Malware Discoverer Github Homepage.

Daily Threat Intelligence Report

This report contains following information

1. Overall statistics
   1. Number of domains detected
   2. Number of domains detected by Google Safe Browsing
   3. IP address behind entry-level domains
   4. date of collection
2. Top 10 domain statistics
   1. count (number of redirection paths that contain this domain)
   2. tier (1 is entry-level domain, 2 is intermediate hop, 3 is final landing domain)
   3. registar
   4. organization
3. Top 10 IP statistics
   1. count
   2. location (city, country, region)
   3. hostname
   4. organization
4. Consolidated redirection path
   1. green: tier one domain
   2. yellow: tier two domain
   3. red: tier three domain

	num_domain	num_links	num_full_url	num_safebrowsing_malicious	num_vt_malicious	date	ip	user_agent
0	241	246	1242	1	10	2021-03-05	37.48.65.149	Android

	tier	domain	count	registrar	name_servers	org
0	tier_1	epayfaucets.com	1	TUCOWS, INC.	NS1.COMMONMX.COM	Contact Privacy Inc. Customer 0159169997
1	tier_1	erotop.info	1	DYNADOT LLC	NS1.COMMONMX.COM	None
2	tier_1	biit.info	1	Dynadot, LLC	NS1.COMMONMX.COM	None
3	tier_1	baicung.com	1	GoDaddy.com, LLC	NS1.COMMONMX.COM	None
4	tier_1	ginderfactory.com	1	TUCOWS, INC.	NS1.COMMONMX.COM	Contact Privacy Inc. Customer 0158845294
5	tier_1	gratgames.com	1	TUCOWS, INC.	NS1.COMMONMX.COM	Contact Privacy Inc. Customer 0159841841
6	tier_1	3idi.me	1	GoDaddy.com, LLC	None	None
7	tier_1	diziindir.org	1	Domainhysteria.com LLC	NS1.COMMONMX.COM	None
8	tier_1	artdaily.me	1	Dynadot, LLC	None	None
9	tier_1	conectarural.org	1	GoDaddy.com, LLC	NS1.COMMONMX.COM	None
10	tier_2	dprtb.com	115	1API GmbH	NS1.DNSIMPLE.COM	REDACTED FOR PRIVACY
11	tier_2	alfik-fik.com	78	Amazon Registrar, Inc.	NS-1264.AWSDNS-30.ORG	Whois Privacy Service
12	tier_2	nicanor-the.com	54	Amazon Registrar, Inc.	NS-1242.AWSDNS-27.ORG	Whois Privacy Service
13	tier_2	get.popplunder.com	52	NAMECHEAP INC	DNS1.REGISTRAR-SERVERS.COM	WhoisGuard, Inc.
14	tier_2	trustedpush.com	52	NAMECHEAP INC	NS-1142.AWSDNS-14.ORG	WhoisGuard, Inc.
15	tier_2	win1.trustedpush.com	46	NAMECHEAP INC	NS-1142.AWSDNS-14.ORG	WhoisGuard, Inc.
16	tier_2	ads35.adtelligent.com	46	DANESCO TRADING LTD	NS.ANYCASTNS1.ORG	Vertamedia,LLC
17	tier_2	dsp35.adtelligent.com	46	DANESCO TRADING LTD	NS.ANYCASTNS1.ORG	Vertamedia,LLC
18	tier_2	aibm1.mysearch.space	46	None	None	None
19	tier_2	externals-1953518744.us-east-1.elb.amazonaws.com	46	MarkMonitor, Inc.	R1.AMAZONAWS.COM	Amazon.com, Inc.
20	tier_3	bing.com	45	MarkMonitor, Inc.	DNS1.P09.NSONE.NET	Microsoft Corporation
21	tier_3	happymakesite.xyz	22	Epik LLC	MARJORY.NS.CLOUDFLARE.COM	Anonymize, Inc.
22	tier_3	storystudio.sfgate.com	21	CSC CORPORATE DOMAINS, INC.	NS1.HEARSTNP.COM	Hearst Communications, Inc.
23	tier_3	win3.trustedpush.com	17	None	None	None
24	tier_3	win2.trustedpush.com	16	NAMECHEAP INC	NS-1142.AWSDNS-14.ORG	WhoisGuard, Inc.
25	tier_3	m.placesiteb.xyz	13	Sav.comLLC	HUGH.NS.CLOUDFLARE.COM	Privacy Protection
26	tier_3	win4.trustedpush.com	12	NAMECHEAP INC	NS-1142.AWSDNS-14.ORG	WhoisGuard, Inc.
27	tier_3	win1.trustedpush.com	6	NAMECHEAP INC	NS-1142.AWSDNS-14.ORG	WhoisGuard, Inc.
28	tier_3	moneyfinancegold.com	2	NameCheap, Inc.	ANNA.NS.CLOUDFLARE.COM	None
29	tier_3	get.popplunder.com	2	NAMECHEAP INC	DNS1.REGISTRAR-SERVERS.COM	WhoisGuard, Inc.

