Linux Analysis Report
na.elf

Overview

General Information

Sample name: na.elf
Analysis ID: 1527231
MD5: 4200516ef011968dabaa8043608c10ff
SHA1: c493395835faddd688312607ff514f9642af2340
SHA256: 670bbac054d967017a9530f7761cdcd22f640054702ede365bd35013194ed614
Tags: elfMiraiuser-abuse_ch
Infos:

Detection

Mirai
Score: 68
Range: 0 - 100
Whitelisted: false

Signatures

Antivirus / Scanner detection for submitted sample
Multi AV Scanner detection for submitted file
Yara detected Mirai
Sample is packed with UPX
Detected TCP or UDP traffic on non-standard ports
ELF contains segments with high entropy indicating compressed/encrypted content
Enumerates processes within the "proc" file system
Sample contains only a LOAD segment without any section mappings
Sample listens on a socket
Sample tries to kill a process (SIGKILL)
Uses the "uname" system call to query kernel version information (possible evasion)

Classification

Name Description Attribution Blogpost URLs Link
Mirai Mirai is one of the first significant botnets targeting exposed networking devices running Linux. Found in August 2016 by MalwareMustDie, its name means "future" in Japanese. Nowadays it targets a wide range of networked embedded devices such as IP cameras, home routers (many vendors involved), and other IoT devices. Since the source code was published on "Hack Forums" many variants of the Mirai family appeared, infecting mostly home networks all around the world. No Attribution https://malpedia.caad.fkie.fraunhofer.de/details/elf.mirai

