Linux Analysis Report
yakov.mpsl.elf

Overview

General Information

Sample name: yakov.mpsl.elf
Analysis ID: 1524326
MD5: a3ee175313d2f2a046e905d845602f85
SHA1: 31515053d9038cbb3345471c8ce54a87e8bc2078
SHA256: 94e63ef15861580fec22b2afbbed3c0707031f38a9b22ffd168baaf5728243ac
Tags: botnetelfMiraiyakovYakuzauser-NDA0E
Infos:

Detection

Mirai
Score: 76
Range: 0 - 100
Whitelisted: false

Signatures

Antivirus / Scanner detection for submitted sample
Malicious sample detected (through community Yara rule)
Multi AV Scanner detection for submitted file
Yara detected Mirai
Sample is packed with UPX
Detected TCP or UDP traffic on non-standard ports
ELF contains segments with high entropy indicating compressed/encrypted content
Executes the "rm" command used to delete files or directories
Sample contains only a LOAD segment without any section mappings
Sample listens on a socket
Tries to connect to HTTP servers, but all servers are down (expired dropper behavior)
Uses the "uname" system call to query kernel version information (possible evasion)
Yara signature match

Classification

Name Description Attribution Blogpost URLs Link
Mirai Mirai is one of the first significant botnets targeting exposed networking devices running Linux. Found in August 2016 by MalwareMustDie, its name means "future" in Japanese. Nowadays it targets a wide range of networked embedded devices such as IP cameras, home routers (many vendors involved), and other IoT devices. Since the source code was published on "Hack Forums" many variants of the Mirai family appeared, infecting mostly home networks all around the world. No Attribution https://malpedia.caad.fkie.fraunhofer.de/details/elf.mirai

