Malware Discoverer Github Homepage.

Daily Threat Intelligence Report

This report contains following information

  1. Overall statistics
    1. Number of domains detected
    2. Number of domains detected by Google Safe Browsing
    3. IP address behind entry-level domains
    4. date of collection
  2. Top 10 domain statistics
    1. count (number of redirection paths that contain this domain)
    2. tier (1 is entry-level domain, 2 is intermediate hop, 3 is final landing domain)
    3. registar
    4. organization
  3. Top 10 IP statistics
    1. count
    2. location (city, country, region)
    3. hostname
    4. organization
  4. Consolidated redirection path
    1. green: tier one domain
    2. yellow: tier two domain
    3. red: tier three domain
num_domainnum_linksnum_full_urlnum_safebrowsing_maliciousnum_vt_maliciousdateipuser_agent
01551565810302021-01-21207.244.67.218Android
tierdomaincountregistrarname_serversorg
0tier_1bautista.me1GoDaddy.com, LLCNoneNone
1tier_1ikay.me1Dynadot, LLCNoneNone
2tier_133t.me1Dynadot, LLCNoneNone
3tier_1musclemaker.me1Dynadot, LLCNoneNone
4tier_1mobilmovies.me1GoDaddy.com, LLCNoneNone
5tier_1movie-time.me1Dynadot, LLCNoneNone
6tier_1jwcjiao.me1GoDaddy.com, LLCNoneNone
7tier_1ajeer.me1GoDaddy.com, LLCNoneNone
8tier_1kaveho.me1Dynadot, LLCNoneNone
9tier_1generalfiles.me1Dynadot, LLCNoneNone
10tier_21496.wcitianka.com101GoDaddy Online Services Cayman Islands LTDNS-1096.AWSDNS-09.ORGNone
11tier_2americanlisted.com92ilait ABNS1.TELECOM3.NETIntegration 3 Group AB
12tier_2rd.stoneoakjobs.com24GoDaddy.com, LLCNS-1464.AWSDNS-55.ORGDomains By Proxy, LLC
13tier_2us.jobtome.com21GoDaddy.com, LLCCHRIS.NS.CLOUDFLARE.COMJobtome Internantional SA
14tier_2us.tideri.com17united domains AGNS.UDAG.DENone
15tier_2alfik-fik.com13Amazon Registrar, Inc.NS-1264.AWSDNS-30.ORGWhois Privacy Service
16tier_2click.appcast.io13101Domain GRS LtdNS-85.AWSDNS-10.COMNone
17tier_2careerbliss.com13GoDaddy.com, LLCNS10.DNSMADEEASY.COMDomains By Proxy, LLC
18tier_2trk.careerbliss.com11GoDaddy.com, LLCNS10.DNSMADEEASY.COMDomains By Proxy, LLC
19tier_2click.appcast.io_LOOP_18NoneNoneNone
20tier_3us.tideri.com34united domains AGNS.UDAG.DENone
21tier_3google.com15MarkMonitor, Inc.NS1.GOOGLE.COMGoogle LLC
22tier_3adzuna.com9123-Reg LimitedNS-1197.AWSDNS-21.ORGAdHunter
23tier_3americanlisted.com9ilait ABNS1.TELECOM3.NETIntegration 3 Group AB
24tier_3delightcmain.xyz8Epik LLCMARJORY.NS.CLOUDFLARE.COMAnonymize, Inc.
25tier_3linkedin.com6MarkMonitor, Inc.DNS1.P09.NSONE.NETLinkedIn Corporation
26tier_3click.appcast.io5101Domain GRS LtdNS-85.AWSDNS-10.COMNone
27tier_3a.upbeatcboulevard.xyz4Epik LLCMARJORY.NS.CLOUDFLARE.COMAnonymize, Inc.
28tier_3jobs2careers.com3Amazon Registrar, Inc.NS-1189.AWSDNS-20.ORGWhois Privacy Service
29tier_3us.allthetopbananas.com3ENOM, INC.DANE.NS.CLOUDFLARE.COMREDACTED FOR PRIVACY
ipcityregionorgpostalcountry_nametiercounthostnameanycast
0104.243.45.178New York CityNew YorkAS23470 ReliableSite.Net LLC10004United Statestier_118nannan
1104.243.45.179New York CityNew YorkAS23470 ReliableSite.Net LLC10004United Statestier_116nannan
2206.221.176.184New York CityNew YorkAS23470 ReliableSite.Net LLC10004United Statestier_115nannan
3104.243.45.190New York CityNew YorkAS23470 ReliableSite.Net LLC10004United Statestier_114nannan
