{"id":1591,"date":"2012-10-05T09:48:56","date_gmt":"2012-10-05T14:48:56","guid":{"rendered":"http:\/\/rud.is\/b\/?p=1591"},"modified":"2017-03-27T09:40:50","modified_gmt":"2017-03-27T14:40:50","slug":"diy-zeroaccess-geoip-plots","status":"publish","type":"post","link":"https:\/\/rud.is\/b\/2012\/10\/05\/diy-zeroaccess-geoip-plots\/","title":{"rendered":"DIY ZeroAccess GeoIP Plots"},"content":{"rendered":"

Since F-Secure was #spiffy enough to provide us with GeoIP data<\/a> for mapping the scope of the ZeroAccess botnet, I thought that some aspiring infosec data scientists might want to see how to use something besides Google Maps & Google Earth to view the data.<\/p>\n

If you look at the CSV file, it’s formatted as such (this is a small portion\u2026the file is ~140K lines):<\/p>\n

CL,\"-34.9833\",\"-71.2333\"\r\nPT,\"38.679\",\"-9.1569\"\r\nUS,\"42.4163\",\"-70.9969\"\r\nBR,\"-21.8667\",\"-51.8333\"<\/pre>\n
While that’s useful, we don’t need quotes and a header would be nice (esp for some of the tools I’ll be showing), so a quick cleanup in vi<\/code> gives us:<\/p>\n
Code,Latitude,Longitude\r\nCL,-34.9833,-71.2333\r\nPT,38.679,-9.1569\r\nUS,42.4163,-70.9969\r\nBR,-21.8667,-51.8333<\/pre>\n
With just this information, we can see how much of the United States is covered in ZeroAccess with just a few lines of R:<\/p>\n
# read in the csv file\r\nbots = read.csv(\"ZeroAccessGeoIPs.csv\")\r\n\r\n# load the maps library\r\nlibrary(maps)\r\n\r\n# draw the US outline in black and state boundaries in gray\r\nmap(\"state\", interior = FALSE)\r\nmap(\"state\", boundary = FALSE, col=\"gray\", add = TRUE)\r\n\r\n# plot the latitude & longitudes with a small dot\r\npoints(x=bots$Longitude,y=bots$Latitude,col='red',cex=0.25)<\/pre>\n
Can you pwn me now?<\/b>
\"\"<\/a>
Click for larger map<\/center><\/p>\n
If you want to see how bad your state is, it’s just as simple. Using my state (Maine) it’s just a matter of swapping out the map<\/code> statements with more specific data:<\/p>\n
bots = read.csv(\"ZeroAccessGeoIPs.csv\")\r\nlibrary(maps)\r\n\r\n# draw Maine state boundary in black and counties in gray\r\nmap(\"state\",\"maine\",interior=FALSE)\r\nmap(\"county\",\"maine\",boundary=FALSE,col=\"gray\",add=TRUE)\r\n\r\npoints(x=bots$Longitude,y=bots$Latitude,col='red',cex=0.25)\r\n<\/pre>\n
We’re either really<\/i> tech\/security-savvy or don’t do much computin’ up here<\/b>
\"\"
Click for larger map<\/a><\/center><\/p>\n
Because of the way the maps<\/code> library handles geo-plotting, there are points outside the actual map boundaries.<\/p>\n
You can even get a quick and dirty geo-heatmap without too much trouble:<\/p>\n
bots = read.csv(\"ZeroAccessGeoIPs.csv\")\r\n\r\n# load the ggplot2 library\r\nlibrary(ggplot2)\r\n\r\n# create an plot object for the heatmap\r\nzeroheat <- qplot(xlab=\"Longitude\",ylab=\"Latitude\",main=\"ZeroAccess Botnet\",geom=\"blank\",x=bots$Longitude,y=bots$Latitude,data=bots)  + stat_bin2d(bins =300,aes(fill = log1p(..count..))) \r\n\r\n# display the heatmap\r\nzeroheat<\/pre>\n
\"\"
Click for larger map<\/a><\/center><\/p>\n
Try playing around with the bins<\/code> to see how that impacts the plots (the stat_bin2d(\u2026)<\/code> divides the \"map\" into \"buckets\" (or bins) and that informs plot how to color code the output).<\/p>\n
If you were to pre-process the data a bit, or craft some ugly R code, a more tradtional choropleth can easily be created as well. The interesting part about using a non-boundaried plot is that this ZeroAccess network almost defines every continent for us (which is kinda scary).<\/p>\n
