Malware Discoverer Github Homepage.

Daily Threat Intelligence Report

This report contains following information

1. Overall statistics
   1. Number of domains detected
   2. Number of domains detected by Google Safe Browsing
   3. IP address behind entry-level domains
   4. date of collection
2. Top 10 domain statistics
   1. count (number of redirection paths that contain this domain)
   2. tier (1 is entry-level domain, 2 is intermediate hop, 3 is final landing domain)
   3. registar
   4. organization
3. Top 10 IP statistics
   1. count
   2. location (city, country, region)
   3. hostname
   4. organization
4. Consolidated redirection path
   1. green: tier one domain
   2. yellow: tier two domain
   3. red: tier three domain

	num_domain	num_links	num_full_url	num_safebrowsing_malicious	num_vt_malicious	date	ip	user_agent
0	226	230	1351	0	96	2021-03-22	37.48.65.149	Chrome

	tier	domain	count	registrar	name_servers	org
0	tier_1	yellownovels.net	1	GoDaddy.com, LLC	NS1.COMMONMX.COM	None
1	tier_1	etheldredasplace.net	1	GoDaddy.com, LLC	NS1.COMMONMX.COM	None
2	tier_1	aurbataao.com	1	TUCOWS, INC.	NS1.COMMONMX.COM	Contact Privacy Inc. Customer 0159179997
3	tier_1	morebest.net	1	Register.com, Inc.	NS1.COMMONMX.COM	None
4	tier_1	kadraya.net	1	Fastball Domains LLC	NS1.COMMONMX.COM	None
5	tier_1	redmarka.net	1	Shining Star Domains, LLC	NS1.COMMONMX.COM	None
6	tier_1	javweb.net	1	GoDaddy.com, LLC	NS1.COMMONMX.COM	None
7	tier_1	gzqsl.net	1	Freshbreweddomains.com LLC	NS1.COMMONMX.COM	None
8	tier_1	emonj.net	1	DYNADOT17 LLC	NS1.COMMONMX.COM	None
9	tier_1	smmarket.net	1	GoDaddy.com, LLC	NS1.COMMONMX.COM	None
10	tier_2	btpnav.com	153	1API GmbH	NS1.DNSIMPLE.COM	Registrant of btpnav.com
11	tier_2	aglai-tan.com	118	Amazon Registrar, Inc.	NS-1083.AWSDNS-07.ORG	Whois Privacy Service
12	tier_2	ads35.adtelligent.com	69	DANESCO TRADING LTD	NS.ANYCASTNS1.ORG	Vertamedia,LLC
13	tier_2	dsp35.adtelligent.com	69	DANESCO TRADING LTD	NS.ANYCASTNS1.ORG	Vertamedia,LLC
14	tier_2	aldb1.mysearch.space	69	None	None	None
15	tier_2	externals-1953518744.us-east-1.elb.amazonaws.com	68	MarkMonitor, Inc.	R1.AMAZONAWS.COM	Amazon.com, Inc.
16	tier_2	search.snjsearch.com	68	GoDaddy.com, LLC	NS73.DOMAINCONTROL.COM	Domains By Proxy, LLC
17	tier_2	americanlisted.com	41	ilait AB	NS1.TELECOM3.NET	Integration 3 Group AB
18	tier_2	1496.wcitianka.com	36	GoDaddy Online Services Cayman Islands LTD	NS-1096.AWSDNS-09.ORG	None
19	tier_2	seekallanswrs.com	31	NameSilo, LLC	NS-CLOUD-A1.GOOGLEDOMAINS.COM	See PrivacyGuardian.org
20	tier_3	bing.com	49	MarkMonitor, Inc.	DNS1.P09.NSONE.NET	Microsoft Corporation
21	tier_3	irl.com	47	GoDaddy.com, LLC	NS-106.AWSDNS-13.COM	Domains By Proxy, LLC
22	tier_3	google.com	41	None	None	None
23	tier_3	search.yahoo.com	18	None	None	None
24	tier_3	aliexpress.com_LOOP_1	6	None	None	None
25	tier_3	reebok.com	3	CSC CORPORATE DOMAINS, INC.	NS1.NETNAMES.NET	Reebok International, Ltd.
26	tier_3	squirt.org	2	NAMECHEAP INC	NS5.DNSMADEEASY.COM	WhoisGuard, Inc.
27	tier_3	rd.bizrate.com	1	MarkMonitor, Inc.	NS-1189.AWSDNS-20.ORG	Meredith Corporation
28	tier_3	2.dailymedia.cyou	1	None	None	None
29	tier_3	reebok.com_LOOP_1	1	None	None	None

