I'm looking at creating a report that extracts suspicious TLDS over a period of time such as, as past six hours, or past twelve hours etc. Some of the TLD that I want to look at would be .ru, .ua or double like .rr.nu or cz.cc.
I'm looking for a good way to extract the TLD from the URL and display that in a chart. I've seen a few regex's floating around but haven't had much luck modifying them into what I want to do.
Thanks in advance