Linux Analysis Report
SecuriteInfo.com.Linux.Siggen.9999.28931.8128.elf

Overview

General Information

Sample name: SecuriteInfo.com.Linux.Siggen.9999.28931.8128.elf
Analysis ID: 1522420
MD5: f24331c8ebabf48376ee40cc26d68909
SHA1: 93ccb70d4e31d45b5d87dddb118d3bf1193b8273
SHA256: 1a288f4eb69aa5f3c685598a44ad36a6d0d476884541994e38a8df2db1210298
Tags: elf
Infos:

Detection

Mirai
Score: 76
Range: 0 - 100
Whitelisted: false

Signatures

Antivirus / Scanner detection for submitted sample
Malicious sample detected (through community Yara rule)
Multi AV Scanner detection for submitted file
Yara detected Mirai
Sample is packed with UPX
Detected TCP or UDP traffic on non-standard ports
ELF contains segments with high entropy indicating compressed/encrypted content
Executes the "rm" command used to delete files or directories
Sample contains only a LOAD segment without any section mappings
Sample listens on a socket
Tries to connect to HTTP servers, but all servers are down (expired dropper behavior)
Uses the "uname" system call to query kernel version information (possible evasion)
Yara signature match

Classification

Name Description Attribution Blogpost URLs Link
Mirai Mirai is one of the first significant botnets targeting exposed networking devices running Linux. Found in August 2016 by MalwareMustDie, its name means "future" in Japanese. Nowadays it targets a wide range of networked embedded devices such as IP cameras, home routers (many vendors involved), and other IoT devices. Since the source code was published on "Hack Forums" many variants of the Mirai family appeared, infecting mostly home networks all around the world. No Attribution https://malpedia.caad.fkie.fraunhofer.de/details/elf.mirai

