Linux Analysis Report
peYe24ayqp

Overview

General Information

Sample Name: peYe24ayqp
Analysis ID: 626461
MD5: 9bfc4e323b0925534fea18588b776a79
SHA1: 9a6e06578d0f9ebfc65c39c513b4c6ee9015a6b0
SHA256: 1e85e1f64e03c60ea0cdf08ef7227e6153fad2810dff6a58a0c49da88fce3c9b
Tags: 32elfmipsmirai
Infos:

Detection

Mirai
Score: 64
Range: 0 - 100
Whitelisted: false

Signatures

Yara detected Mirai
Multi AV Scanner detection for submitted file
Sample is packed with UPX
Uses known network protocols on non-standard ports
Sample contains only a LOAD segment without any section mappings
Uses the "uname" system call to query kernel version information (possible evasion)
Enumerates processes within the "proc" file system
Tries to connect to HTTP servers, but all servers are down (expired dropper behavior)
Detected TCP or UDP traffic on non-standard ports
Sample listens on a socket
Sample tries to kill a process (SIGKILL)

Classification

AV Detection
barindex
Multi AV Scanner detection for submitted file
Source: peYe24ayqp Virustotal: Detection: 39% Perma Link

Networking
barindex
Uses known network protocols on non-standard ports
Source: unknown Network traffic detected: HTTP traffic on port 23 -> 37648
Source: unknown Network traffic detected: HTTP traffic on port 23 -> 37654
Source: unknown Network traffic detected: HTTP traffic on port 23 -> 37660
Source: unknown Network traffic detected: HTTP traffic on port 23 -> 37662
Source: unknown Network traffic detected: HTTP traffic on port 23 -> 37664
Source: unknown Network traffic detected: HTTP traffic on port 23 -> 37666
Source: unknown Network traffic detected: HTTP traffic on port 23 -> 37670
Source: unknown Network traffic detected: HTTP traffic on port 23 -> 37672
Source: unknown Network traffic detected: HTTP traffic on port 23 -> 37678
Source: unknown Network traffic detected: HTTP traffic on port 23 -> 37680
Source: unknown Network traffic detected: HTTP traffic on port 23 -> 37480
Source: unknown Network traffic detected: HTTP traffic on port 23 -> 37496
Source: unknown Network traffic detected: HTTP traffic on port 23 -> 37510
Source: unknown Network traffic detected: HTTP traffic on port 23 -> 37516
Source: unknown Network traffic detected: HTTP traffic on port 23 -> 37524
Source: unknown Network traffic detected: HTTP traffic on port 23 -> 37534
Source: unknown Network traffic detected: HTTP traffic on port 23 -> 37542
Source: unknown Network traffic detected: HTTP traffic on port 23 -> 37560
Source: unknown Network traffic detected: HTTP traffic on port 23 -> 37618
Source: unknown Network traffic detected: HTTP traffic on port 23 -> 37644
Tries to connect to HTTP servers, but all servers are down (expired dropper behavior)
Source: global traffic TCP traffic: 192.168.2.23:42836 -> 91.189.91.43:443
Source: global traffic TCP traffic: 192.168.2.23:42516 -> 109.202.202.202:80
Source: global traffic TCP traffic: 192.168.2.23:43928 -> 91.189.91.42:443
Detected TCP or UDP traffic on non-standard ports
Source: global traffic TCP traffic: 192.168.2.23:60988 -> 107.172.197.117:1312
Sample listens on a socket
Source: /tmp/peYe24ayqp (PID: 6230) Socket: 0.0.0.0::0 Jump to behavior
Source: /tmp/peYe24ayqp (PID: 6230) Socket: 0.0.0.0::23 Jump to behavior
Source: /tmp/peYe24ayqp (PID: 6230) Socket: 0.0.0.0::53413 Jump to behavior
Source: /tmp/peYe24ayqp (PID: 6230) Socket: 0.0.0.0::80 Jump to behavior
Source: /tmp/peYe24ayqp (PID: 6230) Socket: 0.0.0.0::52869 Jump to behavior
Source: /tmp/peYe24ayqp (PID: 6230) Socket: 0.0.0.0::37215 Jump to behavior
Source: /tmp/peYe24ayqp (PID: 6236) Socket: 0.0.0.0::0 Jump to behavior
Source: unknown Network traffic detected: HTTP traffic on port 43928 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 42836 -> 443
Source: unknown TCP traffic detected without corresponding DNS query: 107.172.197.117
Source: unknown TCP traffic detected without corresponding DNS query: 102.107.118.157
Source: unknown TCP traffic detected without corresponding DNS query: 223.244.51.45
Source: unknown TCP traffic detected without corresponding DNS query: 180.190.143.75
Source: unknown TCP traffic detected without corresponding DNS query: 32.51.237.157
Source: unknown TCP traffic detected without corresponding DNS query: 74.81.62.205
