{"id":1667,"date":"2012-10-11T14:51:40","date_gmt":"2012-10-11T19:51:40","guid":{"rendered":"http:\/\/rud.is\/b\/?p=1667"},"modified":"2012-10-16T13:50:52","modified_gmt":"2012-10-16T18:50:52","slug":"diy-zeroaccess-analysis-lesson-1-treat-geoip-results-lightly","status":"publish","type":"post","link":"https:\/\/rud.is\/b\/2012\/10\/11\/diy-zeroaccess-analysis-lesson-1-treat-geoip-results-lightly\/","title":{"rendered":"DIY ZeroAccess Analysis Lesson #1 : Treat GeoIP Results Lightly"},"content":{"rendered":"

UPDATE<\/b>: While the cautionary advice still (IMO) holds true, it turns out that \u2013 once I actually looked at the lat\/lng pair being returned for the anomaly presented below, the weird results come from horrible precision resolution from the initial IP address → lat\/lng conversion (which isn’t the fault of @fslabs, but of the service they used). It’s hard to get a ZIP code right\/more precise when you only have integer resolution (38.0,-97.0<\/code>).<\/i><\/p><\/blockquote>\n

We’re still crunching through some of the ZeroAccess data and have some (hopefully) interesting results to present, but an weirld GeoIP anomaly has come up that I wanted to quickly share.<\/p>\n

To get some more granular data, I’m using the GeoNames<\/a> API to get the latitude\/longitude pairs down to various US-level ZIP codes to facilitate additional analysis. During this exercise (which hasn’t finished as of this blog post due to needing to pace the API calls), it has become quite noticeable that GeoIP-coding definitely has flaws. Take, for example, Potwin, KS:<\/p>\n

\"\"<\/center><\/p>\n

This cozy little town (population ~450) has the largest collection of bots, so far : 800. Yes, 800 bots (computers) in a 128 acre town of 450 people.<\/strong> (#unlikely<\/code>)<\/p>\n

Either there’s some weirdness in the way @fslabs is tracking the bots (which is possible since we only have a lat\/long file with no other context\/data to look at) or we need to treat GeoIP results very lightly \u2013\u00a0or at least do some post-processing validation \u2013 since I suspect a decent portion of the 800 bots are actually in neighbor to the southwest:<\/p>\n

\"\"<\/center><\/p>\n

I know GeoIP translation is not an exact science and is dependent upon a whole host of factors, but this one was just pretty humorous. It has caused me to slightly question the @fslabs data a bit<\/i>, but I’m comfortable assuming they did sufficient due diligence before crafting an IP address list to geocode.<\/p>\n

In case you’re wondering what the other “Top US Bots” are (with 7K more to crunch):<\/p>\n

\"\"<\/center><\/p>\n","protected":false},"excerpt":{"rendered":"