AV Detection
barindex
Antivirus / Scanner detection for submitted sample
Source: yakov.mpsl.elf Avira: detected
Multi AV Scanner detection for submitted file
Source: yakov.mpsl.elf ReversingLabs: Detection: 44%
Detected TCP or UDP traffic on non-standard ports
Source: global traffic TCP traffic: 192.168.2.23:43468 -> 87.120.114.147:3778
Sample listens on a socket
Source: /tmp/yakov.mpsl.elf (PID: 6254) Socket: 127.0.0.1:16384 Jump to behavior
Tries to connect to HTTP servers, but all servers are down (expired dropper behavior)
Source: global traffic TCP traffic: 192.168.2.23:43928 -> 91.189.91.42:443
Source: global traffic TCP traffic: 192.168.2.23:42836 -> 91.189.91.43:443
Source: global traffic TCP traffic: 192.168.2.23:42516 -> 109.202.202.202:80
Source: unknown TCP traffic detected without corresponding DNS query: 91.189.91.42
Source: unknown TCP traffic detected without corresponding DNS query: 87.120.114.147
Source: unknown TCP traffic detected without corresponding DNS query: 87.120.114.147
Source: unknown TCP traffic detected without corresponding DNS query: 198.152.77.184
Source: unknown TCP traffic detected without corresponding DNS query: 48.82.239.138
Source: unknown TCP traffic detected without corresponding DNS query: 18.235.62.51
Source: unknown TCP traffic detected without corresponding DNS query: 207.6.4.74
Source: unknown TCP traffic detected without corresponding DNS query: 123.167.193.147
Source: unknown TCP traffic detected without corresponding DNS query: 61.93.15.88
Source: unknown TCP traffic detected without corresponding DNS query: 35.44.0.221
Source: unknown TCP traffic detected without corresponding DNS query: 124.31.29.74
Source: unknown TCP traffic detected without corresponding DNS query: 126.83.45.240
Source: unknown TCP traffic detected without corresponding DNS query: 87.120.114.147
Source: unknown TCP traffic detected without corresponding DNS query: 63.50.24.104
Source: unknown TCP traffic detected without corresponding DNS query: 255.25.107.109
Source: unknown TCP traffic detected without corresponding DNS query: 109.100.72.173
Source: unknown TCP traffic detected without corresponding DNS query: 5.75.18.124
Source: unknown TCP traffic detected without corresponding DNS query: 34.229.177.254
Source: unknown TCP traffic detected without corresponding DNS query: 123.85.33.85
Source: unknown TCP traffic detected without corresponding DNS query: 73.178.236.234
Source: unknown TCP traffic detected without corresponding DNS query: 198.124.44.47
Source: unknown TCP traffic detected without corresponding DNS query: 179.205.42.225
Source: unknown TCP traffic detected without corresponding DNS query: 216.124.103.226
Source: unknown TCP traffic detected without corresponding DNS query: 165.1.161.139
Source: unknown TCP traffic detected without corresponding DNS query: 152.209.38.164
Source: unknown TCP traffic detected without corresponding DNS query: 244.105.253.9
Source: unknown TCP traffic detected without corresponding DNS query: 204.169.38.246
Source: unknown TCP traffic detected without corresponding DNS query: 83.131.229.248
Source: unknown TCP traffic detected without corresponding DNS query: 45.202.205.175
Source: unknown TCP traffic detected without corresponding DNS query: 194.157.203.49
Source: unknown TCP traffic detected without corresponding DNS query: 2.115.47.209
Source: unknown TCP traffic detected without corresponding DNS query: 38.88.144.113
Source: unknown TCP traffic detected without corresponding DNS query: 204.137.41.79
Source: unknown TCP traffic detected without corresponding DNS query: 94.47.6.76
Source: unknown TCP traffic detected without corresponding DNS query: 241.19.39.8
Source: unknown TCP traffic detected without corresponding DNS query: 184.141.90.47
Source: unknown TCP traffic detected without corresponding DNS query: 9.233.74.147
Source: unknown TCP traffic detected without corresponding DNS query: 108.7.216.70
Source: unknown TCP traffic detected without corresponding DNS query: 87.209.35.95
Source: unknown TCP traffic detected without corresponding DNS query: 81.78.38.21
Source: unknown TCP traffic detected without corresponding DNS query: 2.83.191.184
Source: unknown TCP traffic detected without corresponding DNS query: 151.140.144.147
Source: unknown TCP traffic detected without corresponding DNS query: 78.24.5.191
Source: unknown TCP traffic detected without corresponding DNS query: 60.26.83.40
Source: unknown TCP traffic detected without corresponding DNS query: 102.104.108.58
Source: unknown TCP traffic detected without corresponding DNS query: 168.198.222.121
Source: unknown TCP traffic detected without corresponding DNS query: 222.125.160.157
Source: unknown TCP traffic detected without corresponding DNS query: 121.9.248.147
Source: unknown TCP traffic detected without corresponding DNS query: 206.54.102.101
Source: unknown TCP traffic detected without corresponding DNS query: 43.240.213.201
Source: yakov.mpsl.elf String found in binary or memory: http://upx.sf.net
Source: unknown Network traffic detected: HTTP traffic on port 43928 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 42836 -> 443