AV Detection
barindex
Antivirus / Scanner detection for submitted sample
Source: na.elf Avira: detected
Multi AV Scanner detection for submitted file
Source: na.elf ReversingLabs: Detection: 60%
Detected TCP or UDP traffic on non-standard ports
Source: global traffic TCP traffic: 192.168.2.15:39494 -> 103.238.235.110:9375
Sample listens on a socket
Source: /tmp/na.elf (PID: 5529) Socket: 0.0.0.0:23 Jump to behavior
Source: /tmp/na.elf (PID: 5529) Socket: 0.0.0.0:0 Jump to behavior
Source: /tmp/na.elf (PID: 5529) Socket: 0.0.0.0:80 Jump to behavior
Source: /tmp/na.elf (PID: 5529) Socket: 0.0.0.0:81 Jump to behavior
Source: /tmp/na.elf (PID: 5529) Socket: 0.0.0.0:8443 Jump to behavior
Source: /tmp/na.elf (PID: 5529) Socket: 0.0.0.0:9009 Jump to behavior
Source: /tmp/na.elf (PID: 5535) Socket: 0.0.0.0:0 Jump to behavior
Source: /tmp/na.elf (PID: 5535) Socket: 0.0.0.0:80 Jump to behavior
Source: /tmp/na.elf (PID: 5535) Socket: 0.0.0.0:81 Jump to behavior
Source: /tmp/na.elf (PID: 5535) Socket: 0.0.0.0:8443 Jump to behavior
Source: /tmp/na.elf (PID: 5535) Socket: 0.0.0.0:9009 Jump to behavior
Source: unknown TCP traffic detected without corresponding DNS query: 103.238.235.110
Source: unknown TCP traffic detected without corresponding DNS query: 103.238.235.110
Source: unknown TCP traffic detected without corresponding DNS query: 112.133.221.237
Source: unknown TCP traffic detected without corresponding DNS query: 192.167.29.112
Source: unknown TCP traffic detected without corresponding DNS query: 120.121.179.97
Source: unknown TCP traffic detected without corresponding DNS query: 23.113.52.167
Source: unknown TCP traffic detected without corresponding DNS query: 46.120.166.38
Source: unknown TCP traffic detected without corresponding DNS query: 161.72.85.136
Source: unknown TCP traffic detected without corresponding DNS query: 145.53.147.14
Source: unknown TCP traffic detected without corresponding DNS query: 201.200.179.29
Source: unknown TCP traffic detected without corresponding DNS query: 204.60.189.126
Source: unknown TCP traffic detected without corresponding DNS query: 101.151.88.153
Source: unknown TCP traffic detected without corresponding DNS query: 90.238.93.173
Source: unknown TCP traffic detected without corresponding DNS query: 111.38.224.222
Source: unknown TCP traffic detected without corresponding DNS query: 14.46.107.171
Source: unknown TCP traffic detected without corresponding DNS query: 174.218.137.151
Source: unknown TCP traffic detected without corresponding DNS query: 78.170.203.2
Source: unknown TCP traffic detected without corresponding DNS query: 176.217.97.185
Source: unknown TCP traffic detected without corresponding DNS query: 165.77.8.94
Source: unknown TCP traffic detected without corresponding DNS query: 213.228.238.154
Source: unknown TCP traffic detected without corresponding DNS query: 84.239.114.242
Source: unknown TCP traffic detected without corresponding DNS query: 99.167.121.79
Source: unknown TCP traffic detected without corresponding DNS query: 169.226.193.119
Source: unknown TCP traffic detected without corresponding DNS query: 150.78.230.216
Source: unknown TCP traffic detected without corresponding DNS query: 203.137.91.22
Source: unknown TCP traffic detected without corresponding DNS query: 60.58.179.36
Source: unknown TCP traffic detected without corresponding DNS query: 104.212.213.21
Source: unknown TCP traffic detected without corresponding DNS query: 248.49.218.87
Source: unknown TCP traffic detected without corresponding DNS query: 16.69.252.147
Source: unknown TCP traffic detected without corresponding DNS query: 16.16.249.139
Source: unknown TCP traffic detected without corresponding DNS query: 217.189.87.94
Source: unknown TCP traffic detected without corresponding DNS query: 185.35.61.30
Source: unknown TCP traffic detected without corresponding DNS query: 245.196.223.54
Source: unknown TCP traffic detected without corresponding DNS query: 242.30.170.155
Source: unknown TCP traffic detected without corresponding DNS query: 149.195.152.26
Source: unknown TCP traffic detected without corresponding DNS query: 88.66.128.47
Source: unknown TCP traffic detected without corresponding DNS query: 249.206.79.80
Source: unknown TCP traffic detected without corresponding DNS query: 123.127.143.175
Source: unknown TCP traffic detected without corresponding DNS query: 82.45.67.133
Source: unknown TCP traffic detected without corresponding DNS query: 222.116.172.167
Source: unknown TCP traffic detected without corresponding DNS query: 125.41.61.219
Source: unknown TCP traffic detected without corresponding DNS query: 59.143.41.249
Source: unknown TCP traffic detected without corresponding DNS query: 120.145.58.73
Source: unknown TCP traffic detected without corresponding DNS query: 73.101.73.166
Source: unknown TCP traffic detected without corresponding DNS query: 82.50.121.48
Source: unknown TCP traffic detected without corresponding DNS query: 242.28.41.152
Source: unknown TCP traffic detected without corresponding DNS query: 152.237.36.235
Source: unknown TCP traffic detected without corresponding DNS query: 34.216.140.44
Source: unknown TCP traffic detected without corresponding DNS query: 246.193.212.73
Source: unknown TCP traffic detected without corresponding DNS query: 255.216.114.248
Source: na.elf String found in binary or memory: http://upx.sf.net
Sample contains only a LOAD segment without any section mappings
Source: LOAD without section mappings Program segment: 0x100000
Sample tries to kill a process (SIGKILL)
Source: /tmp/na.elf (PID: 5529) SIGKILL sent: pid: 933, result: successful Jump to behavior
Source: /tmp/na.elf (PID: 5535) SIGKILL sent: pid: 933, result: successful Jump to behavior
Source: /tmp/na.elf (PID: 5535) SIGKILL sent: pid: 5529, result: successful Jump to behavior
Source: /tmp/na.elf (PID: 5535) SIGKILL sent: pid: 764, result: successful Jump to behavior
Source: classification engine Classification label: mal68.troj.evad.linELF@0/0@0/0

