.215Android
tierdomaincountregistrarname_serversorg
0tier_1fibroidclear.com1GoDaddy.com, LLCNS1.COMMONMX.COMNone
1tier_1dublikat.in1Dynadot LLCns1.commonmx.comNone
2tier_1inisiyatif.net1DYNADOT13 LLCNS1.COMMONMX.COMNone
3tier_1gamefirst.me1Dynadot, LLCNoneNone
4tier_1examnotes.net1NameSilo, LLCNS1.COMMONMX.COMSee PrivacyGuardian.org
5tier_1bestbuytech.us1Communigal Communication Ltdns2.commonmx.comNone
6tier_1fullmovieonline.in1Dynadot LLCns1.commonmx.comNone
7tier_1iftin.co1Dynadot LLCns2.commonmx.comNone
8tier_1dondehaybaile.com1GoDaddy.com, LLCNS1.COMMONMX.COMNone
9tier_1hqfilms.in1Dynadot LLCns1.commonmx.comNone
10tier_25339.wcitianka.com150NoneNoneNone
11tier_2tr.trackingsys.tech149DonDominio (SCIP)NS1.DONDOMINIO.COMSoluciones Corporativas IP, c/o Whois Proxy
12tier_2xlongliveapkx.com75NAMECHEAP INCARON.NS.CLOUDFLARE.COMWhoisGuard, Inc.
13tier_2b3stcond1tions.com74NAMECHEAP INCARON.NS.CLOUDFLARE.COMWhoisGuard, Inc.
14tier_2one.androidapp-download.com50Internet Domain Service BS Corp.NS-1501.AWSDNS-59.ORGNone
15tier_2mobileoffers-dl-download.com36Internet Domain Service BS Corp.NS-1253.AWSDNS-28.ORGWhois Privacy Corp.
16tier_2appardinga.club32Dynadot LLCaiden.ns.cloudflare.comNone
17tier_2jechesmacaltont.info25DANESCO TRADING LTDNS-503.AWSDNS-62.COMDANESCO TRADING LTD.
18tier_2dprtb.com191API GmbHNS1.DNSIMPLE.COMREDACTED FOR PRIVACY
19tier_2alfik-fik.com19Amazon Registrar, Inc.NS-1264.AWSDNS-30.ORGWhois Privacy Service
20tier_3talskingest.top57Dynadot LLCmack.ns.cloudflare.comNone
21tier_3app.cosmoplayer.biz50TLD Registrar Solutions Ltd.ns-usa.topdns.comNone
22tier_3mobileoffers-br-download.com36Registrar of domain names REG.RU LLCNS-1373.AWSDNS-43.ORGNone
23tier_3storystudio.sfgate.com11CSC CORPORATE DOMAINS, INC.NS1.HEARSTNP.COMHearst Communications, Inc.
24tier_3mobileoffers-dl-download.com6Internet Domain Service BS Corp.NS-1253.AWSDNS-28.ORGWhois Privacy Corp.
25tier_3win3.trustedpush.com5NAMECHEAP INCNS-1142.AWSDNS-14.ORGWhoisGuard, Inc.
26tier_3bing.com4MarkMonitor, Inc.DNS1.P09.NSONE.NETMicrosoft Corporation
27tier_3venus.com2GoDaddy.com, LLCNS0.DNSMADEEASY.COMVenus Fashion, Inc.
28tier_3overstock.com2NoneNoneNone
29tier_3win1.trustedpush.com2NAMECHEAP INCNS-1142.AWSDNS-14.ORGWhoisGuard, Inc.
ipcityregionorgpostalcountry_nametiercounthostnameanycast
0207.244.67.215ManassasVirginiaAS30633 Leaseweb USA, Inc.20108United Statestier_132nannan
1207.244.67.216ManassasVirginiaAS30633 Leaseweb USA, Inc.20108United Statestier_126nannan
2207.244.67.218ManassasVirginiaAS30633 Leaseweb USA, Inc.20108United Statestier_124nannan
3207.244.67.214ManassasVirginiaAS30633 Leaseweb USA, Inc.20108United Statestier_124nannan
4104.243.45.179New York CityNew YorkAS23470 ReliableSite.Net LLC10004United Statestier_113nannan
5104.243.45.178New York CityNew YorkAS23470 ReliableSite.Net LLC10004United Statestier_111nannan
6206.221.176.184New York CityNew YorkAS23470 ReliableSite.Net LLC10004United Statestier_111nannan
7104.243.45.190New York CityNew YorkAS23470 ReliableSite.Net LLC10004United Statestier_17nannan