System Summary
barindex
Malicious sample detected (through community Yara rule)
Source: 6252.1.00007f29b0400000.00007f29b0411000.r-x.sdmp, type: MEMORY Matched rule: Linux_Trojan_Gafgyt_28a2fe0c Author: unknown
Source: 6252.1.00007f29b0400000.00007f29b0411000.r-x.sdmp, type: MEMORY Matched rule: Linux_Trojan_Gafgyt_ea92cca8 Author: unknown
Source: 6256.1.00007f29b0400000.00007f29b0411000.r-x.sdmp, type: MEMORY Matched rule: Linux_Trojan_Gafgyt_28a2fe0c Author: unknown
Source: 6256.1.00007f29b0400000.00007f29b0411000.r-x.sdmp, type: MEMORY Matched rule: Linux_Trojan_Gafgyt_ea92cca8 Author: unknown
Source: Process Memory Space: yakov.mpsl.elf PID: 6252, type: MEMORYSTR Matched rule: Linux_Trojan_Gafgyt_28a2fe0c Author: unknown
Source: Process Memory Space: yakov.mpsl.elf PID: 6252, type: MEMORYSTR Matched rule: Linux_Trojan_Gafgyt_ea92cca8 Author: unknown
Source: Process Memory Space: yakov.mpsl.elf PID: 6256, type: MEMORYSTR Matched rule: Linux_Trojan_Gafgyt_28a2fe0c Author: unknown
Source: Process Memory Space: yakov.mpsl.elf PID: 6256, type: MEMORYSTR Matched rule: Linux_Trojan_Gafgyt_ea92cca8 Author: unknown
Sample contains only a LOAD segment without any section mappings
Source: LOAD without section mappings Program segment: 0x100000
Yara signature match
Source: 6252.1.00007f29b0400000.00007f29b0411000.r-x.sdmp, type: MEMORY Matched rule: Linux_Trojan_Gafgyt_28a2fe0c os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = a2c6beaec18ca876e8487c11bcc7a29279669588aacb7d3027d8d8df8f5bcead, id = 28a2fe0c-eed5-4c79-81e6-3b11b73a4ebd, last_modified = 2021-09-16
Source: 6252.1.00007f29b0400000.00007f29b0411000.r-x.sdmp, type: MEMORY Matched rule: Linux_Trojan_Gafgyt_ea92cca8 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = aa4aee9f3d6bedd8234eaf8778895a0f5d71c42b21f2a428f01f121e85704e8e, id = ea92cca8-bba7-4a1c-9b88-a2d051ad0021, last_modified = 2021-09-16
Source: 6256.1.00007f29b0400000.00007f29b0411000.r-x.sdmp, type: MEMORY Matched rule: Linux_Trojan_Gafgyt_28a2fe0c os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = a2c6beaec18ca876e8487c11bcc7a29279669588aacb7d3027d8d8df8f5bcead, id = 28a2fe0c-eed5-4c79-81e6-3b11b73a4ebd, last_modified = 2021-09-16
Source: 6256.1.00007f29b0400000.00007f29b0411000.r-x.sdmp, type: MEMORY Matched rule: Linux_Trojan_Gafgyt_ea92cca8 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = aa4aee9f3d6bedd8234eaf8778895a0f5d71c42b21f2a428f01f121e85704e8e, id = ea92cca8-bba7-4a1c-9b88-a2d051ad0021, last_modified = 2021-09-16
Source: Process Memory Space: yakov.mpsl.elf PID: 6252, type: MEMORYSTR Matched rule: Linux_Trojan_Gafgyt_28a2fe0c os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = a2c6beaec18ca876e8487c11bcc7a29279669588aacb7d3027d8d8df8f5bcead, id = 28a2fe0c-eed5-4c79-81e6-3b11b73a4ebd, last_modified = 2021-09-16
Source: Process Memory Space: yakov.mpsl.elf PID: 6252, type: MEMORYSTR Matched rule: Linux_Trojan_Gafgyt_ea92cca8 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = aa4aee9f3d6bedd8234eaf8778895a0f5d71c42b21f2a428f01f121e85704e8e, id = ea92cca8-bba7-4a1c-9b88-a2d051ad0021, last_modified = 2021-09-16
Source: Process Memory Space: yakov.mpsl.elf PID: 6256, type: MEMORYSTR Matched rule: Linux_Trojan_Gafgyt_28a2fe0c os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = a2c6beaec18ca876e8487c11bcc7a29279669588aacb7d3027d8d8df8f5bcead, id = 28a2fe0c-eed5-4c79-81e6-3b11b73a4ebd, last_modified = 2021-09-16
Source: Process Memory Space: yakov.mpsl.elf PID: 6256, type: MEMORYSTR Matched rule: Linux_Trojan_Gafgyt_ea92cca8 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = aa4aee9f3d6bedd8234eaf8778895a0f5d71c42b21f2a428f01f121e85704e8e, id = ea92cca8-bba7-4a1c-9b88-a2d051ad0021, last_modified = 2021-09-16
Source: classification engine Classification label: mal76.troj.evad.linELF@0/0@0/0