That's just a taste of what you can do with just a few, simple lines of R. If I have some time, I'll toss up some examples in Python as well. Definitely drop a note in the comments if you put together some #spiffy visualizations with the data they provided.<\/p>\n","protected":false},"excerpt":{"rendered":"
Since F-Secure was #spiffy enough to provide us with GeoIP data for mapping the scope of the ZeroAccess botnet, I thought that some aspiring infosec data scientists might want to see how to use something besides Google Maps & Google Earth to view the data. If you look at the CSV file, it’s formatted as […]<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"jetpack_post_was_ever_published":false,"_jetpack_newsletter_access":"","_jetpack_dont_email_post_to_subs":true,"_jetpack_newsletter_tier_id":0,"_jetpack_memberships_contains_paywalled_content":false,"_jetpack_memberships_contains_paid_content":false,"activitypub_content_warning":"","activitypub_content_visibility":"","activitypub_max_image_attachments":3,"activitypub_interaction_policy_quote":"anyone","activitypub_status":"","footnotes":""},"categories":[24,7,91],"tags":[],"class_list":["post-1591","post","type-post","status-publish","format-standard","hentry","category-charts-graphs","category-programming","category-r"],"yoast_head":"\nDIY ZeroAccess GeoIP Plots - rud.is<\/title>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/rud.is\/b\/2012\/10\/05\/diy-zeroaccess-geoip-plots\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"DIY ZeroAccess GeoIP Plots - rud.is\" \/>\n<meta property=\"og:description\" content=\"Since F-Secure was #spiffy enough to provide us with GeoIP data for mapping the scope of the ZeroAccess botnet, I thought that some aspiring infosec data scientists might want to see how to use something besides Google Maps & Google Earth to view the data. If you look at the CSV file, it’s formatted as […]\" \/>\n<meta property=\"og:url\" content=\"https:\/\/rud.is\/b\/2012\/10\/05\/diy-zeroaccess-geoip-plots\/\" \/>\n<meta property=\"og:site_name\" content=\"rud.is\" \/>\n<meta property=\"article:published_time\" content=\"2012-10-05T14:48:56+00:00\" \/>\n<meta property=\"article:modified_time\" content=\"2017-03-27T14:40:50+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/rud.is\/b\/wp-content\/uploads\/2012\/10\/usbots-300x177.png\" \/>\n<meta name=\"author\" content=\"hrbrmstr\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"hrbrmstr\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"2 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\\\/\\\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\\\/\\\/rud.is\\\/b\\\/2012\\\/10\\\/05\\\/diy-zeroaccess-geoip-plots\\\/#article\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/rud.is\\\/b\\\/2012\\\/10\\\/05\\\/diy-zeroaccess-geoip-plots\\\/\"},\"author\":{\"name\":\"hrbrmstr\",\"@id\":\"https:\\\/\\\/rud.is\\\/b\\\/#\\\/schema\\\/person\\\/d7cb7487ab0527447f7fda5c423ff886\"},\"headline\":\"DIY ZeroAccess GeoIP Plots\",\"datePublished\":\"2012-10-05T14:48:56+00:00\",\"dateModified\":\"2017-03-27T14:40:50+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\\\/\\\/rud.is\\\/b\\\/2012\\\/10\\\/05\\\/diy-zeroaccess-geoip-plots\\\/\"},\"wordCount\":349,\"commentCount\":4,\"publisher\":{\"@id\":\"https:\\\/\\\/rud.is\\\/b\\\/#\\\/schema\\\/person\\\/d7cb7487ab0527447f7fda5c423ff886\"},\"image\":{\"@id\":\"https:\\\/\\\/rud.is\\\/b\\\/2012\\\/10\\\/05\\\/diy-zeroaccess-geoip-plots\\\/#primaryimage\"},\"thumbnailUrl\":\"https:\\\/\\\/rud.is\\\/b\\\/wp-content\\\/uploads\\\/2012\\\/10\\\/usbots-300x177.png\",\"articleSection\":[\"Charts & Graphs\",\"Programming\",\"R\"],\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"CommentAction\",\"name\":\"Comment\",\"target\":[\"https:\\\/\\\/rud.is\\\/b\\\/2012\\\/10\\\/05\\\/diy-zeroaccess-geoip-plots\\\/#respond\"]}]},{\"@type\":\"WebPage\",\"@id\":\"https:\\\/\\\/rud.is\\\/b\\\/2012\\\/10\\\/05\\\/diy-zeroaccess-geoip-plots\\\/\",\"url\":\"https:\\\/\\\/rud.is\\\/b\\\/2012\\\/10\\\/05\\\/diy-zeroaccess-geoip-plots\\\/\",\"name\":\"DIY ZeroAccess GeoIP Plots - rud.is\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/rud.is\\\/b\\\/#website\"},\"primaryImageOfPage\":{\"@id\":\"https:\\\/\\\/rud.is\\\/b\\\/2012\\\/10\\\/05\\\/diy-zeroaccess-geoip-plots\\\/#primaryimage\"},\"image\":{\"@id\":\"https:\\\/\\\/rud.is\\\/b\\\/2012\\\/10\\\/05\\\/diy-zeroaccess-geoip-plots\\\/#primaryimage\"},\"thumbnailUrl\":\"https:\\\/\\\/rud.is\\\/b\\\/wp-content\\\/uploads\\\/2012\\\/10\\\/usbots-300x177.png\",\"datePublished\":\"2012-10-05T14:48:56+00:00\",\"dateModified\":\"2017-03-27T14:40:50+00:00\",\"breadcrumb\":{\"@id\":\"https:\\\/\\\/rud.is\\\/b\\\/2012\\\/10\\\/05\\\/diy-zeroaccess-geoip-plots\\\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\\\/\\\/rud.is\\\/b\\\/2012\\\/10\\\/05\\\/diy-zeroaccess-geoip-plots\\\/\"]}]},{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/rud.is\\\/b\\\/2012\\\/10\\\/05\\\/diy-zeroaccess-geoip-plots\\\/#primaryimage\",\"url\":\"https:\\\/\\\/i0.wp.com\\\/rud.is\\\/b\\\/wp-content\\\/uploads\\\/2012\\\/10\\\/usbots.png?fit=982%2C582&ssl=1\",\"contentUrl\":\"https:\\\/\\\/i0.wp.com\\\/rud.is\\\/b\\\/wp-content\\\/uploads\\\/2012\\\/10\\\/usbots.png?fit=982%2C582&ssl=1\",\"width\":\"982\",\"height\":\"582\"},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\\\/\\\/rud.is\\\/b\\\/2012\\\/10\\\/05\\\/diy-zeroaccess-geoip-plots\\\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\\\/\\\/rud.is\\\/b\\\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"DIY ZeroAccess GeoIP Plots\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\\\/\\\/rud.is\\\/b\\\/#website\",\"url\":\"https:\\\/\\\/rud.is\\\/b\\\/\",\"name\":\"rud.is\",\"description\":\""In God we trust. All others must bring data"\",\"publisher\":{\"@id\":\"https:\\\/\\\/rud.is\\\/b\\\/#\\\/schema\\\/person\\\/d7cb7487ab0527447f7fda5c423ff886\"},\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\\\/\\\/rud.is\\\/b\\\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"en-US\"},{\"@type\":[\"Person\",\"Organization\"],\"@id\":\"https:\\\/\\\/rud.is\\\/b\\\/#\\\/schema\\\/person\\\/d7cb7487ab0527447f7fda5c423ff886\",\"name\":\"hrbrmstr\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/i0.wp.com\\\/rud.is\\\/b\\\/wp-content\\\/uploads\\\/2023\\\/10\\\/ukr-shield.png?fit=460%2C460&ssl=1\",\"url\":\"https:\\\/\\\/i0.wp.com\\\/rud.is\\\/b\\\/wp-content\\\/uploads\\\/2023\\\/10\\\/ukr-shield.png?fit=460%2C460&ssl=1\",\"contentUrl\":\"https:\\\/\\\/i0.wp.com\\\/rud.is\\\/b\\\/wp-content\\\/uploads\\\/2023\\\/10\\\/ukr-shield.png?fit=460%2C460&ssl=1\",\"width\":460,\"height\":460,\"caption\":\"hrbrmstr\"},\"logo\":{\"@id\":\"https:\\\/\\\/i0.wp.com\\\/rud.is\\\/b\\\/wp-content\\\/uploads\\\/2023\\\/10\\\/ukr-shield.png?fit=460%2C460&ssl=1\"},\"description\":\"Don't look at me\u2026I do what he does \u2014 just slower. #rstats avuncular \u2022 ?Resistance Fighter \u2022 Cook \u2022 Christian \u2022 [Master] Chef des Donn\u00e9es de