Data Obfuscation
barindex
Sample is packed with UPX
Source: initial sample String containing UPX found: $Info: This file is packed with the UPX executable packer http://upx.sf.net $
Source: initial sample String containing UPX found: $Info: This file is packed with the UPX executable packer http://upx.sf.net $
Source: initial sample String containing UPX found: $Id: UPX 3.94 Copyright (C) 1996-2017 the UPX Team. All Rights Reserved. $
Enumerates processes within the "proc" file system
Source: /tmp/na.elf (PID: 5535) File opened: /proc/1185/exe Jump to behavior
Source: /tmp/na.elf (PID: 5535) File opened: /proc/3241/fd Jump to behavior
Source: /tmp/na.elf (PID: 5535) File opened: /proc/3241/exe Jump to behavior
Source: /tmp/na.elf (PID: 5535) File opened: /proc/3483/fd Jump to behavior
Source: /tmp/na.elf (PID: 5535) File opened: /proc/1732/fd Jump to behavior
Source: /tmp/na.elf (PID: 5535) File opened: /proc/1732/exe Jump to behavior
Source: /tmp/na.elf (PID: 5535) File opened: /proc/1730/fd Jump to behavior
Source: /tmp/na.elf (PID: 5535) File opened: /proc/1730/exe Jump to behavior
Source: /tmp/na.elf (PID: 5535) File opened: /proc/1333/fd Jump to behavior
Source: /tmp/na.elf (PID: 5535) File opened: /proc/1333/exe Jump to behavior
Source: /tmp/na.elf (PID: 5535) File opened: /proc/1695/fd Jump to behavior
Source: /tmp/na.elf (PID: 5535) File opened: /proc/1695/exe Jump to behavior
Source: /tmp/na.elf (PID: 5535) File opened: /proc/3235/fd Jump to behavior
Source: /tmp/na.elf (PID: 5535) File opened: /proc/3235/exe Jump to behavior
Source: /tmp/na.elf (PID: 5535) File opened: /proc/3234/fd Jump to behavior
Source: /tmp/na.elf (PID: 5535) File opened: /proc/3234/exe Jump to behavior
Source: /tmp/na.elf (PID: 5535) File opened: /proc/515/exe Jump to behavior
Source: /tmp/na.elf (PID: 5535) File opened: /proc/911/exe Jump to behavior
Source: /tmp/na.elf (PID: 5535) File opened: /proc/1617/fd Jump to behavior
Source: /tmp/na.elf (PID: 5535) File opened: /proc/1617/exe Jump to behavior
Source: /tmp/na.elf (PID: 5535) File opened: /proc/914/exe Jump to behavior
Source: /tmp/na.elf (PID: 5535) File opened: /proc/1615/fd Jump to behavior
Source: /tmp/na.elf (PID: 5535) File opened: /proc/1615/exe Jump to behavior
Source: /tmp/na.elf (PID: 5535) File opened: /proc/917/fd Jump to behavior
Source: /tmp/na.elf (PID: 5535) File opened: /proc/917/fd Jump to behavior
Source: /tmp/na.elf (PID: 5535) File opened: /proc/917/exe Jump to behavior
Source: /tmp/na.elf (PID: 5535) File opened: /proc/3255/fd Jump to behavior
Source: /tmp/na.elf (PID: 5535) File opened: /proc/3255/exe Jump to behavior
Source: /tmp/na.elf (PID: 5535) File opened: /proc/3253/fd Jump to behavior
Source: /tmp/na.elf (PID: 5535) File opened: /proc/3253/exe Jump to behavior
Source: /tmp/na.elf (PID: 5535) File opened: /proc/1591/fd Jump to behavior
Source: /tmp/na.elf (PID: 5535) File opened: /proc/1591/exe Jump to behavior
Source: /tmp/na.elf (PID: 5535) File opened: /proc/3252/fd Jump to behavior
Source: /tmp/na.elf (PID: 5535) File opened: /proc/3252/exe Jump to behavior
Source: /tmp/na.elf (PID: 5535) File opened: /proc/3251/fd Jump to behavior
Source: /tmp/na.elf (PID: 5535) File opened: /proc/3251/exe Jump to behavior
Source: /tmp/na.elf (PID: 5535) File opened: /proc/3250/fd Jump to behavior
Source: /tmp/na.elf (PID: 5535) File opened: /proc/3250/exe Jump to behavior