AV Detection
barindex
Antivirus / Scanner detection for submitted sample
Source: SecuriteInfo.com.Linux.Siggen.9999.28931.8128.elf Avira: detected
Multi AV Scanner detection for submitted file
Source: SecuriteInfo.com.Linux.Siggen.9999.28931.8128.elf ReversingLabs: Detection: 44%
Detected TCP or UDP traffic on non-standard ports
Source: global traffic TCP traffic: 192.168.2.23:33996 -> 91.92.242.153:3778
Sample listens on a socket
Source: /tmp/SecuriteInfo.com.Linux.Siggen.9999.28931.8128.elf (PID: 6262) Socket: 127.0.0.1:16384 Jump to behavior
Tries to connect to HTTP servers, but all servers are down (expired dropper behavior)
Source: global traffic TCP traffic: 192.168.2.23:43928 -> 91.189.91.42:443
Source: global traffic TCP traffic: 192.168.2.23:42836 -> 91.189.91.43:443
Source: global traffic TCP traffic: 192.168.2.23:42516 -> 109.202.202.202:80
Source: unknown TCP traffic detected without corresponding DNS query: 91.92.242.153
Source: unknown TCP traffic detected without corresponding DNS query: 91.92.242.153
Source: unknown TCP traffic detected without corresponding DNS query: 62.234.150.12
Source: unknown TCP traffic detected without corresponding DNS query: 172.34.63.12
Source: unknown TCP traffic detected without corresponding DNS query: 93.74.121.170
Source: unknown TCP traffic detected without corresponding DNS query: 120.143.251.250
Source: unknown TCP traffic detected without corresponding DNS query: 157.157.227.116
Source: unknown TCP traffic detected without corresponding DNS query: 168.177.242.144
Source: unknown TCP traffic detected without corresponding DNS query: 95.252.255.44
Source: unknown TCP traffic detected without corresponding DNS query: 2.67.98.60
Source: unknown TCP traffic detected without corresponding DNS query: 203.107.233.201
Source: unknown TCP traffic detected without corresponding DNS query: 174.67.37.89
Source: unknown TCP traffic detected without corresponding DNS query: 121.13.164.157
Source: unknown TCP traffic detected without corresponding DNS query: 81.224.250.152
Source: unknown TCP traffic detected without corresponding DNS query: 43.157.132.188
Source: unknown TCP traffic detected without corresponding DNS query: 85.76.11.132
Source: unknown TCP traffic detected without corresponding DNS query: 206.66.48.136
Source: unknown TCP traffic detected without corresponding DNS query: 47.185.204.182
Source: unknown TCP traffic detected without corresponding DNS query: 167.111.158.118
Source: unknown TCP traffic detected without corresponding DNS query: 114.162.215.79
Source: unknown TCP traffic detected without corresponding DNS query: 152.240.101.20
Source: unknown TCP traffic detected without corresponding DNS query: 2.86.3.179
Source: unknown TCP traffic detected without corresponding DNS query: 42.125.112.217
Source: unknown TCP traffic detected without corresponding DNS query: 39.191.115.50
Source: unknown TCP traffic detected without corresponding DNS query: 69.66.92.22
Source: unknown TCP traffic detected without corresponding DNS query: 198.181.84.13
Source: unknown TCP traffic detected without corresponding DNS query: 31.213.186.126
Source: unknown TCP traffic detected without corresponding DNS query: 251.49.1.110
Source: unknown TCP traffic detected without corresponding DNS query: 14.155.166.53
Source: unknown TCP traffic detected without corresponding DNS query: 40.99.180.69
Source: unknown TCP traffic detected without corresponding DNS query: 158.219.104.147
Source: unknown TCP traffic detected without corresponding DNS query: 182.82.148.234
Source: unknown TCP traffic detected without corresponding DNS query: 19.233.96.80
Source: unknown TCP traffic detected without corresponding DNS query: 198.109.176.162
Source: unknown TCP traffic detected without corresponding DNS query: 82.8.208.165
Source: unknown TCP traffic detected without corresponding DNS query: 183.39.16.124
Source: unknown TCP traffic detected without corresponding DNS query: 5.197.91.15
Source: unknown TCP traffic detected without corresponding DNS query: 107.73.61.119
Source: unknown TCP traffic detected without corresponding DNS query: 213.60.107.234
Source: unknown TCP traffic detected without corresponding DNS query: 23.16.3.55
Source: unknown TCP traffic detected without corresponding DNS query: 69.97.168.242
Source: unknown TCP traffic detected without corresponding DNS query: 95.91.157.156
Source: unknown TCP traffic detected without corresponding DNS query: 18.35.133.85
Source: unknown TCP traffic detected without corresponding DNS query: 63.135.22.115
Source: unknown TCP traffic detected without corresponding DNS query: 18.74.233.28
Source: unknown TCP traffic detected without corresponding DNS query: 126.157.241.198
Source: unknown TCP traffic detected without corresponding DNS query: 157.15.255.56
Source: unknown TCP traffic detected without corresponding DNS query: 113.78.175.201
Source: unknown TCP traffic detected without corresponding DNS query: 157.63.17.96
Source: unknown TCP traffic detected without corresponding DNS query: 40.124.46.141
Source: SecuriteInfo.com.Linux.Siggen.9999.28931.8128.elf String found in binary or memory: http://upx.sf.net
Source: unknown Network traffic detected: HTTP traffic on port 43928 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 42836 -> 443