Data Obfuscation
barindex
Sample is packed with UPX
Source: initial sample String containing UPX found: $Info: This file is packed with the UPX executable packer http://upx.sf.net $
Source: initial sample String containing UPX found: $Info: This file is packed with the UPX executable packer http://upx.sf.net $
Source: initial sample String containing UPX found: $Id: UPX 3.94 Copyright (C) 1996-2017 the UPX Team. All Rights Reserved. $
Executes the "rm" command used to delete files or directories
Source: /usr/bin/dash (PID: 6228) Rm executable: /usr/bin/rm -> rm -f /tmp/tmp.SKbQfUM3ZI /tmp/tmp.rEO5aZBARM /tmp/tmp.bfXovuPUbk Jump to behavior
Source: /usr/bin/dash (PID: 6229) Rm executable: /usr/bin/rm -> rm -f /tmp/tmp.SKbQfUM3ZI /tmp/tmp.rEO5aZBARM /tmp/tmp.bfXovuPUbk Jump to behavior
ELF contains segments with high entropy indicating compressed/encrypted content
Source: yakov.mpsl.elf Submission file: segment LOAD with 7.8835 entropy (max. 8.0)
Uses the "uname" system call to query kernel version information (possible evasion)
Source: /tmp/yakov.mpsl.elf (PID: 6252) Queries kernel information via 'uname': Jump to behavior
Source: yakov.mpsl.elf, 6252.1.000055e7436fc000.000055e743783000.rw-.sdmp, yakov.mpsl.elf, 6256.1.000055e7436fc000.000055e743783000.rw-.sdmp Binary or memory string: /etc/qemu-binfmt/mipsel
Source: yakov.mpsl.elf, 6252.1.00007ffebac62000.00007ffebac83000.rw-.sdmp, yakov.mpsl.elf, 6256.1.00007ffebac62000.00007ffebac83000.rw-.sdmp Binary or memory string: x86_64/usr/bin/qemu-mipsel/tmp/yakov.mpsl.elfSUDO_USER=saturninoPATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:/snap/binDISPLAY=:1.0XAUTHORITY=/run/user/1000/gdm/XauthoritySUDO_UID=1000TERM=xterm-256colorCOLORTERM=truecolorLOGNAME=rootUSER=rootLANG=en_US.UTF-8SUDO_COMMAND=/bin/bashHOME=/rootMAIL=/var/mail/rootSUDO_GID=1000SHELL=/bin/bash/tmp/yakov.mpsl.elf
Source: yakov.mpsl.elf, 6252.1.000055e7436fc000.000055e743783000.rw-.sdmp, yakov.mpsl.elf, 6256.1.000055e7436fc000.000055e743783000.rw-.sdmp Binary or memory string: U!/etc/qemu-binfmt/mipsel
Source: yakov.mpsl.elf, 6252.1.00007ffebac62000.00007ffebac83000.rw-.sdmp, yakov.mpsl.elf, 6256.1.00007ffebac62000.00007ffebac83000.rw-.sdmp Binary or memory string: /usr/bin/qemu-mipsel

Stealing of Sensitive Information
barindex
Yara detected Mirai
Source: Yara match File source: 6252.1.00007f29b0400000.00007f29b0411000.r-x.sdmp, type: MEMORY
Source: Yara match File source: 6256.1.00007f29b0400000.00007f29b0411000.r-x.sdmp, type: MEMORY
Source: Yara match File source: Process Memory Space: yakov.mpsl.elf PID: 6252, type: MEMORYSTR
Source: Yara match File source: Process Memory Space: yakov.mpsl.elf PID: 6256, type: MEMORYSTR

Remote Access Functionality
barindex
Yara detected Mirai
Source: Yara match File source: 6252.1.00007f29b0400000.00007f29b0411000.r-x.sdmp, type: MEMORY
Source: Yara match File source: 6256.1.00007f29b0400000.00007f29b0411000.r-x.sdmp, type: MEMORY
Source: Yara match File source: Process Memory Space: yakov.mpsl.elf PID: 6252, type: MEMORYSTR
Source: Yara match File source: Process Memory Space: yakov.mpsl.elf PID: 6256, type: MEMORYSTR

No Screenshots

  • No. of IPs < 25%
  • 25% < No. of IPs < 50%
  • 50% < No. of IPs < 75%
  • 75% < No. of IPs