Source: /tmp/na.elf (PID: 5535) File opened: /proc/1/fd Jump to behavior
Source: /tmp/na.elf (PID: 5535) File opened: /proc/1/fd Jump to behavior
Source: /tmp/na.elf (PID: 5535) File opened: /proc/1623/fd Jump to behavior
Source: /tmp/na.elf (PID: 5535) File opened: /proc/1623/exe Jump to behavior
Source: /tmp/na.elf (PID: 5535) File opened: /proc/1588/fd Jump to behavior
Source: /tmp/na.elf (PID: 5535) File opened: /proc/1588/exe Jump to behavior
Source: /tmp/na.elf (PID: 5535) File opened: /proc/3249/fd Jump to behavior
Source: /tmp/na.elf (PID: 5535) File opened: /proc/3249/exe Jump to behavior
Source: /tmp/na.elf (PID: 5535) File opened: /proc/764/fd Jump to behavior
Source: /tmp/na.elf (PID: 5535) File opened: /proc/764/fd Jump to behavior
Source: /tmp/na.elf (PID: 5535) File opened: /proc/764/exe Jump to behavior
Source: /tmp/na.elf (PID: 5535) File opened: /proc/3368/fd Jump to behavior
Source: /tmp/na.elf (PID: 5535) File opened: /proc/1585/fd Jump to behavior
Source: /tmp/na.elf (PID: 5535) File opened: /proc/1585/exe Jump to behavior
Source: /tmp/na.elf (PID: 5535) File opened: /proc/3246/fd Jump to behavior
Source: /tmp/na.elf (PID: 5535) File opened: /proc/3246/exe Jump to behavior
Source: /tmp/na.elf (PID: 5535) File opened: /proc/3488/fd Jump to behavior
Source: /tmp/na.elf (PID: 5535) File opened: /proc/766/fd Jump to behavior
Source: /tmp/na.elf (PID: 5535) File opened: /proc/766/fd Jump to behavior
Source: /tmp/na.elf (PID: 5535) File opened: /proc/766/exe Jump to behavior
Source: /tmp/na.elf (PID: 5535) File opened: /proc/800/fd Jump to behavior
Source: /tmp/na.elf (PID: 5535) File opened: /proc/800/fd Jump to behavior
Source: /tmp/na.elf (PID: 5535) File opened: /proc/800/exe Jump to behavior
Source: /tmp/na.elf (PID: 5535) File opened: /proc/888/fd Jump to behavior
Source: /tmp/na.elf (PID: 5535) File opened: /proc/888/fd Jump to behavior
Source: /tmp/na.elf (PID: 5535) File opened: /proc/888/exe Jump to behavior
Source: /tmp/na.elf (PID: 5535) File opened: /proc/802/fd Jump to behavior
Source: /tmp/na.elf (PID: 5535) File opened: /proc/802/fd Jump to behavior
Source: /tmp/na.elf (PID: 5535) File opened: /proc/802/exe Jump to behavior
Source: /tmp/na.elf (PID: 5535) File opened: /proc/1509/fd Jump to behavior
Source: /tmp/na.elf (PID: 5535) File opened: /proc/1509/exe Jump to behavior
Source: /tmp/na.elf (PID: 5535) File opened: /proc/803/fd Jump to behavior
Source: /tmp/na.elf (PID: 5535) File opened: /proc/803/fd Jump to behavior
Source: /tmp/na.elf (PID: 5535) File opened: /proc/803/exe Jump to behavior
Source: /tmp/na.elf (PID: 5535) File opened: /proc/804/fd Jump to behavior
Source: /tmp/na.elf (PID: 5535) File opened: /proc/804/fd Jump to behavior
Source: /tmp/na.elf (PID: 5535) File opened: /proc/804/exe Jump to behavior
Source: /tmp/na.elf (PID: 5535) File opened: /proc/3887/fd Jump to behavior
Source: /tmp/na.elf (PID: 5535) File opened: /proc/1867/fd Jump to behavior
Source: /tmp/na.elf (PID: 5535) File opened: /proc/1867/exe Jump to behavior
Source: /tmp/na.elf (PID: 5535) File opened: /proc/3407/fd Jump to behavior
Source: /tmp/na.elf (PID: 5535) File opened: /proc/1484/fd Jump to behavior
Source: /tmp/na.elf (PID: 5535) File opened: /proc/1484/exe Jump to behavior
Source: /tmp/na.elf (PID: 5535) File opened: /proc/490/fd Jump to behavior
Source: /tmp/na.elf (PID: 5535) File opened: /proc/490/fd Jump to behavior
Source: /tmp/na.elf (PID: 5535) File opened: /proc/490/exe Jump to behavior
