Malware Discoverer Github Homepage.

Daily Threat Intelligence Report

This report contains following information

  1. Overall statistics
    1. Number of domains detected
    2. Number of domains detected by Google Safe Browsing
    3. IP address behind entry-level domains
    4. date of collection
  2. Top 10 domain statistics
    1. count (number of redirection paths that contain this domain)
    2. tier (1 is entry-level domain, 2 is intermediate hop, 3 is final landing domain)
    3. registar
    4. organization
  3. Top 10 IP statistics
    1. count
    2. location (city, country, region)
    3. hostname
    4. organization
  4. Consolidated redirection path
    1. green: tier one domain
    2. yellow: tier two domain
    3. red: tier three domain
num_domain num_links num_full_url num_safebrowsing_malicious num_vt_malicious date ip user_agent
0 126 123 424 0 45 2021-01-17 37.48.65.149 Android
tier domain count registrar name_servers org
0 tier_1 alriyadh.us 1 Communigal Communication Ltd ns2.commonmx.com None
1 tier_1 cdhatver.com 1 NamePal.com #8010, LLC NS1.COMMONMX.COM None
2 tier_1 2homeremedies.com 1 None None None
3 tier_1 4779.info 1 DYNADOT LLC NS1.COMMONMX.COM None
4 tier_1 bigcleandetailing.com 1 None None None
5 tier_1 333tk.net 1 Annapurna Domains LLC NS1.COMMONMX.COM None
6 tier_1 123kingcash.com 1 YouDamain.com LLC NS1.DNSNUTS.COM None
7 tier_1 bookglobal.net 1 SNAPNAMES 9, LLC NS1.COMMONMX.COM None
8 tier_1 beastfriend.in 1 Dynadot LLC ns1.commonmx.com None
9 tier_1 casl.info 1 DYNADOT LLC NS1.COMMONMX.COM None
10 tier_2 bradamante-per.com 25 Amazon Registrar, Inc. NS-1026.AWSDNS-00.ORG Whois Privacy Service
11 tier_2 get.popplunder.com 25 NAMECHEAP INC DNS1.REGISTRAR-SERVERS.COM WhoisGuard, Inc.
12 tier_2 trustedpush.com 24 NAMECHEAP INC NS-1142.AWSDNS-14.ORG WhoisGuard, Inc.
13 tier_2 win1.trustedpush.com 24 NAMECHEAP INC NS-1142.AWSDNS-14.ORG WhoisGuard, Inc.
14 tier_2 win2.trustedpush.com 23 NAMECHEAP INC NS-1142.AWSDNS-14.ORG WhoisGuard, Inc.
15 tier_2 dprtb.com 21 1API GmbH NS1.DNSIMPLE.COM REDACTED FOR PRIVACY
16 tier_2 1496.wcitianka.com 15 GoDaddy Online Services Cayman Islands LTD NS-1096.AWSDNS-09.ORG None
17 tier_2 americanlisted.com 14 ilait AB NS1.TELECOM3.NET Integration 3 Group AB
18 tier_2 rd.nebulajobs.com 14 None None None
19 tier_2 win3.trustedpush.com 14 NAMECHEAP INC NS-1142.AWSDNS-14.ORG WhoisGuard, Inc.
20 tier_3 win3.trustedpush.com 9 NAMECHEAP INC NS-1142.AWSDNS-14.ORG WhoisGuard, Inc.
21 tier_3 win4.trustedpush.com 8 NAMECHEAP INC NS-1142.AWSDNS-14.ORG WhoisGuard, Inc.
22 tier_3 signup.finddreamjobs.com 5 GoDaddy.com, LLC ALEXIS.NS.CLOUDFLARE.COM Find Dream Jobs
23 tier_3 agatrck.com 5 Amazon Registrar, Inc. NS-1518.AWSDNS-61.ORG Whois Privacy Service
24 tier_3 win5.trustedpush.com 4 NAMECHEAP INC NS-1142.AWSDNS-14.ORG WhoisGuard, Inc.
25 tier_3 godaddy.com 3 GoDaddy.com, LLC A1-245.AKAM.NET Go Daddy Operating Company, LLC
26 tier_3 delightcmain.xyz 3 Epik LLC MARJORY.NS.CLOUDFLARE.COM Anonymize, Inc.
27 tier_3 click.appcast.io_LOOP_1 3 None None None
28 tier_3 toprevenuecpmnetwork.com 2 None None None
29 tier_3 b.jubilantdstreet.xyz 2 Epik LLC MARJORY.NS.CLOUDFLARE.COM Anonymize, Inc.
ip city region org postal country_name tier count hostname anycast
0 207.244.67.215 Manassas Virginia AS30633 Leaseweb USA, Inc. 20108 United States tier_1 10 nan nan
1 207.244.67.218 Manassas Virginia AS30633 Leaseweb USA, Inc. 20108 United States tier_1 9 nan nan
2 207.244.67.216 Manassas Virginia AS30633 Leaseweb USA, Inc. 20108 United States tier_1 9 nan nan
3 207.244.67.214 Manassas Virginia AS30633 Leaseweb USA, Inc. 20108 United States tier_1 8 nan nan
4 206.221.176.184 New York City New York AS23470 ReliableSite.Net LLC 10004 United States tier_1 5 nan nan
