Sun Jan 15 13:04:12 CET 2017 Automatic Analysis of the domains in this capture. Results maybe be wrong. Using https://github.com/staaldraad/fastfluxanalysis FastFlux Analysis Version: 1.0 (2013) ################################ a4.bing.com Qname |TTL |A Records |Ranges |ASNs |Countries |Nameservers | a4.bing.com. | 3438| 1| 1| 1| 1| 0| ---- Fast-Flux Scores ---- Modified Thorsten/Holz: Score (-30) Classified (Clean) Modified Jaroslaw/Patrycja: Score (6) Classified (Clean) Rule Based: Clean ---- Geolocation ---- ---- URL Analysis ---- Domain: a4.bing.com. Entropy analysis (UNIGRAM): Benign Entropy analysis (BIGRAM): DGA Probability analysis (UNIGRAM): Benign Probability analysis (BIGRAM): Benign Total Variation analysis (UNIGRAM): DGA Total Variation analysis (BIGRAM): DGA Naive-Bayesian analysis (UNIGRAM): Benign Naive-Bayesian analysis (BIGRAM): Benign Bayesian analysis (UNIGRAM): Benign Bayesian analysis (BIGRAM): Benign -- ################################ accounts.google.com Qname |TTL |A Records |Ranges |ASNs |Countries |Nameservers | accounts.google.com. | 299| 1| 1| 1| 1| 0| ---- Fast-Flux Scores ---- Modified Thorsten/Holz: Score (-25) Classified (Clean) Modified Jaroslaw/Patrycja: Score (7) Classified (Clean) Rule Based: Clean ---- Geolocation ---- ---- Moran's Index ---- Timezones: Score (0) Classified (Clean) UTM: Score (0) Classified (Clean) MGRS: Score (0) Classified (Clean) Combined: Score (0) ---- Geary's Coefficient ---- Timezones: Score (0) Classified (Clean) UTM: Score (0) Classified (Clean) MGRS: Score (0) Classified (Clean) Combined: Score(0) ---- URL Analysis ---- Domain: accounts.google.com. Entropy analysis (UNIGRAM): Benign Entropy analysis (BIGRAM): Benign Probability analysis (UNIGRAM): Benign Probability analysis (BIGRAM): Benign Total Variation analysis (UNIGRAM): Benign Total Variation analysis (BIGRAM): Benign Naive-Bayesian analysis (UNIGRAM): Benign Naive-Bayesian analysis (BIGRAM): Benign Bayesian analysis (UNIGRAM): Benign Bayesian analysis (BIGRAM): Benign -- ################################ accounts.youtube.com Qname |TTL |A Records |Ranges |ASNs |Countries |Nameservers | accounts.youtube.com. | 3599| 1| 1| 1| 1| 0| ---- Fast-Flux Scores ---- Modified Thorsten/Holz: Score (-30) Classified (Clean) Modified Jaroslaw/Patrycja: Score (6) Classified (Clean) Rule Based: Clean ---- Geolocation ---- ---- URL Analysis ---- Domain: accounts.youtube.com. Entropy analysis (UNIGRAM): Benign Entropy analysis (BIGRAM): Benign Probability analysis (UNIGRAM): Benign Probability analysis (BIGRAM): Benign Total Variation analysis (UNIGRAM): Benign Total Variation analysis (BIGRAM): Benign Naive-Bayesian analysis (UNIGRAM): Benign Naive-Bayesian analysis (BIGRAM): Benign Bayesian analysis (UNIGRAM): Benign Bayesian analysis (BIGRAM): Benign -- ################################ api.bing.com Qname |TTL |A Records |Ranges |ASNs |Countries |Nameservers | api.bing.com. | 1889| 1| 1| 1| 1| 0| ---- Fast-Flux Scores ---- Modified Thorsten/Holz: Score (-30) Classified (Clean) Modified Jaroslaw/Patrycja: Score (6) Classified (Clean) Rule Based: Clean ---- Geolocation ---- ---- URL