	ip	city	region	org	postal	country_name	tier	count	hostname	anycast
0	207.244.67.215	Manassas	Virginia	AS30633 Leaseweb USA, Inc.	20108	United States	tier_1	31	nan	nan
1	207.244.67.218	Manassas	Virginia	AS30633 Leaseweb USA, Inc.	20108	United States	tier_1	25	nan	nan
2	207.244.67.214	Manassas	Virginia	AS30633 Leaseweb USA, Inc.	20108	United States	tier_1	23	nan	nan
3	207.244.67.216	Manassas	Virginia	AS30633 Leaseweb USA, Inc.	20108	United States	tier_1	21	nan	nan
4	104.243.45.190	New York City	New York	AS23470 ReliableSite.Net LLC	10004	United States	tier_1	14	nan	nan
5	206.221.176.184	New York City	New York	AS23470 ReliableSite.Net LLC	10004	United States	tier_1	10	nan	nan
6	104.243.45.179	New York City	New York	AS23470 ReliableSite.Net LLC	10004	United States	tier_1	6	nan	nan
7	37.48.65.148	Soest	Utrecht	AS60781 LeaseWeb Netherlands B.V.	3765	Netherlands	tier_1	5	nan	nan
8	185.107.56.200	Rotterdam	South Holland	AS43350 NForce Entertainment B.V.	3012	Netherlands	tier_1	4	nan	nan
9	104.243.45.178	New York City	New York	AS23470 ReliableSite.Net LLC	10004	United States	tier_1	4	nan	nan
10	209.15.13.136	Toronto	Ontario	AS13768 Aptum Technologies	M5N	Canada	tier_2	157	nan	nan
11	209.205.202.42	New York City	New York	AS55081 24 SHELLS	10004	United States	tier_2	69	static-42-202-205-209.24shells.net	nan
12	209.205.202.43	New York City	New York	AS55081 24 SHELLS	10004	United States	tier_2	69	static-43-202-205-209.24shells.net	nan
13	35.162.164.74	Boardman	Oregon	AS16509 Amazon.com, Inc.	97818	United States	tier_2	68	ec2-35-162-164-74.us-west-2.compute.amazonaws.com	nan
14	54.84.27.165	Ashburn	Virginia	AS14618 Amazon.com, Inc.	20149	United States	tier_2	66	ec2-54-84-27-165.compute-1.amazonaws.com	nan
15	34.200.146.95	Ashburn	Virginia	AS14618 Amazon.com, Inc.	20149	United States	tier_2	57	ec2-34-200-146-95.compute-1.amazonaws.com	nan
16	35.209.61.240	Council Bluffs	Iowa	AS15169 Google LLC	51502	United States	tier_2	41	240.61.209.35.bc.googleusercontent.com	nan
17	50.16.173.246	Ashburn	Virginia	AS14618 Amazon.com, Inc.	20149	United States	tier_2	37	ec2-50-16-173-246.compute-1.amazonaws.com	nan
18	3.125.109.211	Frankfurt am Main	Hesse	AS16509 Amazon.com, Inc.	60311	Germany	tier_2	37	ec2-3-125-109-211.eu-central-1.compute.amazonaws.com	nan
19	198.54.112.216	San Jose	California	AS22612 Namecheap, Inc.	95103	United States	tier_2	36	nan	nan
20	204.79.197.200	Redmond	Washington	AS8068 Microsoft Corporation	98052	United States	tier_3	46	nan	True
21	66.218.84.137	Atlantic City	New Jersey	AS26101 Oath Holdings Inc.	08404	United States	tier_3	18	ats1.l7.search.vip.bf1.yahoo.com	nan
22	172.217.12.132	Clifton	New Jersey	AS15169 Google LLC	07015	United States	tier_3	13	lga34s19-in-f4.1e100.net	nan
23	167.172.136.193	North Bergen	New Jersey	AS14061 DigitalOcean, LLC	07047	United States	tier_3	8	nan	nan
24	54.205.240.192	Ashburn	Virginia	AS14618 Amazon.com, Inc.	20149	United States	tier_3	7	ec2-54-205-240-192.compute-1.amazonaws.com	nan
25	100.37.135.2	New York City	New York	AS701 MCI Communications Services, Inc. d/b/a Verizon Business	10004	United States	tier_3	7	pool-100-37-135-2.nycmny.fios.verizon.net	nan
26	172.217.11.36	New York City	New York	AS15169 Google LLC	10004	United States	tier_3	7	lga25s61-in-f4.1e100.net	nan
27	161.35.60.200	North Bergen	New Jersey	AS14061 DigitalOcean, LLC	07047	United States	tier_3	6	nan	nan
28	172.217.11.4	New York City	New York	AS15169 Google LLC	10004	United States	tier_3	5	lga25s60-in-f4.1e100.net	nan
29	157.245.242.152	North Bergen	New Jersey	AS14061 DigitalOcean, LLC	07047	United States	tier_3	5	nan	nan

Aggregated redirection graph of domains located on current IP address.

• The redirection flows from left to right
• Leftmost domains are initial domains hosted on current IP
• Rightmost domains are final landing domains we were able to crawl

Screenshot of high-occurrence final landing domains

Have other ideas? / Want to subscribe to get threat intelligence report? / Contact

Zhouhan Chen, NYU Center for Data Science, zc1245@nyu.edu, Personal Website