837.48.65.148SoestUtrechtAS60781 LeaseWeb Netherlands B.V.3765Netherlandstier_15nannan
982.192.82.227AmsterdamNorth HollandAS60781 LeaseWeb Netherlands B.V.1012Netherlandstier_14nannan
10198.54.112.216San JoseCaliforniaAS22612 Namecheap, Inc.95103United Statestier_2150nannan
11188.72.236.136AmsterdamNorth HollandAS35415 Webzilla B.V.1012Netherlandstier_21501f2-12-d2456-136.webazilla.comnan
1234.231.10.22Virginia BeachVirginiaAS14618 Amazon.com, Inc.23452United Statestier_2149ec2-34-231-10-22.compute-1.amazonaws.comnan
13190.2.150.38NaaldwijkSouth HollandAS49981 WorldStream B.V.2671Netherlandstier_342customer.worldstream.nlnan
14209.15.13.136TorontoOntarioAS13768 Aptum TechnologiesM5NCanadatier_229nannan
15192.138.218.207SeattleWashingtonAS14332 Connexity, Inc.98111United Statestier_217rd.bizrate.comnan
1634.200.146.95Virginia BeachVirginiaAS14618 Amazon.com, Inc.23452United Statestier_214ec2-34-200-146-95.compute-1.amazonaws.comnan
1754.84.27.165Virginia BeachVirginiaAS14618 Amazon.com, Inc.23452United Statestier_214ec2-54-84-27-165.compute-1.amazonaws.comnan
18204.44.79.214Los AngelesCaliforniaAS8100 QuadraNet Enterprises LLC90014United Statestier_212204.44.79.214.static.quadranet.comnan
19217.182.197.60Frankfurt am MainHesseAS16276 OVH SAS60311Germanytier_212setup-ovh-de-02.itroot.itnan
20100.37.135.2New York CityNew YorkAS701 MCI Communications Services, Inc. d/b/a Verizon Business10004United Statestier_355pool-100-37-135-2.nycmny.fios.verizon.netnan
21190.2.150.38NaaldwijkSouth HollandAS49981 WorldStream B.V.2671Netherlandstier_342customer.worldstream.nlnan
2213.224.211.113SeattleWashingtonAS16509 Amazon.com, Inc.98101United Statestier_316server-13-224-211-113.phl50.r.cloudfront.netnan
2313.224.211.45SeattleWashingtonAS16509 Amazon.com, Inc.98101United Statestier_313server-13-224-211-45.phl50.r.cloudfront.netnan
2498.129.228.57DallasTexasAS33070 Rackspace Hosting75270United Statestier_312nannan
2513.32.202.36WashingtonWashington, D.C.AS16509 Amazon.com, Inc.20045United Statestier_37server-13-32-202-36.iad66.r.cloudfront.netnan
2613.224.211.73SeattleWashingtonAS16509 Amazon.com, Inc.98101United Statestier_36server-13-224-211-73.phl50.r.cloudfront.netnan
2713.224.211.23SeattleWashingtonAS16509 Amazon.com, Inc.98101United Statestier_36server-13-224-211-23.phl50.r.cloudfront.netnan
28204.79.197.200RedmondWashingtonAS8068 Microsoft Corporation98052United Statestier_34a-0001.a-msedge.netTrue
2913.32.202.102WashingtonWashington, D.C.AS16509 Amazon.com, Inc.20045United Statestier_34server-13-32-202-102.iad66.r.cloudfront.netnan

Aggregated redirection graph of domains located on current IP address.

  • The redirection flows from left to right
  • Leftmost domains are initial domains hosted on current IP
  • Rightmost domains are final landing domains we were able to crawl

Screenshot of high-occurrence final landing domains

Have other ideas? / Want to subscribe to get threat intelligence report? / Contact

Zhouhan Chen, NYU Center for Data Science, zc1245@nyu.edu, Personal Website