Analysis ---- Domain: api.bing.com. Entropy analysis (UNIGRAM): Benign Entropy analysis (BIGRAM): Benign Probability analysis (UNIGRAM): Benign Probability analysis (BIGRAM): Benign Total Variation analysis (UNIGRAM): DGA Total Variation analysis (BIGRAM): DGA Naive-Bayesian analysis (UNIGRAM): Benign Naive-Bayesian analysis (BIGRAM): Benign Bayesian analysis (UNIGRAM): Benign Bayesian analysis (BIGRAM): Benign -- ################################ clients1.google.cz Qname |TTL |A Records |Ranges |ASNs |Countries |Nameservers | clients1.google.cz. | 7199| 1| 1| 1| 1| 0| ---- Fast-Flux Scores ---- Modified Thorsten/Holz: Score (-30) Classified (Clean) Modified Jaroslaw/Patrycja: Score (6) Classified (Clean) Rule Based: Clean ---- Geolocation ---- ---- URL Analysis ---- Domain: clients1.google.cz. Entropy analysis (UNIGRAM): Benign Entropy analysis (BIGRAM): Benign Probability analysis (UNIGRAM): Benign Probability analysis (BIGRAM): Benign Total Variation analysis (UNIGRAM): Benign Total Variation analysis (BIGRAM): Benign Naive-Bayesian analysis (UNIGRAM): Benign Naive-Bayesian analysis (BIGRAM): Benign Bayesian analysis (UNIGRAM): Benign Bayesian analysis (BIGRAM): Benign -- ################################ count ################################ dns.msftncsi.com Qname |TTL |A Records |Ranges |ASNs |Countries |Nameservers | dns.msftncsi.com. | 16| 1| 1| 1| 1| 0| ---- Fast-Flux Scores ---- Modified Thorsten/Holz: Score (-25) Classified (Clean) Modified Jaroslaw/Patrycja: Score (7) Classified (Clean) Rule Based: Clean ---- Geolocation ---- ---- Moran's Index ---- Timezones: Score (0) Classified (Clean) UTM: Score (0) Classified (Clean) MGRS: Score (0) Classified (Clean) Combined: Score (0) ---- Geary's Coefficient ---- Timezones: Score (0) Classified (Clean) UTM: Score (0) Classified (Clean) MGRS: Score (0) Classified (Clean) Combined: Score(0) ---- URL Analysis ---- Domain: dns.msftncsi.com. Entropy analysis (UNIGRAM): Benign Entropy analysis (BIGRAM): Benign Probability analysis (UNIGRAM): Benign Probability analysis (BIGRAM): Benign Total Variation analysis (UNIGRAM): DGA Total Variation analysis (BIGRAM): DGA Naive-Bayesian analysis (UNIGRAM): Benign Naive-Bayesian analysis (BIGRAM): Benign Bayesian analysis (UNIGRAM): Benign Bayesian analysis (BIGRAM): DGA -- ################################ fonts.gstatic.com Qname |TTL |A Records |Ranges |ASNs |Countries |Nameservers | fonts.gstatic.com. | 298| 1| 1| 1| 1| 0| ---- Fast-Flux Scores ---- Modified Thorsten/Holz: Score (-25) Classified (Clean) Modified Jaroslaw/Patrycja: Score (7) Classified (Clean) Rule Based: Clean ---- Geolocation ---- ---- URL Analysis ---- Domain: fonts.gstatic.com. Entropy analysis (UNIGRAM): Benign Entropy analysis (BIGRAM): Benign Probability analysis (UNIGRAM): Benign Probability analysis (BIGRAM): Benign Total Variation analysis (UNIGRAM): DGA Total Variation analysis (BIGRAM): Benign Naive-Bayesian analysis (UNIGRAM): Benign Naive-Bayesian analysis (BIGRAM): Benign Bayesian analysis (UNIGRAM): Benign Bayesian analysis (BIGRAM): Benign -- ################################ img.youtube.com Qname |TTL |A Records |Ranges |ASNs |Countries |Nameservers | img.youtube.com. | 3599| 1| 1| 1| 1| 0| ---- Fast-Flux Scores ---- Modified Thorsten/Holz: Score (-30) Classified (Clean) Modified Jaroslaw/Patrycja: Score (6) Classified (Clean) Rule Based: Clean ---- Geolocation ---- ---- URL Analysis ---- Domain: img.youtube.com. Entropy analysis (UNIGRAM): Benign Entropy analysis (BIGRAM): Benign Probability analysis (UNIGRAM): Benign Probability analysis (BIGRAM): DGA Total Variation analysis (UNIGRAM): DGA Total Variation analysis (BIGRAM): DGA Naive-Bayesian analysis (UNIGRAM): Benign Naive-Bayesian analysis (BIGRAM): Benign Bayesian analysis (UNIGRAM): DGA Bayesian analysis (BIGRAM): DGA -- ################################ login.live.com Qname |TTL |A Records |Ranges |ASNs |Countries |Nameservers | login.live.com. | 766| 1| 1| 1| 1| 0| ---- Fast-Flux Scores ---- Modified Thorsten/Holz: Score (-30) Classified (Clean) Modified Jaroslaw/Patrycja: Score (6) Classified (Clean) Rule Based: Clean ---- Geolocation ---- ---- URL Analysis ---- Domain: login.live.com. Entropy analysis (UNIGRAM): Benign Entropy analysis (BIGRAM): Benign Probability analysis (UNIGRAM): Benign Probability analysis (BIGRAM): Benign Total Variation analysis (UNIGRAM): DGA Total Variation analysis (BIGRAM): Benign Naive-Bayesian analysis (UNIGRAM): Benign Naive-Bayesian analysis (BIGRAM): Benign Bayesian analysis (UNIGRAM): Benign Bayesian analysis (BIGRAM): Benign -- ################################ mail.bing.com Qname |TTL |A Records |Ranges |ASNs |Countries |Nameservers | mail.bing.com. | 3599| 1| 1| 1| 1| 0| ---- Fast-Flux Scores ---- Modified Thorsten/Holz: Score (-30) Classified (Clean) Modified Jaroslaw/Patrycja: Score (6) Classified (Clean) Rule Based: Clean ---- Geolocation ---- ---- URL Analysis ---- Domain: mail.bing.com. Entropy analysis (UNIGRAM): Benign Entropy analysis (BIGRAM): Benign Probability analysis (UNIGRAM): Benign Probability analysis (BIGRAM): Benign Total Variation analysis (UNIGRAM): DGA Total Variation analysis (BIGRAM): Benign Naive-Bayesian analysis (UNIGRAM): Benign Naive-Bayesian analysis (BIGRAM): Benign Bayesian analysis (UNIGRAM): Benign Bayesian analysis (BIGRAM): Benign -- ################################ mail.google.com Qname |TTL |A Records |Ranges |ASNs |Countries |Nameservers | mail.google.com. | 86399| 1| 1| 1| 1| 0| ---- Fast-Flux Scores ---- Modified Thorsten/Holz: Score (-30) Classified (Clean) Modified Jaroslaw/Patrycja: Score (6) Classified (Clean) Rule Based: Clean ---- Geolocation ---- ---- URL Analysis ---- Domain: mail.google.com. Entropy analysis (UNIGRAM): Benign Entropy analysis (BIGRAM): Benign Probability analysis (UNIGRAM): Benign Probability analysis (BIGRAM): Benign Total Variation analysis (UNIGRAM): DGA Total Variation analysis (BIGRAM): Benign Naive-Bayesian analysis (UNIGRAM): Benign Naive-Bayesian analysis (BIGRAM): Benign Bayesian analysis (UNIGRAM): Benign Bayesian analysis (BIGRAM): Benign -- ################################ mail.yahoo.com Qname |TTL |A Records |Ranges |ASNs |Countries |Nameservers | mail.yahoo.com. | 21559| 1| 1| 1| 1| 0| ---- Fast-Flux Scores ---- Modified Thorsten/Holz: Score (-30) Classified (Clean) Modified Jaroslaw/Patrycja: Score (6) Classified (Clean) Rule Based: Clean ---- Geolocation ---- ---- URL Analysis ---- Domain: mail.yahoo.com. Entropy analysis (UNIGRAM): Benign Entropy analysis (BIGRAM): Benign Probability analysis (UNIGRAM): Benign Probability analysis (BIGRAM): Benign Total Variation analysis (UNIGRAM): DGA Total Variation analysis (BIGRAM): Benign Naive-Bayesian analysis (UNIGRAM): Benign Naive-Bayesian analysis (BIGRAM): Benign Bayesian analysis (UNIGRAM): Benign Bayesian analysis (BIGRAM): Benign -- ################################ outlook.com Qname |TTL |A Records |Ranges |ASNs |Countries |Nameservers | outlook.com. | 214| 10| 9| 1| 1| 0| ---- Fast-Flux Scores ---- Modified Thorsten/Holz: Score (-13) Classified (Clean) Modified Jaroslaw/Patrycja: Score (28) Classified (Fast-Flux) Rule Based: Fast-Flux ---- Geolocation ---- ---- Moran's Index ---- Timezones: Score (-0.15959403156) Classified (Fast-Flux) UTM: Score (-0.410334974724) Classified (Fast-Flux) MGRS: Score (-0.234856968757) Classified (Fast-Flux) Combined: Score (-0.0153800813441) ---- Geary's Coefficient ---- Timezones: Score (1.27880458623) Classified (Fast-Flux) UTM: Score (1.22031806351) Classified (Fast-Flux) MGRS: Score (1.26124982202) Classified (Fast-Flux) Combined: Score(1.96824131137) ---- URL Analysis ---- Domain: outlook.com. Entropy analysis (UNIGRAM): Benign Entropy analysis (BIGRAM): Benign Probability analysis (UNIGRAM): Benign Probability analysis (BIGRAM): Benign Total Variation analysis (UNIGRAM): Benign Total Variation analysis (BIGRAM): Benign Naive-Bayesian analysis (UNIGRAM): Benign Naive-Bayesian analysis (BIGRAM): Benign Bayesian analysis (UNIGRAM): Benign Bayesian analysis (BIGRAM): Benign -- ################################ ssl.bing.com Qname |TTL |A Records |Ranges |ASNs |Countries |Nameservers | ssl.bing.com. | 3582| 1| 1| 1| 1| 0| ---- Fast-Flux Scores ---- Modified Thorsten/Holz: Score (-30) Classified (Clean) Modified Jaroslaw/Patrycja: Score (6) Classified (Clean) Rule Based: Clean ---- Geolocation ---- ---- URL Analysis ---- Domain: ssl.bing.com. Entropy analysis (UNIGRAM): Benign Entropy analysis (BIGRAM): Benign Probability analysis (UNIGRAM): Benign Probability analysis (BIGRAM): DGA Total Variation analysis (UNIGRAM): DGA Total Variation analysis (BIGRAM): DGA Naive-Bayesian analysis (UNIGRAM): Benign Naive-Bayesian analysis (BIGRAM): Benign Bayesian analysis (UNIGRAM): Benign Bayesian analysis (BIGRAM): DGA -- ################################ ssl.gstatic.com Qname |TTL |A Records |Ranges |ASNs |Countries |Nameservers | ssl.gstatic.com. | 299| 1| 1| 1| 1| 0| ---- Fast-Flux Scores ---- Modified Thorsten/Holz: Score (-25) Classified (Clean) Modified Jaroslaw/Patrycja: Score (7) Classified (Clean) Rule Based: Clean ---- Geolocation ---- ---- Moran's Index ---- Timezones: Score (0) Classified (Clean) UTM: Score (0) Classified (Clean) MGRS: Score (0) Classified (Clean) Combined: Score (0) ---- Geary's Coefficient ---- Timezones: Score (0) Classified (Clean) UTM: Score (0) Classified (Clean) MGRS: Score (0) Classified (Clean) Combined: Score(0) ---- URL Analysis ---- Domain: ssl.gstatic.com. Entropy analysis (UNIGRAM): Benign Entropy analysis (BIGRAM): Benign Probability analysis (UNIGRAM): Benign Probability analysis (BIGRAM): DGA Total Variation analysis (UNIGRAM): DGA Total Variation analysis (BIGRAM): DGA Naive-Bayesian analysis (UNIGRAM): Benign Naive-Bayesian analysis (BIGRAM): Benign Bayesian analysis (UNIGRAM): Benign Bayesian analysis (BIGRAM): DGA -- ################################ trans_id ################################ w.google.com Qname |TTL |A Records |Ranges |ASNs |Countries |Nameservers | w.google.com. | 86399| 1| 1| 1| 1| 0| ---- Fast-Flux Scores ---- Modified Thorsten/Holz: Score (-30) Classified (Clean) Modified Jaroslaw/Patrycja: Score (6) Classified (Clean) Rule Based: Clean ---- Geolocation ---- ---- URL Analysis ---- Domain: w.google.com. Entropy analysis (UNIGRAM): DGA Entropy analysis (BIGRAM): DGA Probability analysis (UNIGRAM): DGA Probability analysis (BIGRAM): Benign Total Variation analysis (UNIGRAM): DGA Total Variation analysis (BIGRAM): DGA Naive-Bayesian analysis (UNIGRAM): DGA Naive-Bayesian analysis (BIGRAM): Benign Bayesian analysis (UNIGRAM): DGA Bayesian analysis (BIGRAM): Benign -- ################################ www.bing.com Qname |TTL |A Records |Ranges |ASNs |Countries |Nameservers | www.bing.com. | 14| 1| 1| 1| 1| 0| ---- Fast-Flux Scores ---- Modified Thorsten/Holz: Score (-25) Classified (Clean) Modified Jaroslaw/Patrycja: Score (7) Classified (Clean) Rule Based: Clean ---- Geolocation ---- ---- URL Analysis ---- Domain: www.bing.com. Entropy analysis (UNIGRAM): DGA Entropy analysis (BIGRAM): DGA Probability analysis (UNIGRAM): DGA Probability analysis (BIGRAM): DGA Total Variation analysis (UNIGRAM): DGA Total Variation analysis (BIGRAM): DGA Naive-Bayesian analysis (UNIGRAM): DGA Naive-Bayesian analysis (BIGRAM): Benign Bayesian analysis (UNIGRAM): DGA Bayesian analysis (BIGRAM): Benign -- ################################ www.facebook.com Qname |TTL |A Records |Ranges |ASNs |Countries |Nameservers | www.facebook.com. | 3235| 1| 1| 1| 1| 0| ---- Fast-Flux Scores ---- Modified Thorsten/Holz: Score (-30) Classified (Clean) Modified Jaroslaw/Patrycja: Score (6) Classified (Clean) Rule Based: Clean ---- Geolocation ---- ---- URL Analysis ---- Domain: www.facebook.com. Entropy analysis (UNIGRAM): DGA Entropy analysis (BIGRAM): DGA Probability analysis (UNIGRAM): DGA Probability analysis (BIGRAM): DGA Total Variation analysis (UNIGRAM): DGA Total Variation analysis (BIGRAM): DGA Naive-Bayesian analysis (UNIGRAM): DGA Naive-Bayesian analysis (BIGRAM): Benign Bayesian analysis (UNIGRAM): DGA Bayesian analysis (BIGRAM): Benign -- ################################ www.googleadservices.com Qname |TTL |A Records |Ranges |ASNs |Countries |Nameservers | www.googleadservices.com.