Malware Discoverer Github Homepage.

Daily Threat Intelligence Report

This report contains following information

1. Overall statistics
   1. Number of domains detected
   2. Number of domains detected by Google Safe Browsing
   3. IP address behind entry-level domains
   4. date of collection
2. Top 10 domain statistics
   1. count (number of redirection paths that contain this domain)
   2. tier (1 is entry-level domain, 2 is intermediate hop, 3 is final landing domain)
   3. registar
   4. organization
3. Top 10 IP statistics
   1. count
   2. location (city, country, region)
   3. hostname
   4. organization
4. Consolidated redirection path
   1. green: tier one domain
   2. yellow: tier two domain
   3. red: tier three domain

	num_domain	num_links	num_full_url	num_safebrowsing_malicious	num_vt_malicious	date	ip	user_agent
0	220	220	923	0	113	2021-01-31	37.48.65.149	Android

	tier	domain	count	registrar	name_servers	org
0	tier_1	bahargroup.asia	1	DYNADOT LLC	NS1.COMMONMX.COM	None
1	tier_1	epfindian.in	1	Dynadot LLC	ns1.commonmx.com	None
2	tier_1	biit.info	1	DYNADOT LLC	NS1.COMMONMX.COM	None
3	tier_1	arxivi.org	1	GoDaddy.com, LLC	NS1.COMMONMX.COM	None
4	tier_1	asibbsrcircle.in	1	Dynadot LLC	ns1.commonmx.com	None
5	tier_1	biyoukenkou.mobi	1	DYNADOT LLC	None	None
6	tier_1	emonj.net	1	DYNADOT17 LLC	NS1.COMMONMX.COM	None
7	tier_1	9code.in	1	Dynadot LLC	ns1.commonmx.com	None
8	tier_1	dd-routers.com	1	GoDaddy.com, LLC	NS1.COMMONMX.COM	None
9	tier_1	dietplanforskolin.com	1	GoDaddy.com, LLC	NS1.COMMONMX.COM	None
10	tier_2	2893.wcitianka.com	79	GoDaddy Online Services Cayman Islands LTD	NS-1096.AWSDNS-09.ORG	None
11	tier_2	cpakd.com	78	GoDaddy Online Services Cayman Islands LTD	HUGH.NS.CLOUDFLARE.COM	None
12	tier_2	bradamante-per.com	56	Amazon Registrar, Inc.	NS-1026.AWSDNS-00.ORG	Whois Privacy Service
13	tier_2	get.popplunder.com	56	NAMECHEAP INC	DNS1.REGISTRAR-SERVERS.COM	WhoisGuard, Inc.
14	tier_2	dprtb.com	54	1API GmbH	NS1.DNSIMPLE.COM	REDACTED FOR PRIVACY
15	tier_2	trustedpush.com	54	NAMECHEAP INC	NS-1142.AWSDNS-14.ORG	WhoisGuard, Inc.
16	tier_2	win1.trustedpush.com	44	NAMECHEAP INC	NS-1142.AWSDNS-14.ORG	WhoisGuard, Inc.
17	tier_2	win2.trustedpush.com	26	NAMECHEAP INC	NS-1142.AWSDNS-14.ORG	WhoisGuard, Inc.
18	tier_2	click.expmediadirect.com	15	None	None	None
19	tier_2	alfik-fik.com	10	Amazon Registrar, Inc.	NS-1264.AWSDNS-30.ORG	Whois Privacy Service
20	tier_3	b.joyspotmap.xyz	38	Epik LLC	MARJORY.NS.CLOUDFLARE.COM	Anonymize, Inc.
21	tier_3	delightcmain.xyz	36	Epik LLC	MARJORY.NS.CLOUDFLARE.COM	Anonymize, Inc.
22	tier_3	win3.trustedpush.com	19	NAMECHEAP INC	NS-1142.AWSDNS-14.ORG	WhoisGuard, Inc.
23	tier_3	win2.trustedpush.com	18	NAMECHEAP INC	NS-1142.AWSDNS-14.ORG	WhoisGuard, Inc.
24	tier_3	win1.trustedpush.com	10	NAMECHEAP INC	NS-1142.AWSDNS-14.ORG	WhoisGuard, Inc.
25	tier_3	win4.trustedpush.com	7	NameCheap, Inc.	NS-1142.AWSDNS-14.ORG	None
26	tier_3	moneyfinancegold.com	7	None	None	None
27	tier_3	search.yahoo.com	5	MarkMonitor, Inc.	NS1.YAHOO.COM	Oath Inc.
28	tier_3	mergerinvesting.com	4	NAMECHEAP INC	DNS1.REGISTRAR-SERVERS.COM	WhoisGuard, Inc.
29	tier_3	rd.bizrate.com	3	MarkMonitor Inc.	NS-1189.AWSDNS-20.ORG	None