System Summary
barindex
Malicious sample detected (through community Yara rule)
Source: 6260.1.00007f3560400000.00007f3560411000.r-x.sdmp, type: MEMORY Matched rule: Linux_Trojan_Gafgyt_28a2fe0c Author: unknown
Source: 6260.1.00007f3560400000.00007f3560411000.r-x.sdmp, type: MEMORY Matched rule: Linux_Trojan_Gafgyt_ea92cca8 Author: unknown
Source: 6264.1.00007f3560400000.00007f3560411000.r-x.sdmp, type: MEMORY Matched rule: Linux_Trojan_Gafgyt_28a2fe0c Author: unknown
Source: 6264.1.00007f3560400000.00007f3560411000.r-x.sdmp, type: MEMORY Matched rule: Linux_Trojan_Gafgyt_ea92cca8 Author: unknown
Source: Process Memory Space: SecuriteInfo.com.Linux.Siggen.9999.28931.8128.elf PID: 6260, type: MEMORYSTR Matched rule: Linux_Trojan_Gafgyt_28a2fe0c Author: unknown
Source: Process Memory Space: SecuriteInfo.com.Linux.Siggen.9999.28931.8128.elf PID: 6260, type: MEMORYSTR Matched rule: Linux_Trojan_Gafgyt_ea92cca8 Author: unknown
Sample contains only a LOAD segment without any section mappings
Source: LOAD without section mappings Program segment: 0x100000
Yara signature match
Source: 6260.1.00007f3560400000.00007f3560411000.r-x.sdmp, type: MEMORY Matched rule: Linux_Trojan_Gafgyt_28a2fe0c os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = a2c6beaec18ca876e8487c11bcc7a29279669588aacb7d3027d8d8df8f5bcead, id = 28a2fe0c-eed5-4c79-81e6-3b11b73a4ebd, last_modified = 2021-09-16
Source: 6260.1.00007f3560400000.00007f3560411000.r-x.sdmp, type: MEMORY Matched rule: Linux_Trojan_Gafgyt_ea92cca8 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = aa4aee9f3d6bedd8234eaf8778895a0f5d71c42b21f2a428f01f121e85704e8e, id = ea92cca8-bba7-4a1c-9b88-a2d051ad0021, last_modified = 2021-09-16
Source: 6264.1.00007f3560400000.00007f3560411000.r-x.sdmp, type: MEMORY Matched rule: Linux_Trojan_Gafgyt_28a2fe0c os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = a2c6beaec18ca876e8487c11bcc7a29279669588aacb7d3027d8d8df8f5bcead, id = 28a2fe0c-eed5-4c79-81e6-3b11b73a4ebd, last_modified = 2021-09-16
Source: 6264.1.00007f3560400000.00007f3560411000.r-x.sdmp, type: MEMORY Matched rule: Linux_Trojan_Gafgyt_ea92cca8 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = aa4aee9f3d6bedd8234eaf8778895a0f5d71c42b21f2a428f01f121e85704e8e, id = ea92cca8-bba7-4a1c-9b88-a2d051ad0021, last_modified = 2021-09-16
Source: Process Memory Space: SecuriteInfo.com.Linux.Siggen.9999.28931.8128.elf PID: 6260, type: MEMORYSTR Matched rule: Linux_Trojan_Gafgyt_28a2fe0c os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = a2c6beaec18ca876e8487c11bcc7a29279669588aacb7d3027d8d8df8f5bcead, id = 28a2fe0c-eed5-4c79-81e6-3b11b73a4ebd, last_modified = 2021-09-16
Source: Process Memory Space: SecuriteInfo.com.Linux.Siggen.9999.28931.8128.elf PID: 6260, type: MEMORYSTR Matched rule: Linux_Trojan_Gafgyt_ea92cca8 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = aa4aee9f3d6bedd8234eaf8778895a0f5d71c42b21f2a428f01f121e85704e8e, id = ea92cca8-bba7-4a1c-9b88-a2d051ad0021, last_modified = 2021-09-16
Source: classification engine Classification label: mal76.troj.evad.linELF@0/0@0/0