Contacted Public IPs

IP Domain Country Flag ASN ASN Name Malicious
243.47.150.69
 unknown Reserved
unknown unknown false
105.131.8.160
 unknown Morocco
6713 IAM-ASMA false
173.243.113.9
 unknown United States
20278 NEXEONUS false
58.238.216.233
 unknown Korea Republic of
9318 SKB-ASSKBroadbandCoLtdKR false
90.232.102.142
 unknown Sweden
3301 TELIANET-SWEDENTeliaCompanySE false
89.247.153.217
 unknown Germany
8881 VERSATELDE false
27.112.105.114
 unknown Japan 63997 TSUKAERUNETTsukaerunetWebHostingCompanyJapanJP false
151.171.224.25
 unknown United States
3257 GTT-BACKBONEGTTDE false
193.194.8.136
 unknown Germany
34794 LIBRABANK-ASRO false
222.217.233.251
 unknown China
4134 CHINANET-BACKBONENo31Jin-rongStreetCN false
168.156.162.249
 unknown United States
10430 WA-K20US false
166.71.207.1
 unknown United States
6315 XMISSIONUS false
194.185.121.249
 unknown Italy
3313 INET-ASIT false
39.122.169.244
 unknown Korea Republic of
9318 SKB-ASSKBroadbandCoLtdKR false
160.73.81.64
 unknown United States
46887 LIGHTOWERUS false
201.92.167.48
 unknown Brazil
27699 TELEFONICABRASILSABR false
111.210.170.178
 unknown China
4808 CHINA169-BJChinaUnicomBeijingProvinceNetworkCN false
254.50.230.222
 unknown Reserved
unknown unknown false
102.70.101.71
 unknown Malawi
37294 TNMMW false
222.240.209.193
 unknown China
4134 CHINANET-BACKBONENo31Jin-rongStreetCN false
53.30.53.197
 unknown Germany
31399 DAIMLER-ASITIGNGlobalNetworkDE false
5.182.165.133
 unknown Spain
29119 SERVIHOSTING-ASAireNetworksES false
141.225.169.55
 unknown United States
14048 MEMPHIS-EDUUS false
112.201.146.35
 unknown Philippines
9299 IPG-AS-APPhilippineLongDistanceTelephoneCompanyPH false
212.8.172.173
 unknown European Union
5400 BTGB false
180.81.10.193
 unknown Korea Republic of
9316 DACOM-PUBNETPLUS-AS-KRDACOM-PUBNETPLUSKR false
115.240.171.42
 unknown India
55836 RELIANCEJIO-INRelianceJioInfocommLimitedIN false
81.229.147.31
 unknown Sweden
3301 TELIANET-SWEDENTeliaCompanySE false
134.251.117.133
 unknown United States
210 WEST-NET-WESTUS false
134.244.73.137
 unknown United States
3479 PEACHNET-AS1US false
154.120.6.246
 unknown Ghana
37074 UG-ASGH false
119.13.24.151
 unknown Australia
9723 ISEEK-AS-APiseekCommunicationsPtyLtdAU false
204.176.235.141
 unknown United States
701 UUNETUS false
81.59.207.52
 unknown Belgium
13127 VERSATELASfortheTrans-EuropeanTele2IPTransportbackbo false
184.250.93.40
 unknown United States
10507 SPCSUS false
78.145.16.197
 unknown United Kingdom
13285 OPALTELECOM-ASTalkTalkCommunicationsLimitedGB false
123.86.10.190
 unknown China
9394 CTTNETChinaTieTongTelecommunicationsCorporationCN false
102.248.170.220
 unknown South Africa
5713 SAIX-NETZA false
203.228.231.47
 unknown Korea Republic of
4670 HYUNDAI-KRShinbiroKR false
67.94.165.251
 unknown United States
2828 XO-AS15US false
166.163.165.186
 unknown United States
20057 ATT-MOBILITY-LLC-AS20057US false
170.155.47.3
 unknown Argentina
27967 GobernaciondelaProvinciadeBuenosAiresAR false
201.124.140.96
 unknown Mexico
8151 UninetSAdeCVMX false
209.27.25.101
 unknown United States
3561 CENTURYLINK-LEGACY-SAVVISUS false
74.39.32.111
 unknown United States
7011 FRONTIER-AND-CITIZENSUS false
139.4.200.165
 unknown Germany
702 UUNETUS false
62.56.127.229
 unknown United Kingdom
2529 DEMON-INTERNETNowmaintainedbyCableWirelessWorldwide false
213.90.43.27
 unknown Austria
8437 UTA-ASAT false
114.51.26.69
 unknown Japan 37903 EMOBILEYmobileCorporationJP false