Source: unknown TCP traffic detected without corresponding DNS query: 182.236.84.253
Source: unknown TCP traffic detected without corresponding DNS query: 251.196.131.93
Source: unknown TCP traffic detected without corresponding DNS query: 113.62.205.134
Source: unknown TCP traffic detected without corresponding DNS query: 65.61.105.48
Source: unknown TCP traffic detected without corresponding DNS query: 89.20.39.97
Source: unknown TCP traffic detected without corresponding DNS query: 59.13.162.104
Source: unknown TCP traffic detected without corresponding DNS query: 42.165.196.24
Source: unknown TCP traffic detected without corresponding DNS query: 41.106.182.17
Source: unknown TCP traffic detected without corresponding DNS query: 165.86.37.217
Source: unknown TCP traffic detected without corresponding DNS query: 203.20.140.68
Source: unknown TCP traffic detected without corresponding DNS query: 243.131.121.67
Source: unknown TCP traffic detected without corresponding DNS query: 80.28.47.160
Source: unknown TCP traffic detected without corresponding DNS query: 249.254.163.117
Source: unknown TCP traffic detected without corresponding DNS query: 12.142.250.113
Source: unknown TCP traffic detected without corresponding DNS query: 35.117.75.7
Source: unknown TCP traffic detected without corresponding DNS query: 16.39.203.168
Source: unknown TCP traffic detected without corresponding DNS query: 77.221.202.71
Source: unknown TCP traffic detected without corresponding DNS query: 126.71.140.176
Source: unknown TCP traffic detected without corresponding DNS query: 73.3.63.49
Source: unknown TCP traffic detected without corresponding DNS query: 103.19.84.15
Source: unknown TCP traffic detected without corresponding DNS query: 184.138.5.127
Source: unknown TCP traffic detected without corresponding DNS query: 149.239.122.147
Source: unknown TCP traffic detected without corresponding DNS query: 72.253.75.249
Source: unknown TCP traffic detected without corresponding DNS query: 246.21.12.17
Source: unknown TCP traffic detected without corresponding DNS query: 62.88.142.52
Source: unknown TCP traffic detected without corresponding DNS query: 250.6.251.242
Source: unknown TCP traffic detected without corresponding DNS query: 138.220.204.61
Source: unknown TCP traffic detected without corresponding DNS query: 168.190.2.78
Source: unknown TCP traffic detected without corresponding DNS query: 187.165.17.140
Source: unknown TCP traffic detected without corresponding DNS query: 38.161.174.176
Source: unknown TCP traffic detected without corresponding DNS query: 142.113.78.26
Source: unknown TCP traffic detected without corresponding DNS query: 149.73.61.93
Source: unknown TCP traffic detected without corresponding DNS query: 180.186.166.215
Source: unknown TCP traffic detected without corresponding DNS query: 169.61.111.91
Source: unknown TCP traffic detected without corresponding DNS query: 187.217.147.1
Source: unknown TCP traffic detected without corresponding DNS query: 120.22.9.83
Source: unknown TCP traffic detected without corresponding DNS query: 108.189.250.24
Source: unknown TCP traffic detected without corresponding DNS query: 166.84.139.24
Source: unknown TCP traffic detected without corresponding DNS query: 83.196.76.168
Source: unknown TCP traffic detected without corresponding DNS query: 111.227.241.33
Source: unknown TCP traffic detected without corresponding DNS query: 189.140.229.240
Source: unknown TCP traffic detected without corresponding DNS query: 125.120.45.197
Source: unknown TCP traffic detected without corresponding DNS query: 175.94.38.106
Source: unknown TCP traffic detected without corresponding DNS query: 251.37.61.193
Source: peYe24ayqp String found in binary or memory: http://upx.sf.net
Sample contains only a LOAD segment without any section mappings
Source: LOAD without section mappings Program segment: 0x100000
Sample tries to kill a process (SIGKILL)
Source: /tmp/peYe24ayqp (PID: 6230) SIGKILL sent: pid: 936, result: successful Jump to behavior
Source: /tmp/peYe24ayqp (PID: 6236) SIGKILL sent: pid: 936, result: successful Jump to behavior
Source: classification engine Classification label: mal64.troj.evad.lin@0/0@0/0