UPDATE: While the cautionary advice still (IMO) holds true, it turns out that \u2013 once I actually looked at the lat\/lng pair being returned for the anomaly presented below, the weird results come from horrible precision resolution from the initial IP address → lat\/lng conversion (which isn’t the fault of @fslabs, but of the service […]<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"jetpack_post_was_ever_published":false,"_jetpack_newsletter_access":"","_jetpack_dont_email_post_to_subs":false,"_jetpack_newsletter_tier_id":0,"_jetpack_memberships_contains_paywalled_content":false,"_jetpack_memberships_contains_paid_content":false,"activitypub_content_warning":"","activitypub_content_visibility":"","activitypub_max_image_attachments":3,"activitypub_interaction_policy_quote":"anyone","activitypub_status":"","footnotes":""},"categories":[24,3],"tags":[],"class_list":["post-1667","post","type-post","status-publish","format-standard","hentry","category-charts-graphs","category-information-security"],"yoast_head":"\nDIY ZeroAccess Analysis Lesson #1 : Treat GeoIP Results Lightly - rud.is<\/title>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/rud.is\/b\/2012\/10\/11\/diy-zeroaccess-analysis-lesson-1-treat-geoip-results-lightly\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"DIY ZeroAccess Analysis Lesson #1 : Treat GeoIP Results Lightly - rud.is\" \/>\n<meta property=\"og:description\" content=\"UPDATE: While the cautionary advice still (IMO) holds true, it turns out that \u2013 once I actually looked at the lat\/lng pair being returned for the anomaly presented below, the weird results come from horrible precision resolution from the initial IP address → lat\/lng conversion (which isn’t the fault of @fslabs, but of the service […]\" \/>\n<meta property=\"og:url\" content=\"https:\/\/rud.is\/b\/2012\/10\/11\/diy-zeroaccess-analysis-lesson-1-treat-geoip-results-lightly\/\" \/>\n<meta property=\"og:site_name\" content=\"rud.is\" \/>\n<meta property=\"article:published_time\" content=\"2012-10-11T19:51:40+00:00\" \/>\n<meta property=\"article:modified_time\" content=\"2012-10-16T18:50:52+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/rud.is\/b\/wp-content\/uploads\/2012\/10\/potwin.gif\" \/>\n<meta name=\"author\" content=\"hrbrmstr\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"hrbrmstr\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"2 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\/\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\/\/rud.is\/b\/2012\/10\/11\/diy-zeroaccess-analysis-lesson-1-treat-geoip-results-lightly\/#article\",\"isPartOf\":{\"@id\":\"https:\/\/rud.is\/b\/2012\/10\/11\/diy-zeroaccess-analysis-lesson-1-treat-geoip-results-lightly\/\"},\"author\":{\"name\":\"hrbrmstr\",\"@id\":\"https:\/\/rud.is\/b\/#\/schema\/person\/d7cb7487ab0527447f7fda5c423ff886\"},\"headline\":\"DIY ZeroAccess Analysis Lesson #1 : Treat GeoIP Results Lightly\",\"datePublished\":\"2012-10-11T19:51:40+00:00\",\"dateModified\":\"2012-10-16T18:50:52+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\/\/rud.is\/b\/2012\/10\/11\/diy-zeroaccess-analysis-lesson-1-treat-geoip-results-lightly\/\"},\"wordCount\":337,\"commentCount\":0,\"publisher\":{\"@id\":\"https:\/\/rud.is\/b\/#\/schema\/person\/d7cb7487ab0527447f7fda5c423ff886\"},\"image\":{\"@id\":\"https:\/\/rud.is\/b\/2012\/10\/11\/diy-zeroaccess-analysis-lesson-1-treat-geoip-results-lightly\/#primaryimage\"},\"thumbnailUrl\":\"https:\/\/rud.is\/b\/wp-content\/uploads\/2012\/10\/potwin.gif\",\"articleSection\":[\"Charts & Graphs\",\"Information