Data Obfuscation
barindex
Sample is packed with UPX
Source: initial sample String containing UPX found: $Info: This file is packed with the UPX executable packer http://upx.sf.net $
Source: initial sample String containing UPX found: $Info: This file is packed with the UPX executable packer http://upx.sf.net $
Source: initial sample String containing UPX found: $Id: UPX 3.94 Copyright (C) 1996-2017 the UPX Team. All Rights Reserved. $
Executes the "rm" command used to delete files or directories
Source: /usr/bin/dash (PID: 6230) Rm executable: /usr/bin/rm -> rm -f /tmp/tmp.IIB6SVi6eh /tmp/tmp.rLPkAsYrXX /tmp/tmp.g84wifk8LY Jump to behavior
Source: /usr/bin/dash (PID: 6231) Rm executable: /usr/bin/rm -> rm -f /tmp/tmp.IIB6SVi6eh /tmp/tmp.rLPkAsYrXX /tmp/tmp.g84wifk8LY Jump to behavior
ELF contains segments with high entropy indicating compressed/encrypted content
Source: SecuriteInfo.com.Linux.Siggen.9999.28931.8128.elf Submission file: segment LOAD with 7.8829 entropy (max. 8.0)
Uses the "uname" system call to query kernel version information (possible evasion)
Source: /tmp/SecuriteInfo.com.Linux.Siggen.9999.28931.8128.elf (PID: 6260) Queries kernel information via 'uname': Jump to behavior
Source: SecuriteInfo.com.Linux.Siggen.9999.28931.8128.elf, 6260.1.00007ffccb70a000.00007ffccb72b000.rw-.sdmp, SecuriteInfo.com.Linux.Siggen.9999.28931.8128.elf, 6264.1.00007ffccb70a000.00007ffccb72b000.rw-.sdmp Binary or memory string: Gx86_64/usr/bin/qemu-mipsel/tmp/SecuriteInfo.com.Linux.Siggen.9999.28931.8128.elfSUDO_USER=saturninoPATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:/snap/binDISPLAY=:1.0XAUTHORITY=/run/user/1000/gdm/XauthoritySUDO_UID=1000TERM=xterm-256colorCOLORTERM=truecolorLOGNAME=rootUSER=rootLANG=en_US.UTF-8SUDO_COMMAND=/bin/bashHOME=/rootMAIL=/var/mail/rootSUDO_GID=1000SHELL=/bin/bash/tmp/SecuriteInfo.com.Linux.Siggen.9999.28931.8128.elf
Source: SecuriteInfo.com.Linux.Siggen.9999.28931.8128.elf, 6260.1.000055c0cb3aa000.000055c0cb431000.rw-.sdmp, SecuriteInfo.com.Linux.Siggen.9999.28931.8128.elf, 6264.1.000055c0cb3aa000.000055c0cb431000.rw-.sdmp Binary or memory string: /etc/qemu-binfmt/mipsel
Source: SecuriteInfo.com.Linux.Siggen.9999.28931.8128.elf, 6260.1.000055c0cb3aa000.000055c0cb431000.rw-.sdmp, SecuriteInfo.com.Linux.Siggen.9999.28931.8128.elf, 6264.1.000055c0cb3aa000.000055c0cb431000.rw-.sdmp Binary or memory string: U!/etc/qemu-binfmt/mipsel
Source: SecuriteInfo.com.Linux.Siggen.9999.28931.8128.elf, 6260.1.00007ffccb70a000.00007ffccb72b000.rw-.sdmp, SecuriteInfo.com.Linux.Siggen.9999.28931.8128.elf, 6264.1.00007ffccb70a000.00007ffccb72b000.rw-.sdmp Binary or memory string: /usr/bin/qemu-mipsel

Stealing of Sensitive Information
barindex
Yara detected Mirai
Source: Yara match File source: 6260.1.00007f3560400000.00007f3560411000.r-x.sdmp, type: MEMORY
Source: Yara match File source: 6264.1.00007f3560400000.00007f3560411000.r-x.sdmp, type: MEMORY
Source: Yara match File source: Process Memory Space: SecuriteInfo.com.Linux.Siggen.9999.28931.8128.elf PID: 6260, type: MEMORYSTR

Remote Access Functionality
barindex
Yara detected Mirai
Source: Yara match File source: 6260.1.00007f3560400000.00007f3560411000.r-x.sdmp, type: MEMORY
Source: Yara match File source: 6264.1.00007f3560400000.00007f3560411000.r-x.sdmp, type: MEMORY
Source: Yara match File source: Process Memory Space: SecuriteInfo.com.Linux.Siggen.9999.28931.8128.elf PID: 6260, type: MEMORYSTR

No Screenshots

  • No. of IPs < 25%
  • 25% < No. of IPs < 50%
  • 50% < No. of IPs < 75%
  • 75% < No. of IPs

