Malware Discoverer Github Homepage.

Daily Threat Intelligence Report

This report contains following information

  1. Overall statistics
    1. Number of domains detected
    2. Number of domains detected by Google Safe Browsing
    3. IP address behind entry-level domains
    4. date of collection
  2. Top 10 domain statistics
    1. count (number of redirection paths that contain this domain)
    2. tier (1 is entry-level domain, 2 is intermediate hop, 3 is final landing domain)
    3. registar
    4. organization
  3. Top 10 IP statistics
    1. count
    2. location (city, country, region)
    3. hostname
    4. organization
  4. Consolidated redirection path
    1. green: tier one domain
    2. yellow: tier two domain
    3. red: tier three domain
num_domainnum_linksnum_full_urlnum_safebrowsing_maliciousnum_vt_maliciousdateipuser_agent
01111185161802020-10-1937.48.65.151Android
tierdomaincountregistrarname_serversorg
0tier_1sengoku-expo.net1Soldierofonedomains.com, LLCNS1.DNSNUTS.COMNone
1tier_1ok-ch.net1Domain Name Root, LLCNS1.DNSNUTS.COMThe Management Group II
2tier_1mirrorfile.net1NamePal.com #8021 Inc.NS1.DNSNUTS.COMNone
3tier_1atumori.net1V12 Domains, LLCNS1.DNSNUTS.COMNone
4tier_1mwfansub.net1Chipshot Domains LLCNS1.DNSNUTS.COMNone
5tier_1juggler-peka.net1Domaincomesaround.com LLCNS1.DNSNUTS.COMNone
6tier_1gobuybuy.net1SearchNResQ Inc.NS1.DNSNUTS.COMNone
7tier_1aimeflv.net1DomainSprouts.com LLCNS1.DNSNUTS.COMThe Management Group II
8tier_1forexbaron.net1Top Level Domains LLCNS1.DNSNUTS.COMThe Management Group II
9tier_1videopremium.net1Domainsareforever.net LLCNS1.DNSNUTS.COMThe Management Group II
10tier_2track.tkbo.com69Key-Systems GmbHNS1.DNSRES.NETc/o whoisproxy.com
11tier_2track.spicefriends.com31NAMECHEAP INCDAN.NS.CLOUDFLARE.COMRedacted for Privacy Purposes
12tier_2get.popplunder.com31NAMECHEAP INCDNS1.REGISTRAR-SERVERS.COMWhoisGuard, Inc.
13tier_2trustedpush.com30NAMECHEAP INCNS-1142.AWSDNS-14.ORGWhoisGuard, Inc.
14tier_2win1.trustedpush.com28NAMECHEAP INCNS-1142.AWSDNS-14.ORGWhoisGuard, Inc.
15tier_2usd.hermes-vib.com27Amazon Registrar, Inc.NS-1049.AWSDNS-03.ORGWhois Privacy Service
16tier_2win2.trustedpush.com24NAMECHEAP INCNS-1142.AWSDNS-14.ORGWhoisGuard, Inc.
17tier_2win3.trustedpush.com20NAMECHEAP INCNS-1142.AWSDNS-14.ORGWhoisGuard, Inc.
18tier_2usa.hermes-vib.com20Amazon Registrar, Inc.NS-1049.AWSDNS-03.ORGWhois Privacy Service
19tier_2usa.mnason-hec.com17Amazon Registrar, Inc.NS-1205.AWSDNS-22.ORGWhois Privacy Service
20tier_3specializedmeed.club21NAMECHEAP INCelsa.ns.cloudflare.comWhoisGuard, Inc.
21tier_3modelcontrastive.club16NAMECHEAP INCelsa.ns.cloudflare.comWhoisGuard, Inc.
22tier_3win4.trustedpush.com11NameCheap, Inc.NS-1142.AWSDNS-14.ORGNone
23tier_3kbb.com8CSC CORPORATE DOMAINS, INC.PDNS164.ULTRADNS.BIZAutotrader.com
24tier_3win5.trustedpush.com5NAMECHEAP INCNS-1142.AWSDNS-14.ORGWhoisGuard, Inc.
25tier_3win2.trustedpush.com4NoneNoneNone
26tier_3win6.trustedpush.com4NoneNoneNone
27tier_3win3.trustedpush.com4NoneNoneNone