201.209.58.251
 unknown Venezuela
8048 CANTVServiciosVenezuelaVE false
27.31.11.88
 unknown China
4134 CHINANET-BACKBONENo31Jin-rongStreetCN false
42.222.253.214
 unknown China
4249 LILLY-ASUS false
161.172.233.64
 unknown United States
10695 WAL-MARTUS false
163.116.243.107
 unknown France
55256 NETSKOPEUS false
94.176.172.127
 unknown Virgin Islands (BRITISH)
15945 PFALZKOM-NETKoschatplatz1DE false
60.231.244.199
 unknown Australia
1221 ASN-TELSTRATelstraCorporationLtdAU false
123.126.121.247
 unknown China
4808 CHINA169-BJChinaUnicomBeijingProvinceNetworkCN false
120.125.234.63
 unknown Taiwan; Republic of China (ROC)
17716 NTU-TWNationalTaiwanUniversityTW false
111.217.192.80
 unknown Japan 2527 SO-NETSo-netEntertainmentCorporationJP false
43.240.213.201
 unknown China
4812 CHINANET-SH-APChinaTelecomGroupCN false
241.205.43.233
 unknown Reserved
unknown unknown false
79.159.170.12
 unknown Spain
3352 TELEFONICA_DE_ESPANAES false
211.158.143.217
 unknown China
4837 CHINA169-BACKBONECHINAUNICOMChina169BackboneCN false
36.33.237.190
 unknown China
4837 CHINA169-BACKBONECHINAUNICOMChina169BackboneCN false
245.88.9.202
 unknown Reserved
unknown unknown false
81.197.146.69
 unknown Finland
719 ELISA-ASHelsinkiFinlandEU false
248.122.227.245
 unknown Reserved
unknown unknown false
86.58.153.192
 unknown Denmark
16095 JAYNETSentiaDanmarkASDK false
152.114.111.15
 unknown United Kingdom
29295 NPSGB false
193.31.85.32
 unknown Germany
203649 GOINTERNETGB false
70.182.185.154
 unknown United States
22773 ASN-CXA-ALL-CCI-22773-RDCUS false
152.10.185.30
 unknown United States
81 NCRENUS false
205.159.50.102
 unknown United States
2828 XO-AS15US false
97.175.196.79
 unknown United States
6167 CELLCO-PARTUS false
63.243.138.65
 unknown United States
6453 AS6453US false
151.218.194.177
 unknown unknown
11003 PANDGUS false
8.153.219.75
 unknown Singapore
37963 CNNIC-ALIBABA-CN-NET-APHangzhouAlibabaAdvertisingCoLtd false
242.125.15.201
 unknown Reserved
unknown unknown false
90.114.190.210
 unknown France
3215 FranceTelecom-OrangeFR false
104.132.168.6
 unknown United States
41264 GOOGLE-IT-RO-ISPCH false
243.242.81.194
 unknown Reserved
unknown unknown false
110.179.135.104
 unknown China
4134 CHINANET-BACKBONENo31Jin-rongStreetCN false
250.238.135.175
 unknown Reserved
unknown unknown false
97.134.68.8
 unknown United States
6167 CELLCO-PARTUS false
60.115.7.241
 unknown Japan 17676 GIGAINFRASoftbankBBCorpJP false
124.17.192.46
 unknown China
7497 CSTNET-AS-APComputerNetworkInformationCenterCN false
203.184.145.195
 unknown Hong Kong
10032 HGC-AS-APHGCGlobalCommunicationsLimitedHK false
45.139.158.24
 unknown Netherlands
63023 AS-GLOBALTELEHOSTUS false
118.157.50.161
 unknown Japan 2516 KDDIKDDICORPORATIONJP false
157.79.18.188
 unknown Japan 2514 INFOSPHERENTTPCCommunicationsIncJP false
189.172.238.113
 unknown Mexico
8151 UninetSAdeCVMX false
136.107.144.118
 unknown United States
60311 ONEFMCH false
1.75.204.136
 unknown Japan 9605 DOCOMONTTDOCOMOINCJP false
95.203.163.226
 unknown Sweden
3301 TELIANET-SWEDENTeliaCompanySE false
13.37.48.1
 unknown United States
7018 ATT-INTERNET4US false
169.203.105.80
 unknown United States
22920 BIAEDNET-INTERNETUS false
27.140.254.33
 unknown Japan 9824 JTCL-JP-ASJupiterTelecommunicationCoLtdJP false
135.127.82.58
 unknown United States
14962 NCR-252US false
186.154.84.165
 unknown Colombia
19429 ETB-ColombiaCO false
103.251.221.100
 unknown India
58972 BHOMIKA-ASBHOMIKAIN false