	ip	city	region	org	postal	country_name	tier	count	hostname	anycast
0	207.244.67.215	Manassas	Virginia	AS30633 Leaseweb USA, Inc.	20108	United States	tier_1	32	nan	nan
1	207.244.67.214	Manassas	Virginia	AS30633 Leaseweb USA, Inc.	20108	United States	tier_1	22	nan	nan
2	207.244.67.216	Manassas	Virginia	AS30633 Leaseweb USA, Inc.	20108	United States	tier_1	22	nan	nan
3	207.244.67.218	Manassas	Virginia	AS30633 Leaseweb USA, Inc.	20108	United States	tier_1	18	nan	nan
4	206.221.176.184	Willingboro	New Jersey	AS23470 ReliableSite.Net LLC	08046	United States	tier_1	18	nan	nan
5	104.243.45.178	New York City	New York	AS23470 ReliableSite.Net LLC	10004	United States	tier_1	12	nan	nan
6	104.243.45.190	New York City	New York	AS23470 ReliableSite.Net LLC	10004	United States	tier_1	9	nan	nan
7	185.107.56.197	Amsterdam	North Holland	AS43350 NForce Entertainment B.V.	1012	Netherlands	tier_1	4	nan	nan
8	104.243.45.179	New York City	New York	AS23470 ReliableSite.Net LLC	10004	United States	tier_1	4	nan	nan
9	74.63.241.24	Los Angeles	California	AS46475 Limestone Networks, Inc.	90009	United States	tier_1	4	24-241-63-74.static.reverse.lstn.net	nan
10	209.15.13.136	Toronto	Ontario	AS13768 Aptum Technologies	M5N	Canada	tier_2	118	nan	nan
11	34.200.146.95	Virginia Beach	Virginia	AS14618 Amazon.com, Inc.	23458	United States	tier_2	75	ec2-34-200-146-95.compute-1.amazonaws.com	nan
12	13.225.230.12	New York City	New York	AS16509 Amazon.com, Inc.	10004	United States	tier_3	9	server-13-225-230-12.jfk51.r.cloudfront.net	nan
13	54.84.27.165	Virginia Beach	Virginia	AS14618 Amazon.com, Inc.	23458	United States	tier_2	58	ec2-54-84-27-165.compute-1.amazonaws.com	nan
14	34.199.180.187	Virginia Beach	Virginia	AS14618 Amazon.com, Inc.	23458	United States	tier_2	52	ec2-34-199-180-187.compute-1.amazonaws.com	nan
15	209.205.202.42	New York City	New York	AS55081 24 SHELLS	10004	United States	tier_2	46	static-42-202-205-209.24shells.net	nan
16	209.205.202.43	New York City	New York	AS55081 24 SHELLS	10004	United States	tier_2	46	static-43-202-205-209.24shells.net	nan
17	35.162.164.74	Portland	Oregon	AS16509 Amazon.com, Inc.	97256	United States	tier_2	46	ec2-35-162-164-74.us-west-2.compute.amazonaws.com	nan
18	13.225.230.115	New York City	New York	AS16509 Amazon.com, Inc.	10004	United States	tier_2	36	server-13-225-230-115.jfk51.r.cloudfront.net	nan
19	198.54.112.216	San Jose	California	AS22612 Namecheap, Inc.	95103	United States	tier_2	32	nan	nan
20	204.79.197.200	Redmond	Washington	AS8068 Microsoft Corporation	98052	United States	tier_3	38	a-0001.a-msedge.net	True
21	100.37.135.2	New York City	New York	AS701 MCI Communications Services, Inc. d/b/a Verizon Business	10004	United States	tier_3	33	pool-100-37-135-2.nycmny.fios.verizon.net	nan
22	98.129.228.57	Dallas	Texas	AS33070 Rackspace Hosting	75270	United States	tier_3	21	nan	nan
23	104.18.78.149	San Francisco	California	AS13335 Cloudflare, Inc.	94107	United States	tier_3	19	nan	True
24	13.225.230.12	New York City	New York	AS16509 Amazon.com, Inc.	10004	United States	tier_3	9	server-13-225-230-12.jfk51.r.cloudfront.net	nan
25	104.18.82.149	San Francisco	California	AS13335 Cloudflare, Inc.	94107	United States	tier_3	6	nan	True
26	13.107.21.200	Redmond	Washington	AS8068 Microsoft Corporation	98052	United States	tier_3	6	nan	True
27	104.18.80.149	San Francisco	California	AS13335 Cloudflare, Inc.	94107	United States	tier_3	6	nan	True
28	13.225.230.57	New York City	New York	AS16509 Amazon.com, Inc.	10004	United States	tier_3	5	server-13-225-230-57.jfk51.r.cloudfront.net	nan
29	104.18.81.149	San Francisco	California	AS13335 Cloudflare, Inc.	94107	United States	tier_3	5	nan	True

Aggregated redirection graph of domains located on current IP address.

• The redirection flows from left to right
• Leftmost domains are initial domains hosted on current IP
• Rightmost domains are final landing domains we were able to crawl

Screenshot of high-occurrence final landing domains

Have other ideas? / Want to subscribe to get threat intelligence report? / Contact

Zhouhan Chen, NYU Center for Data Science, zc1245@nyu.edu, Personal Website