Sun Jan 15 13:04:10 CET 2017 Automatic Analysis of the domains in this capture. Results maybe be wrong. Using https://github.com/staaldraad/fastfluxanalysis FastFlux Analysis Version: 1.0 (2013) ################################ count ################################ dns.msftncsi.com Qname |TTL |A Records |Ranges |ASNs |Countries |Nameservers | dns.msftncsi.com. | 16| 1| 1| 1| 1| 0| ---- Fast-Flux Scores ---- Modified Thorsten/Holz: Score (-25) Classified (Clean) Modified Jaroslaw/Patrycja: Score (7) Classified (Clean) Rule Based: Clean ---- Geolocation ---- ---- Moran's Index ---- Timezones: Score (0) Classified (Clean) UTM: Score (0) Classified (Clean) MGRS: Score (0) Classified (Clean) Combined: Score (0) ---- Geary's Coefficient ---- Timezones: Score (0) Classified (Clean) UTM: Score (0) Classified (Clean) MGRS: Score (0) Classified (Clean) Combined: Score(0) ---- URL Analysis ---- Domain: dns.msftncsi.com. Entropy analysis (UNIGRAM): Benign Entropy analysis (BIGRAM): Benign Probability analysis (UNIGRAM): Benign Probability analysis (BIGRAM): Benign Total Variation analysis (UNIGRAM): DGA Total Variation analysis (BIGRAM): DGA Naive-Bayesian analysis (UNIGRAM): Benign Naive-Bayesian analysis (BIGRAM): Benign Bayesian analysis (UNIGRAM): Benign Bayesian analysis (BIGRAM): DGA -- ################################ kf5e2213.servwingu.mx Qname |TTL |A Records |Ranges |ASNs |Countries |Nameservers | kf5e2213.servwingu.mx. | 3599| 1| 1| 1| 1| 0| ---- Fast-Flux Scores ---- Modified Thorsten/Holz: Score (-30) Classified (Clean) Modified Jaroslaw/Patrycja: Score (6) Classified (Clean) Rule Based: Clean ---- Geolocation ---- ---- Moran's Index ---- Timezones: Score (0) Classified (Clean) UTM: Score (0) Classified (Clean) MGRS: Score (0) Classified (Clean) Combined: Score (0) ---- Geary's Coefficient ---- Timezones: Score (0) Classified (Clean) UTM: Score (0) Classified (Clean) MGRS: Score (0) Classified (Clean) Combined: Score(0) ---- URL Analysis ---- Domain: kf5e2213.servwingu.mx. Entropy analysis (UNIGRAM): Benign Entropy analysis (BIGRAM): DGA Probability analysis (UNIGRAM): Benign Probability analysis (BIGRAM): Benign Total Variation analysis (UNIGRAM): DGA Total Variation analysis (BIGRAM): DGA Naive-Bayesian analysis (UNIGRAM): Benign Naive-Bayesian analysis (BIGRAM): Benign Bayesian analysis (UNIGRAM): Benign Bayesian analysis (BIGRAM): Benign -- ################################ mail.gmx.net Qname |TTL |A Records |Ranges |ASNs |Countries |Nameservers | mail.gmx.net. | 824| 2| 1| 1| 1| 0| ---- Fast-Flux Scores ---- Modified Thorsten/Holz: Score (-28) Classified (Clean) Modified Jaroslaw/Patrycja: Score (7) Classified (Clean) Rule Based: Fast-Flux ---- Geolocation ---- ---- Moran's Index ---- Timezones: Score (0) Classified (Clean) UTM: Score (0) Classified (Clean) MGRS: Score (0) Classified (Clean) Combined: Score (0) ---- Geary's Coefficient ---- Timezones: Score (0) Classified (Clean) UTM: Score (0) Classified (Clean) MGRS: Score (0) Classified (Clean) Combined: Score(0) ---- URL Analysis ---- Domain: mail.gmx.net. Entropy analysis (UNIGRAM): Benign Entropy analysis (BIGRAM): Benign Probability analysis (UNIGRAM): Benign Probability analysis (BIGRAM): Benign Total Variation analysis (UNIGRAM): DGA Total Variation analysis (BIGRAM): Benign Naive-Bayesian analysis (UNIGRAM): Benign Naive-Bayesian analysis (BIGRAM): Benign Bayesian analysis (UNIGRAM): Benign Bayesian analysis (BIGRAM): Benign -- ################################ mail.tele2.at Qname |TTL |A Records |Ranges |ASNs |Countries |Nameservers | mail.tele2.at. | 235| 1| 1| 1| 1| 0| ---- Fast-Flux Scores ---- Modified Thorsten/Holz: Score (-25) Classified (Clean) Modified Jaroslaw/Patrycja: Score (7) Classified (Clean) Rule Based: Clean ---- Geolocation ---- ---- Moran's Index ---- Timezones: Score (0) Classified (Clean) UTM: Score (0) Classified (Clean) MGRS: Score (0) Classified (Clean) Combined: Score (0) ---- Geary's Coefficient ---- Timezones: Score (0) Classified (Clean) UTM: Score (0) Classified (Clean) MGRS: Score (0) Classified (Clean) Combined: Score(0) ---- URL Analysis ---- Domain: mail.tele2.at. Entropy analysis (UNIGRAM): Benign Entropy analysis (BIGRAM): Benign Probability analysis (UNIGRAM): Benign Probability analysis (BIGRAM): Benign Total Variation analysis (UNIGRAM): DGA Total Variation analysis (BIGRAM): Benign Naive-Bayesian analysis (UNIGRAM): Benign Naive-Bayesian analysis (BIGRAM): Benign Bayesian analysis (UNIGRAM): Benign Bayesian analysis (BIGRAM): Benign -- ################################ mgate.chello.at Qname |TTL |A Records |Ranges |ASNs |Countries |Nameservers | mgate.chello.at. | 595| 1| 1| 1| 1| 0| ---- Fast-Flux Scores ---- Modified Thorsten/Holz: Score (-30) Classified (Clean) Modified Jaroslaw/Patrycja: Score (6) Classified (Clean) Rule Based: Clean ---- Geolocation ---- ---- Moran's Index ---- Timezones: Score (0) Classified (Clean) UTM: Score (0) Classified (Clean) MGRS: Score (0) Classified (Clean) Combined: Score (0) ---- Geary's Coefficient ---- Timezones: Score (0) Classified (Clean) UTM: Score (0) Classified (Clean) MGRS: Score (0) Classified (Clean) Combined: Score(0) ---- URL Analysis ---- Domain: mgate.chello.at. Entropy analysis (UNIGRAM): Benign Entropy analysis (BIGRAM): Benign Probability analysis (UNIGRAM): Benign Probability analysis (BIGRAM): Benign Total Variation analysis (UNIGRAM): Benign Total Variation analysis (BIGRAM): Benign Naive-Bayesian analysis (UNIGRAM): Benign Naive-Bayesian analysis (BIGRAM): Benign Bayesian analysis (UNIGRAM): Benign Bayesian analysis (BIGRAM): Benign -- ################################ mx2.vr-web.de ################################ s132.superhost.pl Qname |TTL |A Records |Ranges |ASNs |Countries |Nameservers | s132.superhost.pl. | 8304| 1| 1| 1| 1| 0| ---- Fast-Flux Scores ---- Modified Thorsten/Holz: Score (-30) Classified (Clean) Modified Jaroslaw/Patrycja: Score (6) Classified (Clean) Rule Based: Clean ---- Geolocation ---- ---- Moran's Index ---- Timezones: Score (0) Classified (Clean) UTM: Score (0) Classified (Clean) MGRS: Score (0) Classified (Clean) Combined: Score (0) ---- Geary's Coefficient ---- Timezones: Score (0) Classified (Clean) UTM: Score (0) Classified (Clean) MGRS: Score (0) Classified (Clean) Combined: Score(0) ---- URL Analysis ---- Domain: s132.superhost.pl. Entropy analysis (UNIGRAM): Benign Entropy analysis (BIGRAM): DGA Probability analysis (UNIGRAM): Benign Probability analysis (BIGRAM): Benign Total Variation analysis (UNIGRAM): DGA Total Variation analysis (BIGRAM): DGA Naive-Bayesian analysis (UNIGRAM): Benign Naive-Bayesian analysis (BIGRAM): Benign Bayesian analysis (UNIGRAM): Benign Bayesian analysis (BIGRAM): Benign -- ################################ smtp.1und1.de Qname |TTL |A Records |Ranges |ASNs |Countries |Nameservers | smtp.1und1.de. | 4635| 2| 1| 1| 1| 0| ---- Fast-Flux Scores ---- Modified Thorsten/Holz: Score (-28) Classified (Clean) Modified Jaroslaw/Patrycja: Score (7) Classified (Clean) Rule Based: Fast-Flux ---- Geolocation ---- ---- Moran's Index ---- Timezones: Score (0) Classified (Clean) UTM: Score (0) Classified (Clean) MGRS: Score (0) Classified (Clean) Combined: Score (0) ---- Geary's Coefficient ---- Timezones: Score (0) Classified (Clean) UTM: Score (0) Classified (Clean) MGRS: Score (0) Classified (Clean) Combined: Score(0) ---- URL Analysis ---- Domain: smtp.1und1.de. Entropy analysis (UNIGRAM): Benign Entropy analysis (BIGRAM): DGA Probability analysis (UNIGRAM): Benign Probability analysis (BIGRAM): DGA Total Variation analysis (UNIGRAM): DGA Total Variation analysis (BIGRAM): DGA Naive-Bayesian analysis (UNIGRAM): Benign Naive-Bayesian analysis (BIGRAM): DGA Bayesian analysis (UNIGRAM): DGA Bayesian analysis (BIGRAM): DGA -- ################################ smtpmail.t-online.de Qname |TTL |A Records |Ranges |ASNs |Countries |Nameservers | smtpmail.t-online.de. | 31177| 4| 1| 1| 1| 0| ---- Fast-Flux Scores ---- Modified Thorsten/Holz: Score (-26) Classified (Clean) Modified Jaroslaw/Patrycja: Score (9) Classified (Clean) Rule Based: Fast-Flux ---- Geolocation ---- ---- Moran's Index ---- Timezones: Score (0) Classified (Clean) UTM: Score (0) Classified (Clean) MGRS: Score (0) Classified (Clean) Combined: Score (0) ---- Geary's Coefficient ---- Timezones: Score (0) Classified (Clean) UTM: Score (0) Classified (Clean) MGRS: Score (0) Classified (Clean) Combined: Score(0) ---- URL Analysis ---- Domain: smtpmail.t-online.de. Entropy analysis (UNIGRAM): Benign Entropy analysis (BIGRAM): Benign Probability analysis (UNIGRAM): Benign Probability analysis (BIGRAM): DGA Total Variation analysis (UNIGRAM): Benign Total Variation analysis (BIGRAM): Benign Naive-Bayesian analysis (UNIGRAM): Benign Naive-Bayesian analysis (BIGRAM): Benign Bayesian analysis (UNIGRAM): Benign Bayesian analysis (BIGRAM): Benign -- ################################ smtp.strato.de Qname |TTL |A Records |Ranges |ASNs |Countries |Nameservers | smtp.strato.de. | 4711| 1| 1| 1| 1| 0| ---- Fast-Flux Scores ---- Modified Thorsten/Holz: Score (-30) Classified (Clean) Modified Jaroslaw/Patrycja: Score (6) Classified (Clean) Rule Based: Clean ---- Geolocation ---- ---- Moran's Index ---- Timezones: Score (0) Classified (Clean) UTM: Score (0) Classified (Clean) MGRS: Score (0) Classified (Clean) Combined: Score (0) ---- Geary's Coefficient ---- Timezones: Score (0) Classified (Clean) UTM: Score (0) Classified (Clean) MGRS: Score (0) Classified (Clean) Combined: Score(0) ---- URL Analysis ---- Domain: smtp.strato.de. Entropy analysis (UNIGRAM): Benign Entropy analysis (BIGRAM): DGA Probability analysis (UNIGRAM): Benign Probability analysis (BIGRAM): DGA Total Variation analysis (UNIGRAM): DGA Total Variation analysis (BIGRAM): DGA Naive-Bayesian analysis (UNIGRAM): Benign Naive-Bayesian analysis (BIGRAM): DGA Bayesian analysis (UNIGRAM): DGA Bayesian analysis (BIGRAM): DGA -- ################################ smtp.web.de Qname |TTL |A Records |Ranges |ASNs |Countries |Nameservers | smtp.web.de. | 145| 2| 1| 1| 1| 0| ---- Fast-Flux Scores ---- Modified Thorsten/Holz: Score (-23) Classified (Clean) Modified Jaroslaw/Patrycja: Score (8) Classified (Clean) Rule Based: Fast-Flux ---- Geolocation ---- ---- Moran's Index ---- Timezones: Score (0) Classified (Clean) UTM: Score (0) Classified (Clean) MGRS: Score (0) Classified (Clean) Combined: Score (0) ---- Geary's Coefficient ---- Timezones: Score (0) Classified (Clean) UTM: Score (0) Classified (Clean) MGRS: Score (0) Classified (Clean) Combined: Score(0) ---- URL Analysis ---- Domain: smtp.web.de. Entropy analysis (UNIGRAM): Benign Entropy analysis (BIGRAM): DGA Probability analysis (UNIGRAM): Benign Probability analysis (BIGRAM): DGA Total Variation analysis (UNIGRAM): DGA Total Variation analysis (BIGRAM): DGA Naive-Bayesian analysis (UNIGRAM): Benign Naive-Bayesian analysis (BIGRAM): DGA Bayesian analysis (UNIGRAM): DGA Bayesian analysis (BIGRAM): DGA -- ################################ trans_id ################################ wecotec1.adns.de Qname |TTL |A Records |Ranges |ASNs |Countries |Nameservers | wecotec1.adns.de. | 3501| 1| 1| 1| 1| 0| ---- Fast-Flux Scores ---- Modified Thorsten/Holz: Score (-30) Classified (Clean) Modified Jaroslaw/Patrycja: Score (6) Classified (Clean) Rule Based: Clean ---- Geolocation ---- ---- Moran's Index ---- Timezones: Score (0) Classified (Clean) UTM: Score (0) Classified (Clean) MGRS: Score (0) Classified (Clean) Combined: Score (0) ---- Geary's Coefficient ---- Timezones: Score (0) Classified (Clean) UTM: Score (0) Classified (Clean) MGRS: Score (0) Classified (Clean) Combined: Score(0) ---- URL Analysis ---- Domain: wecotec1.adns.de. Entropy analysis (UNIGRAM): Benign Entropy analysis (BIGRAM): Benign Probability analysis (UNIGRAM): Benign Probability analysis (BIGRAM): Benign Total Variation analysis (UNIGRAM): Benign Total Variation analysis (BIGRAM): Benign Naive-Bayesian analysis (UNIGRAM): Benign Naive-Bayesian analysis (BIGRAM): Benign Bayesian analysis (UNIGRAM): Benign Bayesian analysis (BIGRAM): Benign --