Malware Discoverer Github Homepage.

Daily Threat Intelligence Report

This report contains following information

1. Overall statistics
   1. Number of domains detected
   2. Number of domains detected by Google Safe Browsing
   3. IP address behind entry-level domains
   4. date of collection
2. Top 10 domain statistics
   1. count (number of redirection paths that contain this domain)
   2. tier (1 is entry-level domain, 2 is intermediate hop, 3 is final landing domain)
   3. registar
   4. organization
3. Top 10 IP statistics
   1. count
   2. location (city, country, region)
   3. hostname
   4. organization
4. Consolidated redirection path
   1. green: tier one domain
   2. yellow: tier two domain
   3. red: tier three domain

	num_domain	num_links	num_full_url	num_safebrowsing_malicious	num_vt_malicious	date	ip	user_agent
0	257	257	1112	0	139	2021-04-01	37.48.65.149	Android

	tier	domain	count	registrar	name_servers	org
0	tier_1	helloboss.in	1	Dynadot LLC	ns1.commonmx.com	None
1	tier_1	drehscheibe-deutschland.de	1	None	None	None
2	tier_1	fotospornocaseras.net	1	SNAPNAMES 81, LLC	NS1.COMMONMX.COM	None
3	tier_1	bbffs.com	1	Long Drive Domains LLC	NS1.COMMONMX.COM	None
4	tier_1	aurbataao.com	1	None	None	None
5	tier_1	gidporno.com	1	None	None	None
6	tier_1	airtemail.in	1	Dynadot LLC	ns1.commonmx.com	None
7	tier_1	katrill.com	1	None	None	None
8	tier_1	genesisblogs.com	1	GoDaddy.com, LLC	NS1.COMMONMX.COM	None
9	tier_1	mainerailtransit.org	1	Deschutesdomains.com LLC	NS1.COMMONMX.COM	None
10	tier_2	1496.wcitianka.com	183	GoDaddy Online Services Cayman Islands LTD	NS-1096.AWSDNS-09.ORG	None
11	tier_2	americanlisted.com	182	ilait AB	NS1.TELECOM3.NET	Integration 3 Group AB
12	tier_2	9nl.es	80	None	None	None
13	tier_2	newre-conversions.clickmeter.com	80	REGISTER S.P.A.	NS-1498.AWSDNS-59.ORG	REDACTED FOR PRIVACY
14	tier_2	ring.joveo.com	80	Go Canada Domains, LLC	NS-1256.AWSDNS-29.ORG	Domains By Proxy, LLC
15	tier_2	turibius-hra.com	20	Amazon Registrar, Inc.	NS-1142.AWSDNS-14.ORG	Whois Privacy Service
16	tier_2	btpnav.com	11	1API GmbH	NS1.DNSIMPLE.COM	Registrant of btpnav.com
17	tier_2	rd.bizrate.com	6	MarkMonitor, Inc.	NS-1189.AWSDNS-20.ORG	Meredith Corporation
18	tier_2	noclick.connexity.com	5	MarkMonitor Inc.	NS-1235.AWSDNS-26.ORG	None
19	tier_2	rd.connexity.net	5	None	None	None
20	tier_3	google.com	102	MarkMonitor, Inc.	NS1.GOOGLE.COM	Google LLC
21	tier_3	signup.surveyvoices.com	80	GoDaddy.com, LLC	ALEXIS.NS.CLOUDFLARE.COM	None
22	tier_3	storystudio.sfgate.com	6	CSC CORPORATE DOMAINS, INC.	NS1.HEARSTNP.COM	Hearst Communications, Inc.
23	tier_3	wayfair.com	5	MarkMonitor, Inc.	A1-100.AKAM.NET	Wayfair, LLC
24	tier_3	m.placesiteb.xyz	3	Sav.comLLC	HUGH.NS.CLOUDFLARE.COM	Privacy Protection
25	tier_3	htvnativeadsolutions.com	3	CSC CORPORATE DOMAINS, INC.	NS1.HEARSTNP.COM	Hearst Television Inc.
26	tier_3	win4.trustedpush.com	1	NAMECHEAP INC	NS-1142.AWSDNS-14.ORG	Privacy service provided by Withheld for Privacy ehf
27	tier_3	theory.com	1	CSC CORPORATE DOMAINS, INC.	NS0.DNSMADEEASY.COM	Theory LLC
28	tier_3	americanlisted.com	1	ilait AB	NS1.TELECOM3.NET	Integration 3 Group AB
29	tier_3	bing.com	1	MarkMonitor, Inc.	DNS1.P09.NSONE.NET	Microsoft Corporation