Source: /tmp/na.elf (PID: 5535) File opened: /proc/1514/fd Jump to behavior
Source: /tmp/na.elf (PID: 5535) File opened: /proc/1514/exe Jump to behavior
Source: /tmp/na.elf (PID: 5535) File opened: /proc/1634/fd Jump to behavior
Source: /tmp/na.elf (PID: 5535) File opened: /proc/1634/exe Jump to behavior
Source: /tmp/na.elf (PID: 5535) File opened: /proc/1479/fd Jump to behavior
Source: /tmp/na.elf (PID: 5535) File opened: /proc/1479/exe Jump to behavior
Source: /tmp/na.elf (PID: 5535) File opened: /proc/1875/exe Jump to behavior
Source: /tmp/na.elf (PID: 5535) File opened: /proc/3379/fd Jump to behavior
Source: /tmp/na.elf (PID: 5535) File opened: /proc/654/exe Jump to behavior
Source: /tmp/na.elf (PID: 5535) File opened: /proc/655/exe Jump to behavior
Source: /tmp/na.elf (PID: 5535) File opened: /proc/931/fd Jump to behavior
Source: /tmp/na.elf (PID: 5535) File opened: /proc/931/fd Jump to behavior
Source: /tmp/na.elf (PID: 5535) File opened: /proc/931/exe Jump to behavior
Source: /tmp/na.elf (PID: 5535) File opened: /proc/777/fd Jump to behavior
Source: /tmp/na.elf (PID: 5535) File opened: /proc/777/fd Jump to behavior
Source: /tmp/na.elf (PID: 5535) File opened: /proc/777/exe Jump to behavior
Source: /tmp/na.elf (PID: 5535) File opened: /proc/1595/fd Jump to behavior
Source: /tmp/na.elf (PID: 5535) File opened: /proc/1595/exe Jump to behavior
Source: /tmp/na.elf (PID: 5535) File opened: /proc/656/exe Jump to behavior
Source: /tmp/na.elf (PID: 5535) File opened: /proc/657/exe Jump to behavior
Source: /tmp/na.elf (PID: 5535) File opened: /proc/658/fd Jump to behavior
Source: /tmp/na.elf (PID: 5535) File opened: /proc/658/fd Jump to behavior
Source: /tmp/na.elf (PID: 5535) File opened: /proc/658/exe Jump to behavior
ELF contains segments with high entropy indicating compressed/encrypted content
Source: na.elf Submission file: segment LOAD with 7.9378 entropy (max. 8.0)
Uses the "uname" system call to query kernel version information (possible evasion)
Source: /tmp/na.elf (PID: 5526) Queries kernel information via 'uname': Jump to behavior
Source: na.elf, 5526.1.000055e89f229000.000055e89f2d9000.rw-.sdmp Binary or memory string: !/etc/qemu-binfmt/ppc11!hotpluggableq
Source: na.elf, 5526.1.00007ffdac2d2000.00007ffdac2f3000.rw-.sdmp, na.elf, 5530.1.00007ffdac2d2000.00007ffdac2f3000.rw-.sdmp, na.elf, 5536.1.00007ffdac2d2000.00007ffdac2f3000.rw-.sdmp Binary or memory string: x86_64/usr/bin/qemu-ppc/tmp/na.elfSUDO_USER=saturninoPATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:/snap/binDISPLAY=:1.0XAUTHORITY=/run/user/1000/gdm/XauthoritySUDO_UID=1000TERM=xterm-256colorCOLORTERM=truecolorLOGNAME=rootUSER=rootLANG=en_US.UTF-8SUDO_COMMAND=/bin/bashHOME=/rootMAIL=/var/mail/rootSUDO_GID=1000SHELL=/bin/bash/tmp/na.elf
Source: na.elf, 5530.1.000055e89f229000.000055e89f2d9000.rw-.sdmp, na.elf, 5536.1.000055e89f229000.000055e89f2d9000.rw-.sdmp Binary or memory string: !/etc/qemu-binfmt/ppc1
Source: na.elf, 5526.1.000055e89f229000.000055e89f2d9000.rw-.sdmp, na.elf, 5530.1.000055e89f229000.000055e89f2d9000.rw-.sdmp, na.elf, 5536.1.000055e89f229000.000055e89f2d9000.rw-.sdmp Binary or memory string: /etc/qemu-binfmt/ppc
Source: na.elf, 5526.1.00007ffdac2d2000.00007ffdac2f3000.rw-.sdmp, na.elf, 5530.1.00007ffdac2d2000.00007ffdac2f3000.rw-.sdmp, na.elf, 5536.1.00007ffdac2d2000.00007ffdac2f3000.rw-.sdmp Binary or memory string: /usr/bin/qemu-ppc

