Malware Discoverer Github Homepage.

Daily Threat Intelligence Report

This report contains following information

  1. Overall statistics
    1. Number of domains detected
    2. Number of domains detected by Google Safe Browsing
    3. IP address behind entry-level domains
    4. date of collection
  2. Top 10 domain statistics
    1. count (number of redirection paths that contain this domain)
    2. tier (1 is entry-level domain, 2 is intermediate hop, 3 is final landing domain)
    3. registar
    4. organization
  3. Top 10 IP statistics
    1. count
    2. location (city, country, region)
    3. hostname
    4. organization
  4. Consolidated redirection path
    1. green: tier one domain
    2. yellow: tier two domain
    3. red: tier three domain
num_domainnum_linksnum_full_urlnum_safebrowsing_maliciousnum_vt_maliciousdateipuser_agent
01931976230502021-02-0164.32.8.70Chrome
tierdomaincountregistrarname_serversorg
0tier_1brasilonline.tv1Sterling Domains LLCNS1.DNSNUTS.COMNone
1tier_1assistafilmes.net1Active Market Domains LLCNS1.DNSNUTS.COMNone
2tier_19ref.com1Lionshare Domains, LLCNS1.DNSNUTS.COMThe Management Group II
3tier_19novels.net1! #1 Host Japan, Inc.NS1.DNSNUTS.COMThe Management Group II
4tier_1aharonic.net1Gradeadomainnames.com LLCNS1.DNSNUTS.COMNone
5tier_1alhasanah.net1Deep Dive Domains, LLCNS1.DNSNUTS.COMNone
6tier_1alchemicalpsychology.com1enom1033, Inc.NS1.DNSNUTS.COMNone
7tier_1deresute-japan.com1eNom423, IncorporatedNS1.DNSNUTS.COMThe Management Group II
8tier_1asb-sakray.net1Domain Name Root, LLCNS1.DNSNUTS.COMNone
9tier_1digitaldartsco.com1eNomEU, Inc.NS1.DNSNUTS.COMNone
10tier_2alfik-fik.com72Amazon Registrar, Inc.NS-1264.AWSDNS-30.ORGWhois Privacy Service
11tier_2track.vcdc.com63Key-Systems GmbHGUY.NS.CLOUDFLARE.COMc/o whoisproxy.com
12tier_2dsp2.adtelligent.com40DANESCO TRADING LTDNS.ANYCASTNS1.ORGVertamedia,LLC
13tier_2search-checker.com40Name.com, Inc.BETH.NS.CLOUDFLARE.COMDomain Protection Services, Inc.
14tier_2find.storageservice-miror-files.com40GoDaddy.com, LLCDNS1.P09.NSONE.NETClientConnect LTD
15tier_2abc3.feed-xml.com18DANESCO TRADING LTDNS.ANYCASTNS1.ORGDANESCO TRADING LTD.
16tier_2abc12.feed-xml.com15DANESCO TRADING LTDNS.ANYCASTNS1.ORGDANESCO TRADING LTD.
17tier_2dprtb.com131API GmbHNS1.DNSIMPLE.COMREDACTED FOR PRIVACY
18tier_2bradamante-per.com9Amazon Registrar, Inc.NS-1026.AWSDNS-00.ORGWhois Privacy Service
19tier_2apinew.fpvideoplayer.com6NAMECHEAP INCNS-1200.AWSDNS-22.ORGWhoisGuard, Inc.
20tier_3bing.com40MarkMonitor, Inc.DNS1.P09.NSONE.NETMicrosoft Corporation
21tier_3irl.com25GoDaddy.com, LLCNS-106.AWSDNS-13.COMDomains By Proxy, LLC
22tier_3searchfrequently.com4GoDaddy.com, LLCNEIL.NS.CLOUDFLARE.COMDomains By Proxy, LLC
23tier_3storeheavily-thequickfile.best3NAMECHEAP INCDNS1.REGISTRAR-SERVERS.COMWhoisGuard, Inc.
24tier_3storeswift-theheavilyfile.best2NAMECHEAP INCDNS1.REGISTRAR-SERVERS.COMWhoisGuard, Inc.
25tier_3kakxfhizhsksctknwlwifjqapnovyf.s3.amazonaws.com2MarkMonitor, Inc.R1.AMAZONAWS.COMAmazon.com, Inc.
26tier_3search-trends.co2GoDaddy.com, LLCns2.giowm1237.siteground.bizDomains By Proxy, LLC
27tier_3wratzurijhgmseqjvihwkwccjoprxb.s3.amazonaws.com2NoneNoneNone
28tier_3ww1.survey-smiles.com2Internet Domain Service BS Corp.NS1.WOMBATDNS.COMWhois Privacy Corp.
29tier_3il.betrivers.com1GoDaddy.com, LLCERIN.NS.CLOUDFLARE.COMRivers IP Holdings, LLC
iphostnamecityregionorgpostalcountry_nametiercountanycast
064.32.8.70customer.sharktech.netLos AngelesCaliforniaAS46844 Sharktech90009United Statestier_118nan