Contacted Public IPs

IP Domain Country Flag ASN ASN Name Malicious
67.231.224.30
 unknown United States
16948 STRATUSWAVEUS false
74.89.58.103
 unknown United States
6128 CABLE-NET-1US false
95.49.47.112
 unknown Poland
5617 TPNETPL false
252.211.137.71
 unknown Reserved
unknown unknown false
136.63.239.117
 unknown United States
16591 GOOGLE-FIBERUS false
141.202.204.48
 unknown United States
41587 ATLAS-ELEKTRONIKSebaldsbrueckerHeerstrasse235DE false
188.174.155.191
 unknown Germany
8767 MNET-ASGermanyDE false
109.223.54.2
 unknown France
3215 FranceTelecom-OrangeFR false
133.186.146.51
 unknown Japan 45974 NHN-AS-KRNHNKR false
59.52.141.68
 unknown China
4134 CHINANET-BACKBONENo31Jin-rongStreetCN false
171.149.146.191
 unknown United States
9874 STARHUB-MOBILEStarHubLtdSG false
149.111.10.111
 unknown United States
174 COGENT-174US false
43.248.226.65
 unknown Hong Kong
9381 HKBNES-AS-APHKBNEnterpriseSolutionsHKLimitedHK false
184.21.225.96
 unknown United States
7155 VIASAT-SP-BACKBONEUS false
92.163.207.90
 unknown France
3215 FranceTelecom-OrangeFR false
203.36.135.10
 unknown Australia
1221 ASN-TELSTRATelstraCorporationLtdAU false
53.23.59.127
 unknown Germany
31399 DAIMLER-ASITIGNGlobalNetworkDE false
105.243.240.113
 unknown South Africa
36994 Vodacom-VBZA false
82.127.73.11
 unknown France
3215 FranceTelecom-OrangeFR false
181.255.46.144
 unknown Colombia
26611 COMCELSACO false
189.172.121.180
 unknown Mexico
8151 UninetSAdeCVMX false
14.86.11.164
 unknown Korea Republic of
4766 KIXS-AS-KRKoreaTelecomKR false
90.214.228.200
 unknown United Kingdom
5607 BSKYB-BROADBAND-ASGB false
190.71.250.128
 unknown Colombia
13489 EPMTelecomunicacionesSAESPCO false
191.161.153.10
 unknown Brazil
26615 TIMSABR false
70.221.151.53
 unknown United States
22394 CELLCOUS false
196.25.176.80
 unknown South Africa
5713 SAIX-NETZA false
148.59.164.115
 unknown United States
23346 INFORMATION-TECHNOLOGY-PARTNERS-INCUS false
186.64.142.183
 unknown Costa Rica
52228 CableTicaCR false
43.236.182.76
 unknown China
17506 UCOMARTERIANetworksCorporationJP false
161.180.241.73
 unknown United States
10695 WAL-MARTUS false
14.193.222.155
 unknown Japan 4721 JCNJupiterTelecommunicationsCoLtdJP false
46.184.9.133
 unknown Saudi Arabia
48695 ATHEEB-ASSA false
48.45.62.89
 unknown United States
2686 ATGS-MMD-ASUS false
184.201.46.167
 unknown United States
10507 SPCSUS false
168.229.177.142
 unknown United States
394488 BERGEN-COUNTY-SCHOOL-DISTRICTUS false
221.179.92.53
 unknown China
56040 CMNET-GUANGDONG-APChinaMobilecommunicationscorporation false
241.11.101.174
 unknown Reserved
unknown unknown false
126.226.208.87
 unknown Japan 17676 GIGAINFRASoftbankBBCorpJP false
20.163.151.12
 unknown United States
8075 MICROSOFT-CORP-MSN-AS-BLOCKUS false
157.225.89.242
 unknown United States
10499 IUMC-ITUS false
179.36.68.38
 unknown Argentina
22927 TelefonicadeArgentinaAR false
223.236.248.199
 unknown India
132045 AIRTEL-AS-ISPBhartiAirtelLankaPvtLimitedLK false
216.89.230.198
 unknown United States
46215 TERRANOVANET-ASN1US false
58.10.66.207
 unknown Thailand
17552 TRUE-AS-APTrueInternetCoLtdTH false
171.79.211.182
 unknown India
45609 BHARTI-MOBILITY-AS-APBhartiAirtelLtdASforGPRSService false
112.44.9.76
 unknown China
9808 CMNET-GDGuangdongMobileCommunicationCoLtdCN false
96.111.136.108
 unknown United States
7922 COMCAST-7922US false
92.103.250.136
 unknown France
12670 AS-COMPLETELFR false
108.63.164.211
 unknown Canada
