Fri Feb 17 20:17:58 CET 2017 Automatic Analysis of the domains in this capture. Results maybe be wrong. Using https://github.com/staaldraad/fastfluxanalysis FastFlux Analysis Version: 1.0 (2013) ################################ - ################################ a ################################ AGENTFLY ################################ amrogtvic ################################ AMROGTVIC ################################ API15.MQL5.COM ################################ API7.MQL5.COM ################################ ATG ################################ b ################################ BART.MDP.EDU.AR Qname |TTL |A Records |Ranges |ASNs |Countries |Nameservers | BART.MDP.EDU.AR. | 86400| 1| 1| 1| 1| 0| ---- Fast-Flux Scores ---- Modified Thorsten/Holz: Score (-30) Classified (Clean) Modified Jaroslaw/Patrycja: Score (6) Classified (Clean) Rule Based: Clean ---- Geolocation ---- ---- Moran's Index ---- Timezones: Score (0) Classified (Clean) UTM: Score (0) Classified (Clean) MGRS: Score (0) Classified (Clean) Combined: Score (0) ---- Geary's Coefficient ---- Timezones: Score (0) Classified (Clean) UTM: Score (0) Classified (Clean) MGRS: Score (0) Classified (Clean) Combined: Score(0) ---- URL Analysis ---- Domain: BART.MDP.EDU.AR. Entropy analysis (UNIGRAM): Benign Entropy analysis (BIGRAM): Benign Probability analysis (UNIGRAM): Benign Probability analysis (BIGRAM): Benign Total Variation analysis (UNIGRAM): DGA Total Variation analysis (BIGRAM): Benign Naive-Bayesian analysis (UNIGRAM): Benign Naive-Bayesian analysis (BIGRAM): Benign Bayesian analysis (UNIGRAM): Benign Bayesian analysis (BIGRAM): Benign -- ################################ bmvprtzr ################################ BMVPRTZR ################################ CDATA.TVNET.HU Empty Response section ################################ count ################################ CXEWIWBOHQ.BIZ ################################ dns.msftncsi.com Qname |TTL |A Records |Ranges |ASNs |Countries |Nameservers | dns.msftncsi.com. | 30| 1| 1| 1| 1| 0| ---- Fast-Flux Scores ---- Modified Thorsten/Holz: Score (-25) Classified (Clean) Modified Jaroslaw/Patrycja: Score (7) Classified (Clean) Rule Based: Clean ---- Geolocation ---- ---- Moran's Index ---- Timezones: Score (0) Classified (Clean) UTM: Score (0) Classified (Clean) MGRS: Score (0) Classified (Clean) Combined: Score (0) ---- Geary's Coefficient ---- Timezones: Score (0) Classified (Clean) UTM: Score (0) Classified (Clean) MGRS: Score (0) Classified (Clean) Combined: Score(0) ---- URL Analysis ---- Domain: dns.msftncsi.com. Entropy analysis (UNIGRAM): Benign Entropy analysis (BIGRAM): Benign Probability analysis (UNIGRAM): Benign Probability analysis (BIGRAM): Benign Total Variation analysis (UNIGRAM): DGA Total Variation analysis (BIGRAM): DGA Naive-Bayesian analysis (UNIGRAM): Benign Naive-Bayesian analysis (BIGRAM): Benign Bayesian analysis (UNIGRAM): Benign Bayesian analysis (BIGRAM): DGA -- ################################ download.microsoft.com Qname |TTL |A Records |Ranges |ASNs |Countries |Nameservers | download.microsoft.com. | 3600| 1| 1| 1| 1| 0| ---- Fast-Flux Scores ---- Modified Thorsten/Holz: Score (-30) Classified (Clean) Modified Jaroslaw/Patrycja: Score (6) Classified (Clean) Rule Based: Clean ---- Geolocation ---- ---- URL Analysis ---- Domain: download.microsoft.com. Entropy analysis (UNIGRAM): Benign Entropy analysis (BIGRAM): Benign Probability analysis (UNIGRAM): Benign Probability analysis (BIGRAM): Benign Total Variation analysis (UNIGRAM): Benign Total Variation analysis (BIGRAM): Benign Naive-Bayesian analysis (UNIGRAM): Benign Naive-Bayesian analysis (BIGRAM): Benign Bayesian analysis (UNIGRAM): Benign Bayesian analysis (BIGRAM): Benign -- ################################ DOWN.UP1.UC.CN Qname |TTL |A Records |Ranges |ASNs |Countries |Nameservers | DOWN.UP1.UC.CN. | 300| 1| 1| 1| 1| 0| ---- Fast-Flux Scores ---- Modified Thorsten/Holz: Score (-25) Classified (Clean) Modified Jaroslaw/Patrycja: Score (7) Classified (Clean) Rule Based: Clean ---- Geolocation ---- ---- URL Analysis ---- Domain: DOWN.UP1.UC.CN. Entropy analysis (UNIGRAM): Benign Entropy analysis (BIGRAM): Benign Probability analysis (UNIGRAM): Benign Probability analysis (BIGRAM): Benign Total Variation analysis (UNIGRAM): DGA Total Variation analysis (BIGRAM): DGA Naive-Bayesian analysis (UNIGRAM): Benign Naive-Bayesian analysis (BIGRAM): Benign Bayesian analysis (UNIGRAM): DGA Bayesian analysis (BIGRAM): Benign -- ################################ ff ################################ fn ################################ hp ################################ JDJEAODPU.WORK ################################ JEPNTWJOMIAQ.SU ################################ keixsnpkbrgrmf ################################ KEIXSNPKBRGRMF ################################ l ################################ LRPHOLG.WORK ################################ MAIL.UEAB.AC.KE Empty Response section ################################ MUMBALI.ORG Qname |TTL |A Records |Ranges |ASNs |Countries |Nameservers | MUMBALI.ORG. | 14400| 1| 1| 1| 1| 0| ---- Fast-Flux Scores ---- Modified Thorsten/Holz: Score (-30) Classified (Clean) Modified Jaroslaw/Patrycja: Score (6) Classified (Clean) Rule Based: Clean ---- Geolocation ---- ---- Moran's Index ---- Timezones: Score (0) Classified (Clean) UTM: Score (0) Classified (Clean) MGRS: Score (0) Classified (Clean) Combined: Score (0) ---- Geary's Coefficient ---- Timezones: Score (0) Classified (Clean) UTM: Score (0) Classified (Clean) MGRS: Score (0) Classified (Clean) Combined: Score(0) ---- URL Analysis ---- Domain: MUMBALI.ORG. Entropy analysis (UNIGRAM): Benign Entropy analysis (BIGRAM): Benign Probability analysis (UNIGRAM): Benign Probability analysis (BIGRAM): Benign Total Variation analysis (UNIGRAM): DGA Total Variation analysis (BIGRAM): Benign Naive-Bayesian analysis (UNIGRAM): Benign Naive-Bayesian analysis (BIGRAM): Benign Bayesian analysis (UNIGRAM): Benign Bayesian analysis (BIGRAM): Benign -- ################################ MX1.HOTMAIL.COM Qname |TTL |A Records |Ranges |ASNs |Countries |Nameservers | MX1.HOTMAIL.COM. | 3600| 19| 7| 1| 1| 0| ---- Fast-Flux Scores ---- Modified Thorsten/Holz: Score (-6) Classified (Clean) Modified Jaroslaw/Patrycja: Score (33) Classified (Fast-Flux) Rule Based: Fast-Flux ---- Geolocation ---- ---- Moran's Index ---- Timezones: Score (-0.439849559749) Classified (Fast-Flux) UTM: Score (-0.19323128331) Classified (Fast-Flux) MGRS: Score (-0.334848492646) Classified (Fast-Flux) Combined: Score (-0.028459675771) ---- Geary's