| 299| 1| 1| 1| 1| 0| ---- Fast-Flux Scores ---- Modified Thorsten/Holz: Score (-25) Classified (Clean) Modified Jaroslaw/Patrycja: Score (7) Classified (Clean) Rule Based: Clean ---- Geolocation ---- ---- URL Analysis ---- Domain: www.googleadservices.com. Entropy analysis (UNIGRAM): DGA Entropy analysis (BIGRAM): DGA Probability analysis (UNIGRAM): DGA Probability analysis (BIGRAM): DGA Total Variation analysis (UNIGRAM): DGA Total Variation analysis (BIGRAM): DGA Naive-Bayesian analysis (UNIGRAM): DGA Naive-Bayesian analysis (BIGRAM): Benign Bayesian analysis (UNIGRAM): DGA Bayesian analysis (BIGRAM): Benign -- ################################ www.google.com Qname |TTL |A Records |Ranges |ASNs |Countries |Nameservers | www.google.com. | 299| 1| 1| 1| 1| 0| ---- Fast-Flux Scores ---- Modified Thorsten/Holz: Score (-25) Classified (Clean) Modified Jaroslaw/Patrycja: Score (7) Classified (Clean) Rule Based: Clean ---- Geolocation ---- ---- Moran's Index ---- Timezones: Score (0) Classified (Clean) UTM: Score (0) Classified (Clean) MGRS: Score (0) Classified (Clean) Combined: Score (0) ---- Geary's Coefficient ---- Timezones: Score (0) Classified (Clean) UTM: Score (0) Classified (Clean) MGRS: Score (0) Classified (Clean) Combined: Score(0) ---- URL Analysis ---- Domain: www.google.com. Entropy analysis (UNIGRAM): DGA Entropy analysis (BIGRAM): DGA Probability analysis (UNIGRAM): DGA Probability analysis (BIGRAM): DGA Total Variation analysis (UNIGRAM): DGA Total Variation analysis (BIGRAM): DGA Naive-Bayesian analysis (UNIGRAM): DGA Naive-Bayesian analysis (BIGRAM): Benign Bayesian analysis (UNIGRAM): DGA Bayesian analysis (BIGRAM): Benign -- ################################ www.google.cz Qname |TTL |A Records |Ranges |ASNs |Countries |Nameservers | www.google.cz. | 299| 1| 1| 1| 1| 0| ---- Fast-Flux Scores ---- Modified Thorsten/Holz: Score (-25) Classified (Clean) Modified Jaroslaw/Patrycja: Score (7) Classified (Clean) Rule Based: Clean ---- Geolocation ---- ---- Moran's Index ---- Timezones: Score (0) Classified (Clean) UTM: Score (0) Classified (Clean) MGRS: Score (0) Classified (Clean) Combined: Score (0) ---- Geary's Coefficient ---- Timezones: Score (0) Classified (Clean) UTM: Score (0) Classified (Clean) MGRS: Score (0) Classified (Clean) Combined: Score(0) ---- URL Analysis ---- Domain: www.google.cz. Entropy analysis (UNIGRAM): DGA Entropy analysis (BIGRAM): DGA Probability analysis (UNIGRAM): DGA Probability analysis (BIGRAM): DGA Total Variation analysis (UNIGRAM): DGA Total Variation analysis (BIGRAM): DGA Naive-Bayesian analysis (UNIGRAM): DGA Naive-Bayesian analysis (BIGRAM): Benign Bayesian analysis (UNIGRAM): DGA Bayesian analysis (BIGRAM): Benign -- ################################ www.msftncsi.com Qname |TTL |A Records |Ranges |ASNs |Countries |Nameservers | www.msftncsi.com. | 846| 1| 1| 1| 1| 0| ---- Fast-Flux Scores ---- Modified Thorsten/Holz: Score (-30) Classified (Clean) Modified Jaroslaw/Patrycja: Score (6) Classified (Clean) Rule Based: Clean ---- Geolocation ---- ---- URL Analysis ---- Domain: www.msftncsi.com. Entropy analysis (UNIGRAM): DGA Entropy analysis (BIGRAM): DGA Probability analysis (UNIGRAM): DGA Probability analysis (BIGRAM): DGA Total Variation analysis (UNIGRAM): DGA Total Variation analysis (BIGRAM): DGA Naive-Bayesian analysis (UNIGRAM): DGA Naive-Bayesian analysis (BIGRAM): Benign Bayesian analysis (UNIGRAM): DGA Bayesian analysis (BIGRAM): Benign --