S\u00e9curit\u00e9 @ @rapid7\",\"sameAs\":[\"http:\\\/\\\/rud.is\"],\"url\":\"https:\\\/\\\/rud.is\\\/b\\\/author\\\/hrbrmstr\\\/\"}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"DIY ZeroAccess GeoIP Plots - rud.is","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/rud.is\/b\/2012\/10\/05\/diy-zeroaccess-geoip-plots\/","og_locale":"en_US","og_type":"article","og_title":"DIY ZeroAccess GeoIP Plots - rud.is","og_description":"Since F-Secure was #spiffy enough to provide us with GeoIP data for mapping the scope of the ZeroAccess botnet, I thought that some aspiring infosec data scientists might want to see how to use something besides Google Maps & Google Earth to view the data. If you look at the CSV file, it’s formatted as […]","og_url":"https:\/\/rud.is\/b\/2012\/10\/05\/diy-zeroaccess-geoip-plots\/","og_site_name":"rud.is","article_published_time":"2012-10-05T14:48:56+00:00","article_modified_time":"2017-03-27T14:40:50+00:00","og_image":[{"url":"https:\/\/rud.is\/b\/wp-content\/uploads\/2012\/10\/usbots-300x177.png","type":"","width":"","height":""}],"author":"hrbrmstr","twitter_card":"summary_large_image","twitter_misc":{"Written by":"hrbrmstr","Est. reading time":"2 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/rud.is\/b\/2012\/10\/05\/diy-zeroaccess-geoip-plots\/#article","isPartOf":{"@id":"https:\/\/rud.is\/b\/2012\/10\/05\/diy-zeroaccess-geoip-plots\/"},"author":{"name":"hrbrmstr","@id":"https:\/\/rud.is\/b\/#\/schema\/person\/d7cb7487ab0527447f7fda5c423ff886"},"headline":"DIY ZeroAccess GeoIP Plots","datePublished":"2012-10-05T14:48:56+00:00","dateModified":"2017-03-27T14:40:50+00:00","mainEntityOfPage":{"@id":"https:\/\/rud.is\/b\/2012\/10\/05\/diy-zeroaccess-geoip-plots\/"},"wordCount":349,"commentCount":4,"publisher":{"@id":"https:\/\/rud.is\/b\/#\/schema\/person\/d7cb7487ab0527447f7fda5c423ff886"},"image":{"@id":"https:\/\/rud.is\/b\/2012\/10\/05\/diy-zeroaccess-geoip-plots\/#primaryimage"},"thumbnailUrl":"https:\/\/rud.is\/b\/wp-content\/uploads\/2012\/10\/usbots-300x177.png","articleSection":["Charts & Graphs","Programming","R"],"inLanguage":"en-US","potentialAction":[{"@type":"CommentAction","name":"Comment","target":["https:\/\/rud.is\/b\/2012\/10\/05\/diy-zeroaccess-geoip-plots\/#respond"]}]},{"@type":"WebPage","@id":"https:\/\/rud.is\/b\/2012\/10\/05\/diy-zeroaccess-geoip-plots\/","url":"https:\/\/rud.is\/b\/2012\/10\/05\/diy-zeroaccess-geoip-plots\/","name":"DIY ZeroAccess GeoIP Plots - rud.is","isPartOf":{"@id":"https:\/\/rud.is\/b\/#website"},"primaryImageOfPage":{"@id":"https:\/\/rud.is\/b\/2012\/10\/05\/diy-zeroaccess-geoip-plots\/#primaryimage"},"image":{"@id":"https:\/\/rud.is\/b\/2012\/10\/05\/diy-zeroaccess-geoip-plots\/#primaryimage"},"thumbnailUrl":"https:\/\/rud.is\/b\/wp-content\/uploads\/2012\/10\/usbots-300x177.png","datePublished":"2012-10-05T14:48:56+00:00","dateModified":"2017-03-27T14:40:50+00:00","breadcrumb":{"@id":"https:\/\/rud.is\/b\/2012\/10\/05\/diy-zeroaccess-geoip-plots\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/rud.is\/b\/2012\/10\/05\/diy-zeroaccess-geoip-plots\/"]}]},{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/rud.is\/b\/2012\/10\/05\/diy-zeroaccess-geoip-plots\/#primaryimage","url":"https:\/\/i0.wp.com\/rud.is\/b\/wp-content\/uploads\/2012\/10\/usbots.png?fit=982%2C582&ssl=1","contentUrl":"https:\/\/i0.wp.com\/rud.is\/b\/wp-content\/uploads\/2012\/10\/usbots.png?fit=982%2C582&ssl=1","width":"982","height":"582"},{"@type":"BreadcrumbList","@id":"https:\/\/rud.is\/b\/2012\/10\/05\/diy-zeroaccess-geoip-plots\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/rud.is\/b\/"},{"@type":"ListItem","position":2,"name":"DIY