5 104.243.45.190 New York City New York AS23470 ReliableSite.Net LLC 10004 United States tier_1 5 nan nan
6 104.243.45.178 New York City New York AS23470 ReliableSite.Net LLC 10004 United States tier_1 5 nan nan
7 104.243.45.179 New York City New York AS23470 ReliableSite.Net LLC 10004 United States tier_1 4 nan nan
8 185.107.56.198 Amsterdam North Holland AS43350 NForce Entertainment B.V. 1012 Netherlands tier_1 2 nan nan
9 185.107.56.59 Amsterdam North Holland AS43350 NForce Entertainment B.V. 1012 Netherlands tier_1 1 nan nan
10 13.225.229.113 New York City New York AS16509 Amazon.com, Inc. 10004 United States tier_2 29 server-13-225-229-113.jfk51.r.cloudfront.net nan
11 13.225.229.12 New York City New York AS16509 Amazon.com, Inc. 10004 United States tier_3 2 server-13-225-229-12.jfk51.r.cloudfront.net nan
12 34.199.180.187 Virginia Beach Virginia AS14618 Amazon.com, Inc. 23479 United States tier_2 26 ec2-34-199-180-187.compute-1.amazonaws.com nan
13 209.15.13.136 Toronto Ontario AS13768 Aptum Technologies M5N Canada tier_2 24 nan nan
14 13.225.229.73 New York City New York AS16509 Amazon.com, Inc. 10004 United States tier_3 2 server-13-225-229-73.jfk51.r.cloudfront.net nan
15 198.54.112.216 San Jose California AS22612 Namecheap, Inc. 95103 United States tier_2 17 nan nan
16 34.202.98.117 Virginia Beach Virginia AS14618 Amazon.com, Inc. 23479 United States tier_2 15 ec2-34-202-98-117.compute-1.amazonaws.com nan
17 13.225.229.61 New York City New York AS16509 Amazon.com, Inc. 10004 United States tier_3 5 server-13-225-229-61.jfk51.r.cloudfront.net nan
18 35.209.61.240 Council Bluffs Iowa AS15169 Google LLC 51502 United States tier_2 14 240.61.209.35.bc.googleusercontent.com nan
19 34.226.113.11 Virginia Beach Virginia AS14618 Amazon.com, Inc. 23479 United States tier_2 12 ec2-34-226-113-11.compute-1.amazonaws.com nan
20 100.37.135.2 New York City New York AS701 MCI Communications Services, Inc. d/b/a Verizon Business 10004 United States tier_3 19 pool-100-37-135-2.nycmny.fios.verizon.net nan
21 13.225.229.61 New York City New York AS16509 Amazon.com, Inc. 10004 United States tier_3 5 server-13-225-229-61.jfk51.r.cloudfront.net nan
22 104.17.47.14 San Francisco California AS13335 Cloudflare, Inc. 94107 United States tier_3 5 nan True
23 54.205.191.137 Virginia Beach Virginia AS14618 Amazon.com, Inc. 23479 United States tier_3 5 ec2-54-205-191-137.compute-1.amazonaws.com nan
24 184.87.68.204 Newark New Jersey AS16625 Akamai Technologies, Inc. 07175 United States tier_3 3 a184-87-68-204.deploy.static.akamaitechnologies.com nan
25 104.18.82.149 San Francisco California AS13335 Cloudflare, Inc. 94107 United States tier_3 3 nan True
26 13.225.229.73 New York City New York AS16509 Amazon.com, Inc. 10004 United States tier_3 2 server-13-225-229-73.jfk51.r.cloudfront.net nan
27 3.211.178.164 Virginia Beach Virginia AS14618 Amazon.com, Inc. 23479 United States tier_3 2 ec2-3-211-178-164.compute-1.amazonaws.com nan
28 13.225.229.12 New York City New York AS16509 Amazon.com, Inc. 10004 United States tier_3 2 server-13-225-229-12.jfk51.r.cloudfront.net nan
29 52.200.114.82 Virginia Beach Virginia AS14618 Amazon.com, Inc. 23479 United States tier_3 1 ec2-52-200-114-82.compute-1.amazonaws.com nan

Aggregated redirection graph of domains located on current IP address.

  • The redirection flows from left to right
  • Leftmost domains are initial domains hosted on current IP
  • Rightmost domains are final landing domains we were able to crawl

Screenshot of high-occurrence final landing domains

Have other ideas? / Want to subscribe to get threat intelligence report? / Contact

Zhouhan Chen, NYU Center for Data Science, zc1245@nyu.edu, Personal Website