164.32.8.68customer.sharktech.netLos AngelesCaliforniaAS46844 Sharktech90009United Statestier_117nan
2185.107.56.60nanAmsterdamNorth HollandAS43350 NForce Entertainment B.V.1012Netherlandstier_115nan
364.32.8.69customer.sharktech.netLos AngelesCaliforniaAS46844 Sharktech90009United Statestier_114nan
464.32.8.67customer.sharktech.netLos AngelesCaliforniaAS46844 Sharktech90009United Statestier_111nan
5185.107.56.57nanAmsterdamNorth HollandAS43350 NForce Entertainment B.V.1012Netherlandstier_19nan
6185.107.56.58nanAmsterdamNorth HollandAS43350 NForce Entertainment B.V.1012Netherlandstier_19nan
7185.107.56.59nanAmsterdamNorth HollandAS43350 NForce Entertainment B.V.1012Netherlandstier_18nan
8167.233.8.197static.197.8.233.167.clients.your-server.deNürnbergBavariaAS24940 Hetzner Online GmbH90402Germanytier_263nan
954.84.27.165ec2-54-84-27-165.compute-1.amazonaws.comVirginia BeachVirginiaAS14618 Amazon.com, Inc.23479United Statestier_241nan
1034.200.146.95ec2-34-200-146-95.compute-1.amazonaws.comVirginia BeachVirginiaAS14618 Amazon.com, Inc.23479United Statestier_240nan
11185.239.174.10nanLondonEnglandAS55081 24 SHELLSEC1AUnited Kingdomtier_240nan
12104.21.90.227nanSan FranciscoCaliforniaAS13335 Cloudflare, Inc.94107United Statestier_234True
13209.15.13.136nanTorontoOntarioAS13768 Aptum TechnologiesM5NCanadatier_222nan
14192.119.9.82nanNew York CityNew YorkAS55081 24 SHELLS10004United Statestier_218nan
1523.227.131.132nanNewarkNew JerseyAS55081 24 SHELLS07175United Statestier_215nan
1613.225.214.109server-13-225-214-109.ewr50.r.cloudfront.netNewarkNew JerseyAS16509 Amazon.com, Inc.07175United Statestier_212nan
17100.37.135.2pool-100-37-135-2.nycmny.fios.verizon.netNew York CityNew YorkAS701 MCI Communications Services, Inc. d/b/a Verizon Business10004United Statestier_33nan
18131.253.33.200a-0001.dc-msedge.netRedmondWashingtonAS8068 Microsoft Corporation98052United Statestier_316True
19204.79.197.200a-0001.a-msedge.netRedmondWashingtonAS8068 Microsoft Corporation98052United Statestier_313True
2013.107.21.200nanRedmondWashingtonAS8068 Microsoft Corporation98052United Statestier_36True
213.226.188.121ec2-3-226-188-121.compute-1.amazonaws.comVirginia BeachVirginiaAS14618 Amazon.com, Inc.23479United Statestier_35nan
2213.107.22.200nanRedmondWashingtonAS8068 Microsoft Corporation98052United Statestier_35True
2313.56.125.91ec2-13-56-125-91.us-west-1.compute.amazonaws.comLos AngelesCaliforniaAS16509 Amazon.com, Inc.90084United Statestier_34nan
24104.248.63.248nanNorth BergenNew JerseyAS14061 DigitalOcean, LLC07047United Statestier_33nan
25100.37.135.2pool-100-37-135-2.nycmny.fios.verizon.netNew York CityNew YorkAS701 MCI Communications Services, Inc. d/b/a Verizon Business10004United Statestier_33nan
2613.57.64.34ec2-13-57-64-34.us-west-1.compute.amazonaws.comLos AngelesCaliforniaAS16509 Amazon.com, Inc.90084United Statestier_33nan
27104.248.63.231nanNorth BergenNew JerseyAS14061 DigitalOcean, LLC07047United Statestier_33nan

Aggregated redirection graph of domains located on current IP address.

  • The redirection flows from left to right
  • Leftmost domains are initial domains hosted on current IP
  • Rightmost domains are final landing domains we were able to crawl

Screenshot of high-occurrence final landing domains

Have other ideas? / Want to subscribe to get threat intelligence report? / Contact

Zhouhan Chen, NYU Center for Data Science, zc1245@nyu.edu, Personal Website