ZeroAccess GeoIP Plots"}]},{"@type":"WebSite","@id":"https:\/\/rud.is\/b\/#website","url":"https:\/\/rud.is\/b\/","name":"rud.is","description":""In God we trust. All others must bring data"","publisher":{"@id":"https:\/\/rud.is\/b\/#\/schema\/person\/d7cb7487ab0527447f7fda5c423ff886"},"potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/rud.is\/b\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-US"},{"@type":["Person","Organization"],"@id":"https:\/\/rud.is\/b\/#\/schema\/person\/d7cb7487ab0527447f7fda5c423ff886","name":"hrbrmstr","image":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/i0.wp.com\/rud.is\/b\/wp-content\/uploads\/2023\/10\/ukr-shield.png?fit=460%2C460&ssl=1","url":"https:\/\/i0.wp.com\/rud.is\/b\/wp-content\/uploads\/2023\/10\/ukr-shield.png?fit=460%2C460&ssl=1","contentUrl":"https:\/\/i0.wp.com\/rud.is\/b\/wp-content\/uploads\/2023\/10\/ukr-shield.png?fit=460%2C460&ssl=1","width":460,"height":460,"caption":"hrbrmstr"},"logo":{"@id":"https:\/\/i0.wp.com\/rud.is\/b\/wp-content\/uploads\/2023\/10\/ukr-shield.png?fit=460%2C460&ssl=1"},"description":"Don't look at me\u2026I do what he does \u2014 just slower. #rstats avuncular \u2022 ?Resistance Fighter \u2022 Cook \u2022 Christian \u2022 [Master] Chef des Donn\u00e9es de S\u00e9curit\u00e9 @ @rapid7","sameAs":["http:\/\/rud.is"],"url":"https:\/\/rud.is\/b\/author\/hrbrmstr\/"}]}},"jetpack_featured_media_url":"","jetpack_shortlink":"https:\/\/wp.me\/p23idr-pF","jetpack_likes_enabled":true,"jetpack-related-posts":[{"id":1640,"url":"https:\/\/rud.is\/b\/2012\/10\/08\/diy-zeroaccess-geoip-analysis-so-what\/","url_meta":{"origin":1591,"position":0},"title":"DIY ZeroAccess GeoIP Analysis : So What?","author":"hrbrmstr","date":"2012-10-08","format":false,"excerpt":"NOTE: A great deal of this post comes from @jayjacobs as he took a conversation we were having about thoughts on ways to look at the data and just ran like the Flash with it. Did you know that \u2013\u00a0if you're a US citizen \u2013\u00a0you have approximately a 1 in\u2026","rel":"","context":"In "Charts & Graphs"","block_context":{"text":"Charts & Graphs","link":"https:\/\/rud.is\/b\/category\/charts-graphs\/"},"img":{"alt_text":"","src":"","width":0,"height":0},"classes":[]},{"id":1667,"url":"https:\/\/rud.is\/b\/2012\/10\/11\/diy-zeroaccess-analysis-lesson-1-treat-geoip-results-lightly\/","url_meta":{"origin":1591,"position":1},"title":"DIY ZeroAccess Analysis Lesson #1 : Treat GeoIP Results Lightly","author":"hrbrmstr","date":"2012-10-11","format":false,"excerpt":"UPDATE: While the cautionary advice still (IMO) holds true, it turns out that \u2013 once I actually looked at the lat\/lng pair being returned for the anomaly presented below, the weird results come from horrible precision resolution from the initial IP address \u2192 lat\/lng conversion (which isn't the fault of\u2026","rel":"","context":"In "Charts & Graphs"","block_context":{"text":"Charts & Graphs","link":"https:\/\/rud.is\/b\/category\/charts-graphs\/"},"img":{"alt_text":"","src":"","width":0,"height":0},"classes":[]},{"id":1622,"url":"https:\/\/rud.is\/b\/2012\/10\/05\/diy-zeroaccess-geoip-visualizations-back-to-the-basics\/","url_meta":{"origin":1591,"position":2},"title":"DIY ZeroAccess GeoIP Visualizations :: Back To The Basics","author":"hrbrmstr","date":"2012-10-05","format":false,"excerpt":"While shiny visualizations are all well-and-good, sometimes plain