Stealing of Sensitive Information
barindex
Yara detected Mirai
Source: Yara match File source: 5530.1.00007f58f800b000.00007f58f8010000.r-x.sdmp, type: MEMORY
Source: Yara match File source: 5536.1.00007f58f800b000.00007f58f8010000.r-x.sdmp, type: MEMORY
Source: Yara match File source: 5526.1.00007f58f800b000.00007f58f8010000.r-x.sdmp, type: MEMORY
Source: Yara match File source: Process Memory Space: na.elf PID: 5530, type: MEMORYSTR
Source: Yara match File source: Process Memory Space: na.elf PID: 5536, type: MEMORYSTR

Remote Access Functionality
barindex
Yara detected Mirai
Source: Yara match File source: 5530.1.00007f58f800b000.00007f58f8010000.r-x.sdmp, type: MEMORY
Source: Yara match File source: 5536.1.00007f58f800b000.00007f58f8010000.r-x.sdmp, type: MEMORY
Source: Yara match File source: 5526.1.00007f58f800b000.00007f58f8010000.r-x.sdmp, type: MEMORY
Source: Yara match File source: Process Memory Space: na.elf PID: 5530, type: MEMORYSTR
Source: Yara match File source: Process Memory Space: na.elf PID: 5536, type: MEMORYSTR
windows-stand
  • No. of IPs < 25%
  • 25% < No. of IPs < 50%
  • 50% < No. of IPs < 75%
  • 75% < No. of IPs