	ip	city	region	org	postal	country_name	tier	count	hostname	anycast
0	207.244.67.216	Revere	Massachusetts	AS30633 Leaseweb USA, Inc.	02151	United States	tier_1	31	nan	nan
1	207.244.67.214	Revere	Massachusetts	AS30633 Leaseweb USA, Inc.	02151	United States	tier_1	30	nan	nan
2	207.244.67.215	Revere	Massachusetts	AS30633 Leaseweb USA, Inc.	02151	United States	tier_1	28	nan	nan
3	207.244.67.218	Revere	Massachusetts	AS30633 Leaseweb USA, Inc.	02151	United States	tier_1	22	nan	nan
4	104.243.45.190	New York City	New York	AS23470 ReliableSite.Net LLC	10004	United States	tier_1	15	nan	nan
5	104.243.45.178	New York City	New York	AS23470 ReliableSite.Net LLC	10004	United States	tier_1	14	nan	nan
6	206.221.176.184	New York City	New York	AS23470 ReliableSite.Net LLC	10004	United States	tier_1	10	nan	nan
7	104.243.45.179	New York City	New York	AS23470 ReliableSite.Net LLC	10004	United States	tier_1	7	nan	nan
8	82.192.82.225	Amsterdam	North Holland	AS60781 LeaseWeb Netherlands B.V.	1012	Netherlands	tier_1	5	nan	nan
9	37.48.65.148	Soest	Utrecht	AS60781 LeaseWeb Netherlands B.V.	3765	Netherlands	tier_1	5	nan	nan
10	198.54.112.216	San Jose	California	AS22612 Namecheap, Inc.	95103	United States	tier_2	183	nan	nan
11	35.209.61.240	Council Bluffs	Iowa	AS15169 Google LLC	51502	United States	tier_2	182	240.61.209.35.bc.googleusercontent.com	nan
12	23.21.166.230	Ashburn	Virginia	AS14618 Amazon.com, Inc.	20149	United States	tier_2	45	ec2-23-21-166-230.compute-1.amazonaws.com	nan
13	23.21.53.13	Ashburn	Virginia	AS14618 Amazon.com, Inc.	20149	United States	tier_2	43	ec2-23-21-53-13.compute-1.amazonaws.com	nan
14	54.235.205.204	Ashburn	Virginia	AS14618 Amazon.com, Inc.	20149	United States	tier_2	37	ec2-54-235-205-204.compute-1.amazonaws.com	nan
15	54.197.247.190	Ashburn	Virginia	AS14618 Amazon.com, Inc.	20149	United States	tier_2	35	ec2-54-197-247-190.compute-1.amazonaws.com	nan
16	13.225.230.122	New York City	New York	AS16509 Amazon.com, Inc.	10004	United States	tier_2	23	server-13-225-230-122.jfk51.r.cloudfront.net	nan
17	13.225.230.105	New York City	New York	AS16509 Amazon.com, Inc.	10004	United States	tier_2	23	server-13-225-230-105.jfk51.r.cloudfront.net	nan
18	13.225.230.128	New York City	New York	AS16509 Amazon.com, Inc.	10004	United States	tier_2	19	server-13-225-230-128.jfk51.r.cloudfront.net	nan
19	13.225.230.11	New York City	New York	AS16509 Amazon.com, Inc.	10004	United States	tier_2	15	server-13-225-230-11.jfk51.r.cloudfront.net	nan
20	104.21.71.177	San Francisco	California	AS13335 Cloudflare, Inc.	94107	United States	tier_3	47	nan	True
21	172.67.147.244	San Francisco	California	AS13335 Cloudflare, Inc.	94107	United States	tier_3	33	nan	True
22	172.217.165.132	New York City	New York	AS15169 Google LLC	10004	United States	tier_3	21	lga25s70-in-f4.1e100.net	nan
23	172.217.3.100	Westbury	New York	AS15169 Google LLC	11590	United States	tier_3	19	lga34s18-in-f4.1e100.net	nan
24	142.250.64.68	Mountain View	California	AS15169 Google LLC	94043	United States	tier_3	19	lga34s30-in-f4.1e100.net	nan
25	142.250.64.100	Mountain View	California	AS15169 Google LLC	94043	United States	tier_3	13	lga34s31-in-f4.1e100.net	nan
26	142.250.80.4	New York City	New York	AS15169 Google LLC	10004	United States	tier_3	11	lga34s33-in-f4.1e100.net	nan
27	172.217.10.100	Clifton	New Jersey	AS15169 Google LLC	07015	United States	tier_3	11	lga34s15-in-f4.1e100.net	nan
28	172.217.9.228	Clifton	New Jersey	AS15169 Google LLC	07015	United States	tier_3	8	lga34s11-in-f4.1e100.net	nan
29	98.129.228.57	Dallas	Texas	AS33070 Rackspace Hosting	75270	United States	tier_3	6	nan	nan

Aggregated redirection graph of domains located on current IP address.

• The redirection flows from left to right
• Leftmost domains are initial domains hosted on current IP
• Rightmost domains are final landing domains we were able to crawl

Screenshot of high-occurrence final landing domains

Have other ideas? / Want to subscribe to get threat intelligence report? / Contact

Zhouhan Chen, NYU Center for Data Science, zc1245@nyu.edu, Personal Website