Security\"],\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"CommentAction\",\"name\":\"Comment\",\"target\":[\"https:\/\/rud.is\/b\/2012\/10\/11\/diy-zeroaccess-analysis-lesson-1-treat-geoip-results-lightly\/#respond\"]}]},{\"@type\":\"WebPage\",\"@id\":\"https:\/\/rud.is\/b\/2012\/10\/11\/diy-zeroaccess-analysis-lesson-1-treat-geoip-results-lightly\/\",\"url\":\"https:\/\/rud.is\/b\/2012\/10\/11\/diy-zeroaccess-analysis-lesson-1-treat-geoip-results-lightly\/\",\"name\":\"DIY ZeroAccess Analysis Lesson #1 : Treat GeoIP Results Lightly - rud.is\",\"isPartOf\":{\"@id\":\"https:\/\/rud.is\/b\/#website\"},\"primaryImageOfPage\":{\"@id\":\"https:\/\/rud.is\/b\/2012\/10\/11\/diy-zeroaccess-analysis-lesson-1-treat-geoip-results-lightly\/#primaryimage\"},\"image\":{\"@id\":\"https:\/\/rud.is\/b\/2012\/10\/11\/diy-zeroaccess-analysis-lesson-1-treat-geoip-results-lightly\/#primaryimage\"},\"thumbnailUrl\":\"https:\/\/rud.is\/b\/wp-content\/uploads\/2012\/10\/potwin.gif\",\"datePublished\":\"2012-10-11T19:51:40+00:00\",\"dateModified\":\"2012-10-16T18:50:52+00:00\",\"breadcrumb\":{\"@id\":\"https:\/\/rud.is\/b\/2012\/10\/11\/diy-zeroaccess-analysis-lesson-1-treat-geoip-results-lightly\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\/\/rud.is\/b\/2012\/10\/11\/diy-zeroaccess-analysis-lesson-1-treat-geoip-results-lightly\/\"]}]},{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/rud.is\/b\/2012\/10\/11\/diy-zeroaccess-analysis-lesson-1-treat-geoip-results-lightly\/#primaryimage\",\"url\":\"https:\/\/i0.wp.com\/rud.is\/b\/wp-content\/uploads\/2012\/10\/potwin.gif?fit=424%2C320&ssl=1\",\"contentUrl\":\"https:\/\/i0.wp.com\/rud.is\/b\/wp-content\/uploads\/2012\/10\/potwin.gif?fit=424%2C320&ssl=1\",\"width\":\"424\",\"height\":\"320\"},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\/\/rud.is\/b\/2012\/10\/11\/diy-zeroaccess-analysis-lesson-1-treat-geoip-results-lightly\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\/\/rud.is\/b\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"DIY ZeroAccess Analysis Lesson #1 : Treat GeoIP Results Lightly\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\/\/rud.is\/b\/#website\",\"url\":\"https:\/\/rud.is\/b\/\",\"name\":\"rud.is\",\"description\":\""In God we trust. All others must bring data"\",\"publisher\":{\"@id\":\"https:\/\/rud.is\/b\/#\/schema\/person\/d7cb7487ab0527447f7fda5c423ff886\"},\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\/\/rud.is\/b\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"en-US\"},{\"@type\":[\"Person\",\"Organization\"],\"@id\":\"https:\/\/rud.is\/b\/#\/schema\/person\/d7cb7487ab0527447f7fda5c423ff886\",\"name\":\"hrbrmstr\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/i0.wp.com\/rud.is\/b\/wp-content\/uploads\/2023\/10\/ukr-shield.png?fit=460%2C460&ssl=1\",\"url\":\"https:\/\/i0.wp.com\/rud.is\/b\/wp-content\/uploads\/2023\/10\/ukr-shield.png?fit=460%2C460&ssl=1\",\"contentUrl\":\"https:\/\/i0.wp.com\/rud.is\/b\/wp-content\/uploads\/2023\/10\/ukr-shield.png?fit=460%2C460&ssl=1\",\"width\":460,\"height\":460,\"caption\":\"hrbrmstr\"},\"logo\":{\"@id\":\"https:\/\/i0.wp.com\/rud.is\/b\/wp-content\/uploads\/2023\/10\/ukr-shield.png?fit=460%2C460&ssl=1\"},\"description\":\"Don't look at me\u2026I do what he does \u2014 just slower. #rstats avuncular \u2022 ?Resistance Fighter \u2022 Cook \u2022 Christian \u2022 [Master] Chef des Donn\u00e9es de S\u00e9curit\u00e9 @ @rapid7\",\"sameAs\":[\"http:\/\/rud.is\"],\"url\":\"https:\/\/rud.is\/b\/author\/hrbrmstr\/\"}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"DIY ZeroAccess Analysis Lesson #1 : Treat GeoIP Results Lightly - rud.is","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/rud.is\/b\/2012\/10\/11\/diy-zeroaccess-analysis-lesson-1-treat-geoip-results-lightly\/","og_locale":"en_US","og_type":"article","og_title":"DIY ZeroAccess Analysis Lesson #1 : Treat GeoIP Results Lightly - rud.is","og_description":"UPDATE: While the cautionary advice still (IMO) holds true, it turns out that \u2013 once I actually looked at the lat\/lng pair being returned for the anomaly presented below, the weird results come from horrible precision resolution from the initial IP address → lat\/lng conversion (which isn’t the fault of @fslabs, but of the service […]","og_url":"https:\/\/rud.is\/b\/2012\/10\/11\/diy-zeroaccess-analysis-lesson-1-treat-geoip-results-lightly\/","og_site_name":"rud.is","article_published_time":"2012-10-11T19:51:40+00:00","article_modified_time":"2012-10-16T18:50:52+00:00","og_image":[{"url":"https:\/\/rud.is\/b\/wp-content\/uploads\/2012\/10\/potwin.gif","type":"","width":"","height":""}],"author":"hrbrmstr","twitter_card":"summary_large_image","twitter_misc":{"Written by":"hrbrmstr","Est. reading time":"2 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/rud.is\/b\/2012\/10\/11\/diy-zeroaccess-analysis-lesson-1-treat-geoip-results-lightly\/#article","isPartOf":{"@id":"https:\/\/rud.is\/b\/2012\/10\/11\/diy-zeroaccess-analysis-lesson-1-treat-geoip-results-lightly\/"},"author":{"name":"hrbrmstr","@id":"https:\/\/rud.is\/b\/#\/schema\/person\/d7cb7487ab0527447f7fda5c423ff886"},"headline":"DIY ZeroAccess Analysis Lesson #1 : Treat GeoIP Results Lightly","datePublished":"2012-10-11T19:51:40+00:00","dateModified":"2012-10-16T18:50:52+00:00","mainEntityOfPage":{"@id":"https:\/\/rud.is\/b\/2012\/10\/11\/diy-zeroaccess-analysis-lesson-1-treat-geoip-results-lightly\/"},"wordCount":337,"commentCount":0,"publisher":{"@id":"https:\/\/rud.is\/b\/#\/schema\/person\/d7cb7487ab0527447f7fda5c423ff886"},"image":{"@id":"https:\/\/rud.is\/b\/2012\/10\/11\/diy-zeroaccess-analysis-lesson-1-treat-geoip-results-lightly\/#primaryimage"},"thumbnailUrl":"https:\/\/rud.is\/b\/wp-content\/uploads\/2012\/10\/potwin.gif","articleSection":["Charts & Graphs","Information Security"],"inLanguage":"en-US","potentialAction":[{"@type":"CommentAction","name":"Comment","target":["https:\/\/rud.is\/b\/2012\/10\/11\/diy-zeroaccess-analysis-lesson-1-treat-geoip-results-lightly\/#respond"]}]},{"@type":"WebPage","@id":"https:\/\/rud.is\/b\/2012\/10\/11\/diy-zeroaccess-analysis-lesson-1-treat-geoip-results-lightly\/","url":"https:\/\/rud.is\/b\/2012\/10\/11\/diy-zeroaccess-analysis-lesson-1-treat-geoip-results-lightly\/","name":"DIY ZeroAccess Analysis Lesson #1 : Treat GeoIP Results Lightly - rud.is","isPartOf":{"@id":"https:\/\/rud.is\/b\/#website"},"primaryImageOfPage":{"@id":"https:\/\/rud.is\/b\/2012\/10\/11\/diy-zeroaccess-analysis-lesson-1-treat-geoip-results-lightly\/#primaryimage"},"image":{"@id":"https:\/\/rud.is\/b\/2012\/10\/11\/diy-zeroaccess-analysis-lesson-1-treat-geoip-results-lightly\/#primaryimage"},"thumbnailUrl":"https:\/\/rud.is\/b\/wp-content\/uploads\/2012\/10\/potwin.gif","datePublished":"2012-10-11T19:51:40+00:00","dateModified":"2012-10-16T18:50:52+00:00","breadcrumb":{"@id":"https:\/\/rud.is\/b\/2012\/10\/11\/diy-zeroaccess-analysis-lesson-1-treat-geoip-results-lightly\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/rud.is\/b\/2012\/10\/11\/diy-zeroaccess-analysis-lesson-1-treat-geoip-results-lightly\/"]}]},{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/rud.is\/b\/2012\/10\/11\/diy-zeroaccess-analysis-lesson-1-treat-geoip-results-lightly\/#primaryimage","url":"https:\/\/i0.wp.com\/rud.is\/b\/wp-content\/uploads\/2012\/10\/potwin.gif?fit=424%2C320&ssl=1","contentUrl":"https:\/\/i0.wp.com\/rud.is\/b\/wp-content\/uploads\/2012\/10\/potwin.gif?fit=424%2C320&ssl=1","width":"424","height":"320"},{"@type":"BreadcrumbList","@id":"https:\/\/rud.is\/b\/2012\/10\/11\/diy-zeroaccess-analysis-lesson-1-treat-geoip-results-lightly\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/rud.is\/b\/"},{"@type":"ListItem","position":2,"name":"DIY