Malware Discoverer Github Homepage.

Daily Threat Intelligence Report

This report contains following information

  1. Overall statistics
    1. Number of domains detected
    2. Number of domains detected by Google Safe Browsing
    3. IP address behind entry-level domains
    4. date of collection
  2. Top 10 domain statistics
    1. count (number of redirection paths that contain this domain)
    2. tier (1 is entry-level domain, 2 is intermediate hop, 3 is final landing domain)
    3. registar
    4. organization
  3. Top 10 IP statistics
    1. count
    2. location (city, country, region)
    3. hostname
    4. organization
  4. Consolidated redirection path
    1. green: tier one domain
    2. yellow: tier two domain
    3. red: tier three domain
num_domainnum_linksnum_full_urlnum_safebrowsing_maliciousnum_vt_maliciousdateipuser_agent
019819963901162021-03-0837.48.65.151Safari
tierdomaincountregistrarname_serversorg
0tier_1funnydognames.us1Dynadot LLCns1.commonmx.comNone
1tier_1justjesus.us1Dynadot LLCns1.commonmx.comNone
2tier_1comefly.us1Communigal Communication Ltdns2.commonmx.comNone
3tier_1detox-cleanse.us1Communigal Communication Ltdns2.commonmx.comNone
4tier_1massimo.us1Communigal Communication Ltdns2.commonmx.comNone
5tier_1drinkfinity.us1Communigal Communication Ltdns2.commonmx.comNone
6tier_1animefrost.us1GoDaddy.com, LLCns2.commonmx.comNone
7tier_1argames.us1Communigal Communication Ltdns2.commonmx.comNone
8tier_1idpllc.us1Dynadot LLCns2.commonmx.comNone
9tier_1berrylicio.us1Communigal Communication Ltdns2.commonmx.comNone
10tier_2dprtb.com531API GmbHNS1.DNSIMPLE.COMREDACTED FOR PRIVACY
11tier_2click.expmediadirect.com51NoneNoneNone
12tier_21496.wcitianka.com27GoDaddy Online Services Cayman Islands LTDNS-1096.AWSDNS-09.ORGNone
13tier_2americanlisted.com26ilait ABNS1.TELECOM3.NETIntegration 3 Group AB
14tier_2nicanor-the.com26Amazon Registrar, Inc.NS-1242.AWSDNS-27.ORGWhois Privacy Service
15tier_2click.appcast.io25101Domain GRS LtdNS-85.AWSDNS-10.COMNone
16tier_2build.mediapicker.com20GoDaddy.com, LLCRAQUEL.NS.CLOUDFLARE.COMDomains By Proxy, LLC
17tier_2rtbstream.com191API GmbHNS1.DNSIMPLE.COMRegistrant of rtbstream.com
18tier_2mega.affiliate-dash.com15NoneNoneNone
19tier_2xml.onwardclick.com11NoneNoneNone
20tier_3careerbuilder.com21CSC CORPORATE DOMAINS, INC.BROCK.CBJOBS.NETCareerBuilder, LLC
21tier_3managerformula.com19NoneNoneNone
22tier_3loadfree-bestheavilyfile.best15NoneNoneNone
23tier_3performcompletely-thelatestfile.best12NoneNoneNone
24tier_3lasatlantispromos.com10DYNADOT, LLCBELLA.NS.CLOUDFLARE.COMNone
25tier_3performlatest-thecompletelyfile.best8NAMECHEAP INCDNS1.REGISTRAR-SERVERS.COMWhoisGuard, Inc.
26tier_3encontextmedia.com5NoneNoneNone
27tier_3encontext.com5NAMECHEAP INCNS1.ENCONTEXT.COMWhoisGuard, Inc.
28tier_3lqdecmbggalniygopgyjqujhgpvhugojtajvgejyvnksqsdtt.s3.amazonaws.com3MarkMonitor, Inc.R1.AMAZONAWS.COMAmazon.com, Inc.
29tier_3thecryptomoney.info3GoDaddy.com, LLCMOLLY.NS.CLOUDFLARE.COMNone
ipcityregionorgpostalcountry_nametiercounthostnameanycast
0207.244.67.218ManassasVirginiaAS30633 Leaseweb USA, Inc.20108United Statestier_123nannan
1207.244.67.216ManassasVirginiaAS30633 Leaseweb USA, Inc.20108United Statestier_120nannan
2207.244.67.214ManassasVirginiaAS30633 Leaseweb USA, Inc.20108United Statestier_118nannan
3207.244.67.215ManassasVirginiaAS30633 Leaseweb USA, Inc.20108United Statestier_117nannan