ol' charts & graphs can give you the data you're looking for. If we take the one-liner filter from the previous example and use it to just output CSV-formatted summary data: cat ZeroAccessGeoIPs.csv | cut -f1,1 -d\\,| sort | uniq -c |\u2026","rel":"","context":"In "Charts & Graphs"","block_context":{"text":"Charts & Graphs","link":"https:\/\/rud.is\/b\/category\/charts-graphs\/"},"img":{"alt_text":"","src":"","width":0,"height":0},"classes":[]},{"id":1611,"url":"https:\/\/rud.is\/b\/2012\/10\/05\/more-diy-zeroaccess-geoip-fun-jqueryd3-choropleths\/","url_meta":{"origin":1591,"position":3},"title":"More DIY ZeroAccess GeoIP Fun : jQuery\/D3 Choropleths","author":"hrbrmstr","date":"2012-10-05","format":false,"excerpt":"In the spirit of the previous example this one shows you how to do a quick, country-based choropleth in D3\/jQuery with some help from the command-line since not everyone is equipped to kick out some R and most folks I know are very handy at a terminal prompt. I took\u2026","rel":"","context":"In "Charts & Graphs"","block_context":{"text":"Charts & Graphs","link":"https:\/\/rud.is\/b\/category\/charts-graphs\/"},"img":{"alt_text":"","src":"","width":0,"height":0},"classes":[]},{"id":2590,"url":"https:\/\/rud.is\/b\/2013\/08\/21\/zeroaccess-bots-desperately-seeking-freedom-visualization\/","url_meta":{"origin":1591,"position":4},"title":"ZeroAccess Bots Desperately Seeking Freedom (Visualization)","author":"hrbrmstr","date":"2013-08-21","format":false,"excerpt":"I've been doing a bit of graphing (with real, non-honeypot network data) as part of the research for the book I'm writing with @jayjacobs and thought one of the images was worth sharing (especially since it may not make it into the book :-). Click image for larger view This\u2026","rel":"","context":"In "Data Visualization"","block_context":{"text":"Data Visualization","link":"https:\/\/rud.is\/b\/category\/data-visualization\/"},"img":{"alt_text":"","src":"","width":0,"height":0},"classes":[]},{"id":11859,"url":"https:\/\/rud.is\/b\/2019\/02\/03\/r-package-update-urlscan\/","url_meta":{"origin":1591,"position":5},"title":"R Package Update: urlscan","author":"hrbrmstr","date":"2019-02-03","format":false,"excerpt":"The urlscan? package (an interface to the urlscan.io API) is now at version 0.2.0 and supports urlscan.io's authentication requirement when submitting a link for analysis. The service is handy if you want to learn about the details \u2014 all the gory technical details \u2014 for a website. For instance, say\u2026","rel":"","context":"In "R"","block_context":{"text":"R","link":"https:\/\/rud.is\/b\/category\/r\/"},"img":{"alt_text":"","src":"","width":0,"height":0},"classes":[]}],"jetpack_sharing_enabled":true,"_links":{"self":[{"href":"https:\/\/rud.is\/b\/wp-json\/wp\/v2\/posts\/1591","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/rud.is\/b\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/rud.is\/b\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/rud.is\/b\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/rud.is\/b\/wp-json\/wp\/v2\/comments?post=1591"}],"version-history":[{"count":0,"href":"https:\/\/rud.is\/b\/wp-json\/wp\/v2\/posts\/1591\/revisions"}],"wp:attachment":[{"href":"https:\/\/rud.is\/b\/wp-json\/wp\/v2\/media?parent=1591"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/rud.is\/b\/wp-json\/wp\/v2\/categories?post=1591"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/rud.is\/b\/wp-json\/wp\/v2\/tags?post=1591"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}