Data Obfuscation
barindex
Sample is packed with UPX
Source: initial sample String containing UPX found: $Info: This file is packed with the UPX executable packer http://upx.sf.net $
Source: initial sample String containing UPX found: $Info: This file is packed with the UPX executable packer http://upx.sf.net $
Source: initial sample String containing UPX found: $Id: UPX 3.94 Copyright (C) 1996-2017 the UPX Team. All Rights Reserved. $
Enumerates processes within the "proc" file system
Source: /tmp/peYe24ayqp (PID: 6230) File opened: /proc/491/fd Jump to behavior
Source: /tmp/peYe24ayqp (PID: 6230) File opened: /proc/793/fd Jump to behavior
Source: /tmp/peYe24ayqp (PID: 6230) File opened: /proc/772/fd Jump to behavior
Source: /tmp/peYe24ayqp (PID: 6230) File opened: /proc/796/fd Jump to behavior
Source: /tmp/peYe24ayqp (PID: 6230) File opened: /proc/774/fd Jump to behavior
Source: /tmp/peYe24ayqp (PID: 6230) File opened: /proc/797/fd Jump to behavior
Source: /tmp/peYe24ayqp (PID: 6230) File opened: /proc/777/fd Jump to behavior
Source: /tmp/peYe24ayqp (PID: 6230) File opened: /proc/799/fd Jump to behavior
Source: /tmp/peYe24ayqp (PID: 6230) File opened: /proc/658/fd Jump to behavior
Source: /tmp/peYe24ayqp (PID: 6230) File opened: /proc/912/fd Jump to behavior
Source: /tmp/peYe24ayqp (PID: 6230) File opened: /proc/759/fd Jump to behavior
Source: /tmp/peYe24ayqp (PID: 6230) File opened: /proc/936/fd Jump to behavior
Source: /tmp/peYe24ayqp (PID: 6230) File opened: /proc/918/fd Jump to behavior
Source: /tmp/peYe24ayqp (PID: 6230) File opened: /proc/1/fd Jump to behavior
Source: /tmp/peYe24ayqp (PID: 6230) File opened: /proc/761/fd Jump to behavior
Source: /tmp/peYe24ayqp (PID: 6230) File opened: /proc/785/fd Jump to behavior
Source: /tmp/peYe24ayqp (PID: 6230) File opened: /proc/884/fd Jump to behavior
Source: /tmp/peYe24ayqp (PID: 6230) File opened: /proc/720/fd Jump to behavior
Source: /tmp/peYe24ayqp (PID: 6230) File opened: /proc/721/fd Jump to behavior
Source: /tmp/peYe24ayqp (PID: 6230) File opened: /proc/788/fd Jump to behavior
Source: /tmp/peYe24ayqp (PID: 6230) File opened: /proc/789/fd Jump to behavior
Source: /tmp/peYe24ayqp (PID: 6230) File opened: /proc/800/fd Jump to behavior
Source: /tmp/peYe24ayqp (PID: 6230) File opened: /proc/801/fd Jump to behavior
Source: /tmp/peYe24ayqp (PID: 6230) File opened: /proc/847/fd Jump to behavior
Source: /tmp/peYe24ayqp (PID: 6230) File opened: /proc/904/fd Jump to behavior
Source: /tmp/peYe24ayqp (PID: 6236) File opened: /proc/491/fd Jump to behavior