ZeroAccess Analysis Lesson #1 : Treat GeoIP Results Lightly"}]},{"@type":"WebSite","@id":"https:\/\/rud.is\/b\/#website","url":"https:\/\/rud.is\/b\/","name":"rud.is","description":""In God we trust. All others must bring data"","publisher":{"@id":"https:\/\/rud.is\/b\/#\/schema\/person\/d7cb7487ab0527447f7fda5c423ff886"},"potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/rud.is\/b\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-US"},{"@type":["Person","Organization"],"@id":"https:\/\/rud.is\/b\/#\/schema\/person\/d7cb7487ab0527447f7fda5c423ff886","name":"hrbrmstr","image":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/i0.wp.com\/rud.is\/b\/wp-content\/uploads\/2023\/10\/ukr-shield.png?fit=460%2C460&ssl=1","url":"https:\/\/i0.wp.com\/rud.is\/b\/wp-content\/uploads\/2023\/10\/ukr-shield.png?fit=460%2C460&ssl=1","contentUrl":"https:\/\/i0.wp.com\/rud.is\/b\/wp-content\/uploads\/2023\/10\/ukr-shield.png?fit=460%2C460&ssl=1","width":460,"height":460,"caption":"hrbrmstr"},"logo":{"@id":"https:\/\/i0.wp.com\/rud.is\/b\/wp-content\/uploads\/2023\/10\/ukr-shield.png?fit=460%2C460&ssl=1"},"description":"Don't look at me\u2026I do what he does \u2014 just slower. #rstats avuncular \u2022 ?Resistance Fighter \u2022 Cook \u2022 Christian \u2022 [Master] Chef des Donn\u00e9es de S\u00e9curit\u00e9 @ @rapid7","sameAs":["http:\/\/rud.is"],"url":"https:\/\/rud.is\/b\/author\/hrbrmstr\/"}]}},"jetpack_featured_media_url":"","jetpack_shortlink":"https:\/\/wp.me\/p23idr-qT","jetpack_likes_enabled":true,"jetpack-related-posts":[{"id":1640,"url":"https:\/\/rud.is\/b\/2012\/10\/08\/diy-zeroaccess-geoip-analysis-so-what\/","url_meta":{"origin":1667,"position":0},"title":"DIY ZeroAccess GeoIP Analysis : So What?","author":"hrbrmstr","date":"2012-10-08","format":false,"excerpt":"NOTE: A great deal of this post comes from @jayjacobs as he took a conversation we were having about thoughts on ways to look at the data and just ran like the Flash with it. Did you know that \u2013\u00a0if you're a US citizen \u2013\u00a0you have approximately a 1 in\u2026","rel":"","context":"In "Charts & Graphs"","block_context":{"text":"Charts & Graphs","link":"https:\/\/rud.is\/b\/category\/charts-graphs\/"},"img":{"alt_text":"","src":"","width":0,"height":0},"classes":[]},{"id":1591,"url":"https:\/\/rud.is\/b\/2012\/10\/05\/diy-zeroaccess-geoip-plots\/","url_meta":{"origin":1667,"position":1},"title":"DIY ZeroAccess GeoIP Plots","author":"hrbrmstr","date":"2012-10-05","format":false,"excerpt":"Since F-Secure was #spiffy enough to provide us with GeoIP data for mapping the scope of the ZeroAccess botnet, I thought that some aspiring infosec data scientists might want to see how to use something besides Google Maps & Google Earth to view the data. If you look at the\u2026","rel":"","context":"In "Charts & Graphs"","block_context":{"text":"Charts & Graphs","link":"https:\/\/rud.is\/b\/category\/charts-graphs\/"},"img":{"alt_text":"","src":"","width":0,"height":0},"classes":[]},{"id":1622,"url":"https:\/\/rud.is\/b\/2012\/10\/05\/diy-zeroaccess-geoip-visualizations-back-to-the-basics\/","url_meta":{"origin":1667,"position":2},"title":"DIY ZeroAccess GeoIP Visualizations :: Back To The Basics","author":"hrbrmstr","date":"2012-10-05","format":false,"excerpt":"While