Contacted Public IPs

IP Domain Country Flag ASN ASN Name Malicious
250.175.220.169
 unknown Reserved
unknown unknown false
45.140.241.88
 unknown Czech Republic
44285 SEFROYEKPARDAZENG-ASAS42043-BertinaTechnologyCompanyIR false
85.92.219.67
 unknown United Kingdom
6908 DATAHOPDatahop-SixDegreesGB false
167.99.111.4
 unknown United States
14061 DIGITALOCEAN-ASNUS false
90.118.15.77
 unknown France
3215 FranceTelecom-OrangeFR false
71.58.143.206
 unknown United States
7922 COMCAST-7922US false
187.134.132.157
 unknown Mexico
8151 UninetSAdeCVMX false
8.20.70.222
 unknown United States
35873 MOVE-NETWORKSUS false
253.162.71.36
 unknown Reserved
unknown unknown false
89.3.222.11
 unknown France
21502 ASN-NUMERICABLEFR false
255.142.71.184
 unknown Reserved
unknown unknown false
155.12.217.60
 unknown unknown
328011 Children-Cancer-HospitalEG false
171.156.14.207
 unknown United States
9874 STARHUB-MOBILEStarHubLtdSG false
58.227.168.158
 unknown Korea Republic of
9318 SKB-ASSKBroadbandCoLtdKR false
169.38.203.97
 unknown United States
36351 SOFTLAYERUS false
171.233.56.182
 unknown Viet Nam
7552 VIETEL-AS-APViettelGroupVN false
252.178.222.61
 unknown Reserved
unknown unknown false
87.224.197.231
 unknown Russian Federation
35154 TELENET-ASRU false
192.37.209.5
 unknown Switzerland
35041 NET-BINERO-STHLM1SE false
207.0.115.7
 unknown United States
3561 CENTURYLINK-LEGACY-SAVVISUS false
69.116.174.19
 unknown United States
6128 CABLE-NET-1US false
124.32.18.181
 unknown Japan 17506 UCOMARTERIANetworksCorporationJP false
124.183.193.171
 unknown Australia
1221 ASN-TELSTRATelstraCorporationLtdAU false
61.11.60.21
 unknown India
17908 TCISLTataCommunicationsIN false
176.84.191.239
 unknown Spain
3352 TELEFONICA_DE_ESPANAES false
70.227.201.82
 unknown United States
7018 ATT-INTERNET4US false
209.255.171.9
 unknown United States
7029 WINDSTREAMUS false
75.125.28.56
 unknown United States
36351 SOFTLAYERUS false
8.167.15.157
 unknown Singapore
37963 CNNIC-ALIBABA-CN-NET-APHangzhouAlibabaAdvertisingCoLtd false
182.84.6.156
 unknown China
4134 CHINANET-BACKBONENo31Jin-rongStreetCN false
150.203.7.138
 unknown Australia
7575 AARNET-AS-APAustralianAcademicandResearchNetworkAARNe false
91.201.116.33
 unknown Russian Federation
15673 TELESETI-PLUS-ASRU false
201.84.92.213
 unknown Brazil
15180 UOLDIVEOSABR false
98.26.127.116
 unknown United States
11426 TWC-11426-CAROLINASUS false
188.22.62.1
 unknown Austria
8447 TELEKOM-ATA1TelekomAustriaAGAT false
198.125.128.2
 unknown United States
291 ESNET-EASTUS false
219.167.67.91
 unknown Japan 4713 OCNNTTCommunicationsCorporationJP false
104.119.246.31
 unknown United States
16625 AKAMAI-ASUS false
185.148.35.174
 unknown Turkey
174 COGENT-174US false
9.94.245.152
 unknown United States
3356 LEVEL3US false
37.194.68.68
 unknown Russian Federation
31200 NTKIPv6customersRU false
80.93.241.231
 unknown Serbia
31042 SERBIA-BROADBAND-ASSerbiaBroadBand-SrpskeKablovskemreze false
165.122.240.249
 unknown United States
3375 MCI-ASNUS false
88.116.195.151
 unknown Austria
8447 TELEKOM-ATA1TelekomAustriaAGAT false
179.114.56.191
 unknown Brazil
26599 TELEFONICABRASILSABR false
190.60.32.42
 unknown Colombia
18747 IFX18747US false
182.102.87.169
 unknown China
4134 CHINANET-BACKBONENo31Jin-rongStreetCN false
98.223.136.130
 unknown United States
7922 COMCAST-7922US false
154.118.94.245
 unknown Nigeria
37340 SpectranetNG false
58.122.17.67
 unknown Korea Republic of
