Malware Discoverer Github Homepage.

Daily Threat Intelligence Report

This report contains following information

1. Overall statistics
   1. Number of domains detected
   2. Number of domains detected by Google Safe Browsing
   3. IP address behind entry-level domains
   4. date of collection
2. Top 10 domain statistics
   1. count (number of redirection paths that contain this domain)
   2. tier (1 is entry-level domain, 2 is intermediate hop, 3 is final landing domain)
   3. registar
   4. organization
3. Top 10 IP statistics
   1. count
   2. location (city, country, region)
   3. hostname
   4. organization
4. Consolidated redirection path
   1. green: tier one domain
   2. yellow: tier two domain
   3. red: tier three domain

	num_domain	num_links	num_full_url	num_safebrowsing_malicious	num_vt_malicious	date	ip	user_agent
0	174	183	631	0	122	2021-03-07	64.32.8.70	Safari

	tier	domain	count	registrar	name_servers	org
0	tier_1	ggulbam27.com	1	SNAPNAMES 32, LLC	NS1.DNSNUTS.COM	None
1	tier_1	economictims.com	1	Domain Landing Zone LLC	NS1.DNSNUTS.COM	None
2	tier_1	clipxplore.com	1	SouthNames, LLC	NS1.DNSNUTS.COM	None
3	tier_1	face2facethemagazine.com	1	Domaininthehole.com LLC	NS1.DNSNUTS.COM	None
4	tier_1	chastnoevideo.net	1	SNAPNAMES 90, LLC	NS1.DNSNUTS.COM	None
5	tier_1	akeremuna2018.com	1	Domain Secure LLC	NS1.DNSNUTS.COM	None
6	tier_1	civgames.com	1	Domainsinthebag.com LLC	NS1.DNSNUTS.COM	None
7	tier_1	bagustekno.net	1	Zone of Domains LLC	NS1.DNSNUTS.COM	None
8	tier_1	aiss.cc	1	Top Shelf Domains LLC	NS1.DNSNUTS.COM	None
9	tier_1	cloudfilezz.com	1	Lionshare Domains, LLC	NS1.DNSNUTS.COM	None
10	tier_2	click.expmediadirect.com	59	NAMECHEAP INC	NS1.LINODE.COM	WhoisGuard, Inc.
11	tier_2	rqhere2.com	39	NAMECHEAP INC	JEROME.NS.CLOUDFLARE.COM	WhoisGuard, Inc.
12	tier_2	dprtb.com	35	1API GmbH	NS1.DNSIMPLE.COM	REDACTED FOR PRIVACY
13	tier_2	1496.wcitianka.com	33	None	None	None
14	tier_2	americanlisted.com	31	ilait AB	NS1.TELECOM3.NET	Integration 3 Group AB
15	tier_2	track.vcdc.com	26	Key-Systems GmbH	GUY.NS.CLOUDFLARE.COM	c/o whoisproxy.com
16	tier_2	clk.rtpdn12.com	22	NAMECHEAP INC	DNS1.REGISTRAR-SERVERS.COM	WhoisGuard, Inc.
17	tier_2	rd.leewardjobs.com	18	GoDaddy.com, LLC	NS-1391.AWSDNS-45.ORG	Domains By Proxy, LLC
18	tier_2	open.app.jobrapido.com	17	Marcaria.com International, Inc.	NS-CLOUD-D1.GOOGLEDOMAINS.COM	GDPR Masked
19	tier_2	us.jobrapido.com	17	Marcaria.com International, Inc.	NS-CLOUD-D1.GOOGLEDOMAINS.COM	GDPR Masked
20	tier_3	healthemerge.info	22	GoDaddy.com, LLC	MOLLY.NS.CLOUDFLARE.COM	None
21	tier_3	medicomatic.info	18	GoDaddy.com, LLC	MOLLY.NS.CLOUDFLARE.COM	None
22	tier_3	thecryptomoney.info	18	GoDaddy.com, LLC	MOLLY.NS.CLOUDFLARE.COM	None
23	tier_3	fitnessdial.club	17	GoDaddy.com, LLC	molly.ns.cloudflare.com	None
24	tier_3	click.appcast.io	8	101Domain GRS Ltd	NS-85.AWSDNS-10.COM	None
25	tier_3	open.app.jobrapido.com_LOOP_1	6	None	None	None
26	tier_3	uber.com	5	MarkMonitor, Inc.	EDNS126.ULTRADNS.BIZ	Uber Technologies, Inc.
27	tier_3	neuvoo.com	4	None	None	None
28	tier_3	performcompletely-thelatestfile.best	4	NAMECHEAP INC	DNS1.REGISTRAR-SERVERS.COM	WhoisGuard, Inc.
29	tier_3	performlatest-thecompletelyfile.best	3	NAMECHEAP INC	DNS1.REGISTRAR-SERVERS.COM	WhoisGuard, Inc.