482.192.82.228AmsterdamNorth HollandAS60781 LeaseWeb Netherlands B.V.1012Netherlandstier_15nannan
563.143.32.91DallasTexasAS46475 Limestone Networks, Inc.75270United Statestier_1491-32-143-63.static.reverse.lstn.netnan
637.48.65.148SoestUtrechtAS60781 LeaseWeb Netherlands B.V.3765Netherlandstier_14nannan
763.143.32.87DallasTexasAS46475 Limestone Networks, Inc.75270United Statestier_1387-32-143-63.static.reverse.lstn.netnan
863.143.32.93DallasTexasAS46475 Limestone Networks, Inc.75270United Statestier_1393-32-143-63.static.reverse.lstn.netnan
9185.107.56.199RotterdamSouth HollandAS43350 NForce Entertainment B.V.3012Netherlandstier_12nannan
10209.15.13.136TorontoOntarioAS13768 Aptum TechnologiesM5NCanadatier_277nannan
11198.134.116.30New York CityNew YorkAS27257 Webair Internet Development Company Inc.10013United Statestier_251nannan
12198.54.112.216San JoseCaliforniaAS22612 Namecheap, Inc.95103United Statestier_227nannan
13100.37.135.2New York CityNew YorkAS701 MCI Communications Services, Inc. d/b/a Verizon Business10004United Statestier_226pool-100-37-135-2.nycmny.fios.verizon.netnan
1435.209.61.240Council BluffsIowaAS15169 Google LLC51502United Statestier_226240.61.209.35.bc.googleusercontent.comnan
15173.239.53.32New York CityNew YorkAS27257 Webair Internet Development Company Inc.10013United Statestier_222nannan
1618.210.49.168Virginia BeachVirginiaAS14618 Amazon.com, Inc.23458United Statestier_220ec2-18-210-49-168.compute-1.amazonaws.comnan
1752.207.48.224Virginia BeachVirginiaAS14618 Amazon.com, Inc.23458United Statestier_215ec2-52-207-48-224.compute-1.amazonaws.comnan
1834.200.146.95Virginia BeachVirginiaAS14618 Amazon.com, Inc.23458United Statestier_214ec2-34-200-146-95.compute-1.amazonaws.comnan
1954.84.27.165Virginia BeachVirginiaAS14618 Amazon.com, Inc.23458United Statestier_214ec2-54-84-27-165.compute-1.amazonaws.comnan
2054.210.35.174AshburnVirginiaAS14618 Amazon.com, Inc.20149United Statestier_320ec2-54-210-35-174.compute-1.amazonaws.comnan
2152.20.53.118Virginia BeachVirginiaAS14618 Amazon.com, Inc.23458United Statestier_315ec2-52-20-53-118.compute-1.amazonaws.comnan
22172.67.131.144San FranciscoCaliforniaAS13335 Cloudflare, Inc.94107United Statestier_36nanTrue
2364.91.232.212LansingMichiganAS32244 Liquid Web, L.L.C48901United Statestier_35host.encontext.comnan
2464.91.232.215LansingMichiganAS32244 Liquid Web, L.L.C48901United Statestier_35host.encontext.comnan
25104.21.4.23San FranciscoCaliforniaAS13335 Cloudflare, Inc.94107United Statestier_34nanTrue
2613.225.229.46New York CityNew YorkAS16509 Amazon.com, Inc.10004United Statestier_33server-13-225-229-46.jfk51.r.cloudfront.netnan
2752.85.132.97AshburnVirginiaAS16509 Amazon.com, Inc.20149United Statestier_33server-52-85-132-97.iad50.r.cloudfront.netnan
28104.21.42.202San FranciscoCaliforniaAS13335 Cloudflare, Inc.94107United Statestier_33nanTrue
2952.85.132.18AshburnVirginiaAS16509 Amazon.com, Inc.20149United Statestier_33server-52-85-132-18.iad50.r.cloudfront.netnan

Aggregated redirection graph of domains located on current IP address.

  • The redirection flows from left to right
  • Leftmost domains are initial domains hosted on current IP
  • Rightmost domains are final landing domains we were able to crawl

Screenshot of high-occurrence final landing domains

Have other ideas? / Want to subscribe to get threat intelligence report? / Contact

Zhouhan Chen, NYU Center for Data Science, zc1245@nyu.edu, Personal Website