6407 PRIMUS-AS6407CA false
84.152.187.119
 unknown Germany
3320 DTAGInternetserviceprovideroperationsDE false
252.54.151.98
 unknown Reserved
unknown unknown false
253.4.169.27
 unknown Reserved
unknown unknown false
161.59.241.27
 unknown Belgium
2914 NTT-COMMUNICATIONS-2914US false
116.137.190.250
 unknown China
4837 CHINA169-BACKBONECHINAUNICOMChina169BackboneCN false
71.210.118.217
 unknown United States
209 CENTURYLINK-US-LEGACY-QWESTUS false
36.255.55.154
 unknown Bangladesh
135092 DHAKATECH-AS-APAshrafUddintaDhakatechBD false
161.187.154.36
 unknown Canada
852 ASN852CA false
180.241.23.156
 unknown Indonesia
7713 TELKOMNET-AS-APPTTelekomunikasiIndonesiaID false
122.66.140.182
 unknown China
9394 CTTNETChinaTieTongTelecommunicationsCorporationCN false
32.61.35.245
 unknown United States
2687 ATGS-MMD-ASUS false
168.179.191.78
 unknown United States
11663 SUG-1US false
2.243.0.85
 unknown Germany
6805 TDDE-ASN1DE false
166.136.182.136
 unknown United States
20057 ATT-MOBILITY-LLC-AS20057US false
77.32.44.214
 unknown Italy
35612 NGI-ASIT false
94.218.243.140
 unknown Germany
3209 VODANETInternationalIP-BackboneofVodafoneDE false
197.82.224.110
 unknown South Africa
10474 OPTINETZA false
251.164.78.58
 unknown Reserved
unknown unknown false
216.51.28.13
 unknown United States
2828 XO-AS15US false
168.250.156.125
 unknown United States
4241 CSFTBUS false
72.183.136.67
 unknown United States
11427 TWC-11427-TEXASUS false
59.55.62.131
 unknown China
4134 CHINANET-BACKBONENo31Jin-rongStreetCN false
253.109.252.211
 unknown Reserved
unknown unknown false
210.128.77.106
 unknown Japan 2497 IIJInternetInitiativeJapanIncJP false
119.197.122.178
 unknown Korea Republic of
45968 KONACENTER-AS-KRKONAIKR false
151.247.163.152
 unknown Iran (ISLAMIC Republic Of)
31549 RASANAIR false
84.70.48.185
 unknown United Kingdom
5378 VodafoneGB false
20.94.30.16
 unknown United States
8075 MICROSOFT-CORP-MSN-AS-BLOCKUS false
84.114.184.221
 unknown Austria
6830 LIBERTYGLOBALLibertyGlobalformerlyUPCBroadbandHolding false
146.69.246.9
 unknown United States
2018 TENET-1ZA false
106.72.195.196
 unknown Japan 2516 KDDIKDDICORPORATIONJP false
102.172.61.117
 unknown Tunisia
37693 TUNISIANATN false
145.253.98.51
 unknown Germany
3209 VODANETInternationalIP-BackboneofVodafoneDE false
12.156.153.37
 unknown United States
7018 ATT-INTERNET4US false
163.32.26.132
 unknown Taiwan; Republic of China (ROC)
1659 ERX-TANET-ASN1TaiwanAcademicNetworkTANetInformationC false
72.40.157.236
 unknown United States
33363 BHN-33363US false
115.16.100.14
 unknown Korea Republic of
4766 KIXS-AS-KRKoreaTelecomKR false
213.181.35.20
 unknown Belgium
5432 PROXIMUS-ISP-ASBE false
199.100.223.212
 unknown United States
174 COGENT-174US false
89.120.212.208
 unknown Romania
9050 RTDBucharestRomaniaRO false
181.237.166.136
 unknown Colombia
3816 COLOMBIATELECOMUNICACIONESSAESPCO false
253.40.143.79
 unknown Reserved
unknown unknown false
62.183.98.245
 unknown Russian Federation
25490 STC-ASRU false
177.120.79.160
 unknown Brazil
26615 TIMSABR false
163.250.179.231
 unknown Chile
210 WEST-NET-WESTUS false
46.137.223.255
 unknown Ireland
16509 AMAZON-02US false
166.44.191.19
 unknown United States
3372 MCI-ASNUS false
1.35.157.109
 unknown Taiwan; Republic of China (ROC)
3462 HINETDataCommunicationBusinessGroupTW false
187.223.45.136
 unknown Mexico
8151 UninetSAdeCVMX false
120.34.249.18
 unknown China
4134 CHINANET-BACKBONENo31Jin-rongStreetCN false