shiny visualizations are all well-and-good, sometimes plain ol' charts & graphs can give you the data you're looking for. If we take the one-liner filter from the previous example and use it to just output CSV-formatted summary data: cat ZeroAccessGeoIPs.csv | cut -f1,1 -d\\,| sort | uniq -c |\u2026","rel":"","context":"In "Charts & Graphs"","block_context":{"text":"Charts & Graphs","link":"https:\/\/rud.is\/b\/category\/charts-graphs\/"},"img":{"alt_text":"","src":"","width":0,"height":0},"classes":[]},{"id":1611,"url":"https:\/\/rud.is\/b\/2012\/10\/05\/more-diy-zeroaccess-geoip-fun-jqueryd3-choropleths\/","url_meta":{"origin":1667,"position":3},"title":"More DIY ZeroAccess GeoIP Fun : jQuery\/D3 Choropleths","author":"hrbrmstr","date":"2012-10-05","format":false,"excerpt":"In the spirit of the previous example this one shows you how to do a quick, country-based choropleth in D3\/jQuery with some help from the command-line since not everyone is equipped to kick out some R and most folks I know are very handy at a terminal prompt. I took\u2026","rel":"","context":"In "Charts & Graphs"","block_context":{"text":"Charts & Graphs","link":"https:\/\/rud.is\/b\/category\/charts-graphs\/"},"img":{"alt_text":"","src":"","width":0,"height":0},"classes":[]},{"id":2590,"url":"https:\/\/rud.is\/b\/2013\/08\/21\/zeroaccess-bots-desperately-seeking-freedom-visualization\/","url_meta":{"origin":1667,"position":4},"title":"ZeroAccess Bots Desperately Seeking Freedom (Visualization)","author":"hrbrmstr","date":"2013-08-21","format":false,"excerpt":"I've been doing a bit of graphing (with real, non-honeypot network data) as part of the research for the book I'm writing with @jayjacobs and thought one of the images was worth sharing (especially since it may not make it into the book :-). Click image for larger view This\u2026","rel":"","context":"In "Data Visualization"","block_context":{"text":"Data Visualization","link":"https:\/\/rud.is\/b\/category\/data-visualization\/"},"img":{"alt_text":"","src":"","width":0,"height":0},"classes":[]},{"id":11859,"url":"https:\/\/rud.is\/b\/2019\/02\/03\/r-package-update-urlscan\/","url_meta":{"origin":1667,"position":5},"title":"R Package Update: urlscan","author":"hrbrmstr","date":"2019-02-03","format":false,"excerpt":"The urlscan? package (an interface to the urlscan.io API) is now at version 0.2.0 and supports urlscan.io's authentication requirement when submitting a link for analysis. The service is handy if you want to learn about the details \u2014 all the gory technical details \u2014 for a website. For instance, say\u2026","rel":"","context":"In "R"","block_context":{"text":"R","link":"https:\/\/rud.is\/b\/category\/r\/"},"img":{"alt_text":"","src":"","width":0,"height":0},"classes":[]}],"jetpack_sharing_enabled":true,"_links":{"self":[{"href":"https:\/\/rud.is\/b\/wp-json\/wp\/v2\/posts\/1667","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/rud.is\/b\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/rud.is\/b\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/rud.is\/b\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/rud.is\/b\/wp-json\/wp\/v2\/comments?post=1667"}],"version-history":[{"count":0,"href":"https:\/\/rud.is\/b\/wp-json\/wp\/v2\/posts\/1667\/revisions"}],"wp:attachment":[{"href":"https:\/\/rud.is\/b\/wp-json\/wp\/v2\/media?parent=1667"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/rud.is\/b\/wp-json\/wp\/v2\/categories?post=1667"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/rud.is\/b\/wp-json\/wp\/v2\/tags?post=1667"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}