28tier_3win1.trustedpush.com2NAMECHEAP INCNS-1142.AWSDNS-14.ORGWhoisGuard, Inc.
29tier_3methodvariant.club2NameCheap, Inc.elsa.ns.cloudflare.comWhoisGuard, Inc.
ipcityregionpostalcountry_nametiercounthostname
0207.244.67.214ManassasVirginia20108United Statestier_114nan
1207.244.67.215ManassasVirginia20108United Statestier_113nan
2207.244.67.218ManassasVirginia20108United Statestier_113nan
3207.244.67.216ManassasVirginia20108United Statestier_18nan
437.48.65.149AmsterdamNorth Holland1012Netherlandstier_18nan
537.48.65.151AmsterdamNorth Holland1012Netherlandstier_15nan
637.48.65.150AmsterdamNorth Holland1012Netherlandstier_14nan
7185.107.56.58RotterdamSouth Holland3012Netherlandstier_13nan
837.48.65.148AmsterdamNorth Holland1012Netherlandstier_13nan
9185.107.56.57RotterdamSouth Holland3012Netherlandstier_12nan
1054.225.132.253Virginia BeachVirginia23471United Statestier_243ec2-54-225-132-253.compute-1.amazonaws.com
1134.199.107.160Virginia BeachVirginia23471United Statestier_239ec2-34-199-107-160.compute-1.amazonaws.com
1213.225.229.73Atlantic CityNew Jersey08404United Statestier_33server-13-225-229-73.jfk51.r.cloudfront.net
1352.205.210.89Virginia BeachVirginia23471United Statestier_234ec2-52-205-210-89.compute-1.amazonaws.com
1413.225.229.12Atlantic CityNew Jersey08404United Statestier_37server-13-225-229-12.jfk51.r.cloudfront.net
1534.199.180.187Virginia BeachVirginia23471United Statestier_231ec2-34-199-180-187.compute-1.amazonaws.com
1613.225.229.113Atlantic CityNew Jersey08404United Statestier_32server-13-225-229-113.jfk51.r.cloudfront.net
1713.225.229.61Atlantic CityNew Jersey08404United Statestier_31server-13-225-229-61.jfk51.r.cloudfront.net
1894.130.185.237NürnbergBavaria90402Germanytier_219static.237.185.130.94.clients.your-server.de
1994.130.186.231NürnbergBavaria90402Germanytier_217static.231.186.130.94.clients.your-server.de
20149.28.49.220New York CityNew York10004United Statestier_321149.28.49.220.vultr.com
21100.37.135.2New York CityNew York10004United Statestier_321pool-100-37-135-2.nycmny.fios.verizon.net
2245.32.198.135DallasTexas75270United Statestier_31445.32.198.135.vultr.com
2323.44.217.143NewarkNew Jersey07175United Statestier_38a23-44-217-143.deploy.static.akamaitechnologies.com
2413.225.229.12Atlantic CityNew Jersey08404United Statestier_37server-13-225-229-12.jfk51.r.cloudfront.net
2513.225.229.73Atlantic CityNew Jersey08404United Statestier_33server-13-225-229-73.jfk51.r.cloudfront.net
2613.225.229.113Atlantic CityNew Jersey08404United Statestier_32server-13-225-229-113.jfk51.r.cloudfront.net
27144.202.107.3Live OakCalifornia95953United Statestier_31144.202.107.3.vultr.com
2813.225.229.61Atlantic CityNew Jersey08404United Statestier_31server-13-225-229-61.jfk51.r.cloudfront.net
29208.91.196.145Road TownBritish Virgin IslandsnanBritish Virgin Islandstier_31nan

Have other ideas? / Want to subscribe to get threat intelligence report? / Contact

Zhouhan Chen, NYU Center for Data Science, zc1245@nyu.edu, Personal Website