Coefficient ---- Timezones: Score (1.48483172427) Classified (Fast-Flux) UTM: Score (1.39516363134) Classified (Fast-Flux) MGRS: Score (1.57793139398) Classified (Fast-Flux) Combined: Score(3.26881619863) ---- URL Analysis ---- Domain: MX1.HOTMAIL.COM. Entropy analysis (UNIGRAM): DGA Entropy analysis (BIGRAM): DGA Probability analysis (UNIGRAM): Benign Probability analysis (BIGRAM): Benign Total Variation analysis (UNIGRAM): DGA Total Variation analysis (BIGRAM): DGA Naive-Bayesian analysis (UNIGRAM): Benign Naive-Bayesian analysis (BIGRAM): DGA Bayesian analysis (UNIGRAM): Benign Bayesian analysis (BIGRAM): DGA -- ################################ MX2.HOTMAIL.COM Qname |TTL |A Records |Ranges |ASNs |Countries |Nameservers | MX2.HOTMAIL.COM. | 3600| 19| 6| 1| 1| 0| ---- Fast-Flux Scores ---- Modified Thorsten/Holz: Score (-6) Classified (Clean) Modified Jaroslaw/Patrycja: Score (31) Classified (Fast-Flux) Rule Based: Fast-Flux ---- Geolocation ---- ---- Moran's Index ---- Timezones: Score (-0.58889854751) Classified (Fast-Flux) UTM: Score (-0.552012240962) Classified (Fast-Flux) MGRS: Score (-0.487977936297) Classified (Fast-Flux) Combined: Score (-0.158631480521) ---- Geary's Coefficient ---- Timezones: Score (1.53003923974) Classified (Fast-Flux) UTM: Score (1.52293666834) Classified (Fast-Flux) MGRS: Score (1.59522329529) Classified (Fast-Flux) Combined: Score(3.71711412734) ---- URL Analysis ---- Domain: MX2.HOTMAIL.COM. Entropy analysis (UNIGRAM): DGA Entropy analysis (BIGRAM): DGA Probability analysis (UNIGRAM): Benign Probability analysis (BIGRAM): Benign Total Variation analysis (UNIGRAM): DGA Total Variation analysis (BIGRAM): DGA Naive-Bayesian analysis (UNIGRAM): Benign Naive-Bayesian analysis (BIGRAM): DGA Bayesian analysis (UNIGRAM): Benign Bayesian analysis (BIGRAM): DGA -- ################################ MX3.HOTMAIL.COM Qname |TTL |A Records |Ranges |ASNs |Countries |Nameservers | MX3.HOTMAIL.COM. | 3600| 19| 6| 1| 1| 0| ---- Fast-Flux Scores ---- Modified Thorsten/Holz: Score (-6) Classified (Clean) Modified Jaroslaw/Patrycja: Score (31) Classified (Fast-Flux) Rule Based: Fast-Flux ---- Geolocation ---- ---- Moran's Index ---- Timezones: Score (-0.58889854751) Classified (Fast-Flux) UTM: Score (-0.552012240962) Classified (Fast-Flux) MGRS: Score (-0.487977936297) Classified (Fast-Flux) Combined: Score (-0.158631480521) ---- Geary's Coefficient ---- Timezones: Score (1.53003923974) Classified (Fast-Flux) UTM: Score (1.52293666834) Classified (Fast-Flux) MGRS: Score (1.59522329529) Classified (Fast-Flux) Combined: Score(3.71711412734) ---- URL Analysis ---- Domain: MX3.HOTMAIL.COM. Entropy analysis (UNIGRAM): DGA Entropy analysis (BIGRAM): DGA Probability analysis (UNIGRAM): Benign Probability analysis (BIGRAM): Benign Total Variation analysis (UNIGRAM): DGA Total Variation analysis (BIGRAM): DGA Naive-Bayesian analysis (UNIGRAM): Benign Naive-Bayesian analysis (BIGRAM): DGA Bayesian analysis (UNIGRAM): Benign Bayesian analysis (BIGRAM): DGA -- ################################ MX4.HOTMAIL.COM Qname |TTL |A Records |Ranges |ASNs |Countries |Nameservers | MX4.HOTMAIL.COM. | 3600| 19| 7| 1| 1| 0| ---- Fast-Flux Scores ---- Modified Thorsten/Holz: Score (-6) Classified (Clean) Modified Jaroslaw/Patrycja: Score (33) Classified (Fast-Flux) Rule Based: Fast-Flux ---- Geolocation ---- ---- Moran's Index ---- Timezones: Score (-0.439849559749) Classified (Fast-Flux) UTM: Score (-0.19323128331) Classified (Fast-Flux) MGRS: Score (-0.334848492646) Classified (Fast-Flux) Combined: Score (-0.028459675771) ---- Geary's Coefficient ---- Timezones: Score (1.48483172427) Classified (Fast-Flux) UTM: Score (1.39516363134) Classified (Fast-Flux) MGRS: Score (1.57793139398) Classified (Fast-Flux) Combined: Score(3.26881619863) ---- URL Analysis ---- Domain: MX4.HOTMAIL.COM. Entropy analysis (UNIGRAM): DGA Entropy analysis (BIGRAM): DGA Probability analysis (UNIGRAM): Benign Probability analysis (BIGRAM): Benign Total Variation analysis (UNIGRAM): DGA Total Variation analysis (BIGRAM): DGA Naive-Bayesian analysis (UNIGRAM): Benign Naive-Bayesian analysis (BIGRAM): DGA Bayesian analysis (UNIGRAM): Benign Bayesian analysis (BIGRAM): DGA -- ################################ o4 ################################ OOWERL.COM ################################ OPEN-WORKS.NET Qname |TTL |A Records |Ranges |ASNs |Countries |Nameservers | OPEN-WORKS.NET. | 14400| 1| 1| 1| 1| 0| ---- Fast-Flux Scores ---- Modified Thorsten/Holz: Score (-30) Classified (Clean) Modified Jaroslaw/Patrycja: Score (6) Classified (Clean) Rule Based: Clean ---- Geolocation ---- ---- Moran's Index ---- Timezones: Score (0) Classified (Clean) UTM: Score (0) Classified (Clean) MGRS: Score (0) Classified (Clean) Combined: Score (0) ---- Geary's Coefficient ---- Timezones: Score (0) Classified (Clean) UTM: Score (0) Classified (Clean) MGRS: Score (0) Classified (Clean) Combined: Score(0) ---- URL Analysis ---- Domain: OPEN-WORKS.NET. Entropy analysis (UNIGRAM): Benign Entropy analysis (BIGRAM): Benign Probability analysis (UNIGRAM): Benign Probability analysis (BIGRAM): Benign Total Variation analysis (UNIGRAM): Benign Total Variation analysis (BIGRAM): Benign Naive-Bayesian analysis (UNIGRAM): Benign Naive-Bayesian analysis (BIGRAM): Benign Bayesian analysis (UNIGRAM): Benign Bayesian analysis (BIGRAM): Benign -- ################################ p ################################ PATOCARR.COM Qname |TTL |A Records |Ranges |ASNs |Countries |Nameservers | PATOCARR.COM. | 14400| 1| 1| 1| 1| 0| ---- Fast-Flux Scores ---- Modified Thorsten/Holz: Score (-30) Classified (Clean) Modified Jaroslaw/Patrycja: Score (6) Classified (Clean) Rule Based: Clean ---- Geolocation ---- ---- Moran's Index ---- Timezones: Score (0) Classified (Clean) UTM: Score (0) Classified (Clean) MGRS: Score (0) Classified (Clean) Combined: Score (0) ---- Geary's Coefficient ---- Timezones: Score (0) Classified (Clean) UTM: Score (0) Classified (Clean) MGRS: Score (0) Classified (Clean) Combined: Score(0) ---- URL Analysis ---- Domain: PATOCARR.COM. Entropy analysis (UNIGRAM): Benign Entropy analysis (BIGRAM): Benign Probability analysis (UNIGRAM): Benign Probability analysis (BIGRAM): Benign Total Variation analysis (UNIGRAM): Benign Total Variation analysis (BIGRAM): Benign Naive-Bayesian analysis (UNIGRAM): Benign Naive-Bayesian analysis (BIGRAM): Benign Bayesian analysis (UNIGRAM): Benign Bayesian analysis (BIGRAM): Benign -- ################################ PATTY.UNOG.CH ################################ plumbytes2.azurewebsites.net Qname |TTL |A Records |Ranges |ASNs |Countries |Nameservers | plumbytes2.azurewebsites.net.