9318 SKB-ASSKBroadbandCoLtdKR false
99.210.200.148
 unknown Canada
812 ROGERS-COMMUNICATIONSCA false
48.26.151.120
 unknown United States
2686 ATGS-MMD-ASUS false
62.39.90.24
 unknown France
15557 LDCOMNETFR false
62.39.89.41
 unknown France
15557 LDCOMNETFR false
19.97.3.249
 unknown United States
3 MIT-GATEWAYSUS false
253.83.50.38
 unknown Reserved
unknown unknown false
158.197.46.134
 unknown Slovakia (SLOVAK Republic)
2607 SANETSlovakAcademicNetworkSK false
245.14.51.220
 unknown Reserved
unknown unknown false
93.237.0.208
 unknown Germany
3320 DTAGInternetserviceprovideroperationsDE false
219.139.129.217
 unknown China
4134 CHINANET-BACKBONENo31Jin-rongStreetCN false
91.18.134.23
 unknown Germany
3320 DTAGInternetserviceprovideroperationsDE false
183.102.37.44
 unknown Korea Republic of
4766 KIXS-AS-KRKoreaTelecomKR false
253.3.226.167
 unknown Reserved
unknown unknown false
140.220.121.121
 unknown United States
600 OARNET-ASUS false
190.179.214.143
 unknown Argentina
22927 TelefonicadeArgentinaAR false
159.205.59.201
 unknown Poland
12741 AS-NETIAWarszawa02-822PL false
253.238.3.49
 unknown Reserved
unknown unknown false
24.105.26.226
 unknown United States
57976 BLIZZARDEU false
4.164.90.220
 unknown United States
3356 LEVEL3US false
151.117.42.237
 unknown United States
32480 LLUMCUS false
118.53.181.191
 unknown Korea Republic of
4766 KIXS-AS-KRKoreaTelecomKR false
40.36.232.134
 unknown United States
4249 LILLY-ASUS false
151.36.65.182
 unknown Italy
1267 ASN-WINDTREIUNETEU false
47.1.138.80
 unknown United States
34533 ESAMARA-ASRU false
112.212.37.221
 unknown Korea Republic of
9689 FCABLE-ASTBroadKR false
97.49.152.234
 unknown United States
22394 CELLCOUS false
218.204.156.40
 unknown China
9808 CMNET-GDGuangdongMobileCommunicationCoLtdCN false
156.175.119.87
 unknown Egypt
36992 ETISALAT-MISREG false
108.52.174.207
 unknown United States
701 UUNETUS false
178.80.9.242
 unknown Saudi Arabia
35819 MOBILY-ASEtihadEtisalatCompanyMobilySA false
208.156.37.155
 unknown United States
3561 CENTURYLINK-LEGACY-SAVVISUS false
162.209.66.35
 unknown United States
33070 RMH-14US false
24.132.156.214
 unknown Netherlands
6830 LIBERTYGLOBALLibertyGlobalformerlyUPCBroadbandHolding false
201.10.81.162
 unknown Brazil
8167 BrasilTelecomSA-FilialDistritoFederalBR false
166.189.228.29
 unknown United States
20057 ATT-MOBILITY-LLC-AS20057US false
9.187.35.106
 unknown United States
3356 LEVEL3US false
80.81.167.68
 unknown Finland
719 ELISA-ASHelsinkiFinlandEU false
216.121.136.98
 unknown Canada
7992 COGECOWAVECA false
108.76.51.17
 unknown United States
7018 ATT-INTERNET4US false
101.16.254.250
 unknown China
4837 CHINA169-BACKBONECHINAUNICOMChina169BackboneCN false
203.237.97.49
 unknown Korea Republic of
9754 CSU-ASCHOSUNUNIVERSITYKR false
182.97.117.180
 unknown China
4134 CHINANET-BACKBONENo31Jin-rongStreetCN false
66.17.93.129
 unknown United States
35985 ONERINGNET-ATL-1US false
121.102.187.200
 unknown Japan 2497 IIJInternetInitiativeJapanIncJP false
116.59.40.188
 unknown Taiwan; Republic of China (ROC)
17421 EMOME-NETMobileBusinessGroupTW false
195.131.41.98
 unknown Russian Federation
12714 TI-ASMoscowRussiaRU false
241.192.172.93
 unknown Reserved
unknown unknown false
44.141.233.107
 unknown United States
1653 SUNETSUNETSwedishUniversityNetworkEU false
60.40.149.113
 unknown Japan 4713 OCNNTTCommunicationsCorporationJP false
23.85.153.205
 unknown United States
395954 LEASEWEB-USA-LAX-11US false