	ip	hostname	city	region	org	postal	country_name	tier	count	anycast
0	64.32.8.70	customer.sharktech.net	Los Angeles	California	AS46844 Sharktech	90009	United States	tier_1	19	nan
1	64.32.8.68	customer.sharktech.net	Los Angeles	California	AS46844 Sharktech	90009	United States	tier_1	18	nan
2	185.107.56.60	nan	Rotterdam	South Holland	AS43350 NForce Entertainment B.V.	3012	Netherlands	tier_1	17	nan
3	64.32.8.69	customer.sharktech.net	Los Angeles	California	AS46844 Sharktech	90009	United States	tier_1	16	nan
4	64.32.8.67	customer.sharktech.net	Los Angeles	California	AS46844 Sharktech	90009	United States	tier_1	15	nan
5	185.107.56.57	nan	Rotterdam	South Holland	AS43350 NForce Entertainment B.V.	3012	Netherlands	tier_1	15	nan
6	185.107.56.58	nan	Rotterdam	South Holland	AS43350 NForce Entertainment B.V.	3012	Netherlands	tier_1	12	nan
7	185.107.56.59	nan	Rotterdam	South Holland	AS43350 NForce Entertainment B.V.	3012	Netherlands	tier_1	12	nan
8	198.134.116.30	nan	New York City	New York	AS27257 Webair Internet Development Company Inc.	10013	United States	tier_2	59	nan
9	209.15.13.136	nan	Toronto	Ontario	AS13768 Aptum Technologies	M5N	Canada	tier_2	46	nan
10	167.99.3.175	nan	North Bergen	New Jersey	AS14061 DigitalOcean, LLC	07047	United States	tier_2	39	nan
11	198.54.112.216	nan	San Jose	California	AS22612 Namecheap, Inc.	95103	United States	tier_2	33	nan
12	35.209.61.240	240.61.209.35.bc.googleusercontent.com	Council Bluffs	Iowa	AS15169 Google LLC	51502	United States	tier_2	31	nan
13	167.233.8.197	static.197.8.233.167.clients.your-server.de	Nürnberg	Bavaria	AS24940 Hetzner Online GmbH	90402	Germany	tier_2	26	nan
14	173.239.53.32	nan	New York City	New York	AS27257 Webair Internet Development Company Inc.	10013	United States	tier_2	24	nan
15	178.33.228.114	ns3021656.ip-178-33-228.eu	Roubaix	Hauts-de-France	AS16276 OVH SAS	59051 CEDEX 1	France	tier_2	17	nan
16	100.37.135.2	pool-100-37-135-2.nycmny.fios.verizon.net	New York City	New York	AS701 MCI Communications Services, Inc. d/b/a Verizon Business	10004	United States	tier_3	18	nan
17	3.226.165.125	ec2-3-226-165-125.compute-1.amazonaws.com	Virginia Beach	Virginia	AS14618 Amazon.com, Inc.	23458	United States	tier_2	9	nan
18	100.37.135.2	pool-100-37-135-2.nycmny.fios.verizon.net	New York City	New York	AS701 MCI Communications Services, Inc. d/b/a Verizon Business	10004	United States	tier_3	18	nan
19	172.67.221.83	nan	San Francisco	California	AS13335 Cloudflare, Inc.	94107	United States	tier_3	14	True
20	172.67.134.123	nan	San Francisco	California	AS13335 Cloudflare, Inc.	94107	United States	tier_3	11	True
21	172.67.167.220	nan	San Francisco	California	AS13335 Cloudflare, Inc.	94107	United States	tier_3	11	True
22	104.21.25.189	nan	San Francisco	California	AS13335 Cloudflare, Inc.	94107	United States	tier_3	11	True
23	172.67.210.14	nan	San Francisco	California	AS13335 Cloudflare, Inc.	94107	United States	tier_3	10	True
24	104.21.42.202	nan	San Francisco	California	AS13335 Cloudflare, Inc.	94107	United States	tier_3	8	True
25	104.21.34.37	nan	San Francisco	California	AS13335 Cloudflare, Inc.	94107	United States	tier_3	7	True
26	54.210.35.174	ec2-54-210-35-174.compute-1.amazonaws.com	Ashburn	Virginia	AS14618 Amazon.com, Inc.	20149	United States	tier_3	7	nan
27	104.36.195.150	nan	Washington	Washington, D.C.	AS63086 Uber Technologies, Inc	20045	United States	tier_3	4	nan

Aggregated redirection graph of domains located on current IP address.

• The redirection flows from left to right
• Leftmost domains are initial domains hosted on current IP
• Rightmost domains are final landing domains we were able to crawl

Screenshot of high-occurrence final landing domains

Have other ideas? / Want to subscribe to get threat intelligence report? / Contact

Zhouhan Chen, NYU Center for Data Science, zc1245@nyu.edu, Personal Website