| 1800| 1| 1| 1| 1| 0| ---- Fast-Flux Scores ---- Modified Thorsten/Holz: Score (-30) Classified (Clean) Modified Jaroslaw/Patrycja: Score (6) Classified (Clean) Rule Based: Clean ---- Geolocation ---- ---- URL Analysis ---- Domain: plumbytes2.azurewebsites.net. Entropy analysis (UNIGRAM): Benign Entropy analysis (BIGRAM): Benign Probability analysis (UNIGRAM): Benign Probability analysis (BIGRAM): Benign Total Variation analysis (UNIGRAM): DGA Total Variation analysis (BIGRAM): Benign Naive-Bayesian analysis (UNIGRAM): Benign Naive-Bayesian analysis (BIGRAM): Benign Bayesian analysis (UNIGRAM): Benign Bayesian analysis (BIGRAM): Benign -- ################################ plumbytes.com Qname |TTL |A Records |Ranges |ASNs |Countries |Nameservers | plumbytes.com. | 14400| 1| 1| 1| 1| 0| ---- Fast-Flux Scores ---- Modified Thorsten/Holz: Score (-30) Classified (Clean) Modified Jaroslaw/Patrycja: Score (6) Classified (Clean) Rule Based: Clean ---- Geolocation ---- ---- Moran's Index ---- Timezones: Score (0) Classified (Clean) UTM: Score (0) Classified (Clean) MGRS: Score (0) Classified (Clean) Combined: Score (0) ---- Geary's Coefficient ---- Timezones: Score (0) Classified (Clean) UTM: Score (0) Classified (Clean) MGRS: Score (0) Classified (Clean) Combined: Score(0) ---- URL Analysis ---- Domain: plumbytes.com. Entropy analysis (UNIGRAM): Benign Entropy analysis (BIGRAM): Benign Probability analysis (UNIGRAM): Benign Probability analysis (BIGRAM): Benign Total Variation analysis (UNIGRAM): DGA Total Variation analysis (BIGRAM): Benign Naive-Bayesian analysis (UNIGRAM): Benign Naive-Bayesian analysis (BIGRAM): Benign Bayesian analysis (UNIGRAM): DGA Bayesian analysis (BIGRAM): Benign -- ################################ PSVYKCMK.SU ################################ r ################################ sebastian\xe2\x80\x99s ################################ SPCRWTB.INFO ################################ t ################################ t- ################################ trans_id ################################ u ################################ u- ################################ v ################################ v2 ################################ WATGHVQHHVBR.PW ################################ WORKGROUP ################################ www.microsoft.com Qname |TTL |A Records |Ranges |ASNs |Countries |Nameservers | www.microsoft.com. | 3600| 1| 1| 1| 1| 0| ---- Fast-Flux Scores ---- Modified Thorsten/Holz: Score (-30) Classified (Clean) Modified Jaroslaw/Patrycja: Score (6) Classified (Clean) Rule Based: Clean ---- Geolocation ---- ---- URL Analysis ---- Domain: www.microsoft.com. Entropy analysis (UNIGRAM): DGA Entropy analysis (BIGRAM): DGA Probability analysis (UNIGRAM): DGA Probability analysis (BIGRAM): DGA Total Variation analysis (UNIGRAM): DGA Total Variation analysis (BIGRAM): DGA Naive-Bayesian analysis (UNIGRAM): DGA Naive-Bayesian analysis (BIGRAM): Benign Bayesian analysis (UNIGRAM): DGA Bayesian analysis (BIGRAM): Benign -- ################################ x ################################ \x01\x02__MSBROWSE__\x02 ################################ YSWYRXQU.WORK ################################ 7-