4207.244.67.215ManassasVirginiaAS30633 Leaseweb USA, Inc.20108United Statestier_110nannan
5207.244.67.216ManassasVirginiaAS30633 Leaseweb USA, Inc.20108United Statestier_110nannan
6207.244.67.218ManassasVirginiaAS30633 Leaseweb USA, Inc.20108United Statestier_18nannan
7207.244.67.214ManassasVirginiaAS30633 Leaseweb USA, Inc.20108United Statestier_15nannan
8185.107.56.199AmsterdamNorth HollandAS43350 NForce Entertainment B.V.1012Netherlandstier_15nannan
9185.107.56.197AmsterdamNorth HollandAS43350 NForce Entertainment B.V.1012Netherlandstier_14nannan
10198.54.112.216San JoseCaliforniaAS22612 Namecheap, Inc.95103United Statestier_2101nannan
1135.209.61.240Council BluffsIowaAS15169 Google LLC51502United Statestier_39240.61.209.35.bc.googleusercontent.comnan
12207.38.44.116Los AngelesCaliforniaAS5693 Latisys-Irvine, LLC90009United Statestier_224cbsmtp1.careerbliss.comnan
13130.211.38.206Kansas CityMissouriAS15169 Google LLC64121United Statestier_221206.38.211.130.bc.googleusercontent.comTrue
1435.246.171.123Frankfurt am MainHesseAS15169 Google LLC60311Germanytier_334123.171.246.35.bc.googleusercontent.comnan
1554.84.27.165Virginia BeachVirginiaAS14618 Amazon.com, Inc.23479United Statestier_29ec2-54-84-27-165.compute-1.amazonaws.comnan
1652.54.3.79Virginia BeachVirginiaAS14618 Amazon.com, Inc.23479United Statestier_28ec2-52-54-3-79.compute-1.amazonaws.comnan
17100.37.135.2New York CityNew YorkAS701 MCI Communications Services, Inc. d/b/a Verizon Business10004United Statestier_36pool-100-37-135-2.nycmny.fios.verizon.netnan
18104.18.25.3San FranciscoCaliforniaAS13335 Cloudflare, Inc.94107United Statestier_27nanTrue
1952.86.208.245Virginia BeachVirginiaAS14618 Amazon.com, Inc.23479United Statestier_27ec2-52-86-208-245.compute-1.amazonaws.comnan
2035.246.171.123Frankfurt am MainHesseAS15169 Google LLC60311Germanytier_334123.171.246.35.bc.googleusercontent.comnan
21104.18.79.149San FranciscoCaliforniaAS13335 Cloudflare, Inc.94107United Statestier_39nanTrue
2235.209.61.240Council BluffsIowaAS15169 Google LLC51502United Statestier_39240.61.209.35.bc.googleusercontent.comnan
23142.250.80.4New York CityNew YorkAS15169 Google LLC10004United Statestier_36lga34s33-in-f4.1e100.netnan
24100.37.135.2New York CityNew YorkAS701 MCI Communications Services, Inc. d/b/a Verizon Business10004United Statestier_36pool-100-37-135-2.nycmny.fios.verizon.netnan
2513.107.42.14RedmondWashingtonAS8068 Microsoft Corporation98052United Statestier_35nanTrue
26104.18.78.149San FranciscoCaliforniaAS13335 Cloudflare, Inc.94107United Statestier_34nanTrue
2752.43.116.86PortlandOregonAS16509 Amazon.com, Inc.97240United Statestier_34ec2-52-43-116-86.us-west-2.compute.amazonaws.comnan
2852.27.2.229PortlandOregonAS16509 Amazon.com, Inc.97240United Statestier_33ec2-52-27-2-229.us-west-2.compute.amazonaws.comnan
29207.97.218.196WashingtonWashington, D.C.AS27357 Rackspace Hosting20045United Statestier_33nannan

Aggregated redirection graph of domains located on current IP address.

  • The redirection flows from left to right
  • Leftmost domains are initial domains hosted on current IP
  • Rightmost domains are final landing domains we were able to crawl

Screenshot of high-occurrence final landing domains

Have other ideas? / Want to subscribe to get threat intelligence report? / Contact

Zhouhan Chen, NYU Center for Data Science, zc1245@nyu.edu, Personal Website