	ip	city	region	org	postal	country_name	tier	count	anycast	hostname
0	207.244.67.216	Manassas	Virginia	AS30633 Leaseweb USA, Inc.	20108	United States	tier_1	26	nan	nan
1	207.244.67.215	Manassas	Virginia	AS30633 Leaseweb USA, Inc.	20108	United States	tier_1	24	nan	nan
2	207.244.67.214	Manassas	Virginia	AS30633 Leaseweb USA, Inc.	20108	United States	tier_1	22	nan	nan
3	207.244.67.218	Manassas	Virginia	AS30633 Leaseweb USA, Inc.	20108	United States	tier_1	17	nan	nan
4	104.243.45.178	New York City	New York	AS23470 ReliableSite.Net LLC	10004	United States	tier_1	14	nan	nan
5	104.243.45.190	New York City	New York	AS23470 ReliableSite.Net LLC	10004	United States	tier_1	13	nan	nan
6	104.243.45.179	New York City	New York	AS23470 ReliableSite.Net LLC	10004	United States	tier_1	13	nan	nan
7	206.221.176.184	Hyattsville	Maryland	AS23470 ReliableSite.Net LLC	20781	United States	tier_1	10	nan	nan
8	37.48.65.148	Soest	Utrecht	AS60781 LeaseWeb Netherlands B.V.	3765	Netherlands	tier_1	4	nan	nan
9	185.107.56.199	Amsterdam	North Holland	AS43350 NForce Entertainment B.V.	1012	Netherlands	tier_1	3	nan	nan
10	198.54.112.216	San Jose	California	AS22612 Namecheap, Inc.	95103	United States	tier_2	79	nan	nan
11	209.15.13.136	Toronto	Ontario	AS13768 Aptum Technologies	M5N	Canada	tier_2	62	nan	nan
12	104.19.217.16	San Francisco	California	AS13335 Cloudflare, Inc.	94107	United States	tier_2	57	True	nan
13	34.199.180.187	Virginia Beach	Virginia	AS14618 Amazon.com, Inc.	23479	United States	tier_2	56	nan	ec2-34-199-180-187.compute-1.amazonaws.com
14	34.200.146.95	Virginia Beach	Virginia	AS14618 Amazon.com, Inc.	23479	United States	tier_2	43	nan	ec2-34-200-146-95.compute-1.amazonaws.com
15	13.225.218.113	New York City	New York	AS16509 Amazon.com, Inc.	10004	United States	tier_3	9	nan	server-13-225-218-113.jfk51.r.cloudfront.net
16	13.225.218.47	New York City	New York	AS16509 Amazon.com, Inc.	10004	United States	tier_3	6	nan	server-13-225-218-47.jfk51.r.cloudfront.net
17	13.225.218.85	New York City	New York	AS16509 Amazon.com, Inc.	10004	United States	tier_2	30	nan	server-13-225-218-85.jfk51.r.cloudfront.net
18	54.84.27.165	Virginia Beach	Virginia	AS14618 Amazon.com, Inc.	23479	United States	tier_2	24	nan	ec2-54-84-27-165.compute-1.amazonaws.com
19	13.225.218.79	New York City	New York	AS16509 Amazon.com, Inc.	10004	United States	tier_2	23	nan	server-13-225-218-79.jfk51.r.cloudfront.net
20	100.37.135.2	New York City	New York	AS701 MCI Communications Services, Inc. d/b/a Verizon Business	10004	United States	tier_3	39	nan	pool-100-37-135-2.nycmny.fios.verizon.net
21	104.18.78.149	San Francisco	California	AS13335 Cloudflare, Inc.	94107	United States	tier_3	22	True	nan
22	104.18.81.149	San Francisco	California	AS13335 Cloudflare, Inc.	94107	United States	tier_3	20	True	nan
23	104.18.82.149	San Francisco	California	AS13335 Cloudflare, Inc.	94107	United States	tier_3	13	True	nan
24	104.18.79.149	San Francisco	California	AS13335 Cloudflare, Inc.	94107	United States	tier_3	13	True	nan
25	104.18.80.149	San Francisco	California	AS13335 Cloudflare, Inc.	94107	United States	tier_3	10	True	nan
26	13.225.218.113	New York City	New York	AS16509 Amazon.com, Inc.	10004	United States	tier_3	9	nan	server-13-225-218-113.jfk51.r.cloudfront.net
27	13.225.218.47	New York City	New York	AS16509 Amazon.com, Inc.	10004	United States	tier_3	6	nan	server-13-225-218-47.jfk51.r.cloudfront.net
28	66.218.84.137	Atlantic City	New Jersey	AS26101 Oath Holdings Inc.	08404	United States	tier_3	5	nan	ats1.l7.search.vip.bf1.yahoo.com
29	45.55.189.248	Clifton	New Jersey	AS14061 DigitalOcean, LLC	07014	United States	tier_3	4	nan	nan

Aggregated redirection graph of domains located on current IP address.

• The redirection flows from left to right
• Leftmost domains are initial domains hosted on current IP
• Rightmost domains are final landing domains we were able to crawl

Screenshot of high-occurrence final landing domains

Have other ideas? / Want to subscribe to get threat intelligence report? / Contact

Zhouhan Chen, NYU Center for Data Science, zc1245@nyu.edu, Personal Website