Source: /tmp/peYe24ayqp (PID: 6236) File opened: /proc/793/fd Jump to behavior
Source: /tmp/peYe24ayqp (PID: 6236) File opened: /proc/772/fd Jump to behavior
Source: /tmp/peYe24ayqp (PID: 6236) File opened: /proc/796/fd Jump to behavior
Source: /tmp/peYe24ayqp (PID: 6236) File opened: /proc/774/fd Jump to behavior
Source: /tmp/peYe24ayqp (PID: 6236) File opened: /proc/797/fd Jump to behavior
Source: /tmp/peYe24ayqp (PID: 6236) File opened: /proc/777/fd Jump to behavior
Source: /tmp/peYe24ayqp (PID: 6236) File opened: /proc/799/fd Jump to behavior
Source: /tmp/peYe24ayqp (PID: 6236) File opened: /proc/658/fd Jump to behavior
Source: /tmp/peYe24ayqp (PID: 6236) File opened: /proc/912/fd Jump to behavior
Source: /tmp/peYe24ayqp (PID: 6236) File opened: /proc/759/fd Jump to behavior
Source: /tmp/peYe24ayqp (PID: 6236) File opened: /proc/936/fd Jump to behavior
Source: /tmp/peYe24ayqp (PID: 6236) File opened: /proc/918/fd Jump to behavior
Source: /tmp/peYe24ayqp (PID: 6236) File opened: /proc/1/fd Jump to behavior
Source: /tmp/peYe24ayqp (PID: 6236) File opened: /proc/761/fd Jump to behavior
Source: /tmp/peYe24ayqp (PID: 6236) File opened: /proc/785/fd Jump to behavior
Source: /tmp/peYe24ayqp (PID: 6236) File opened: /proc/884/fd Jump to behavior
Source: /tmp/peYe24ayqp (PID: 6236) File opened: /proc/720/fd Jump to behavior
Source: /tmp/peYe24ayqp (PID: 6236) File opened: /proc/721/fd Jump to behavior
Source: /tmp/peYe24ayqp (PID: 6236) File opened: /proc/788/fd Jump to behavior
Source: /tmp/peYe24ayqp (PID: 6236) File opened: /proc/789/fd Jump to behavior
Source: /tmp/peYe24ayqp (PID: 6236) File opened: /proc/800/fd Jump to behavior
Source: /tmp/peYe24ayqp (PID: 6236) File opened: /proc/801/fd Jump to behavior
Source: /tmp/peYe24ayqp (PID: 6236) File opened: /proc/847/fd Jump to behavior
Source: /tmp/peYe24ayqp (PID: 6236) File opened: /proc/904/fd Jump to behavior

Hooking and other Techniques for Hiding and Protection
barindex
Uses known network protocols on non-standard ports
Source: unknown Network traffic detected: HTTP traffic on port 23 -> 37648
Source: unknown Network traffic detected: HTTP traffic on port 23 -> 37654
Source: unknown Network traffic detected: HTTP traffic on port 23 -> 37660
Source: unknown Network traffic detected: HTTP traffic on port 23 -> 37662
Source: unknown Network traffic detected: HTTP traffic on port 23 -> 37664
Source: unknown Network traffic detected: HTTP traffic on port 23 -> 37666
Source: unknown Network traffic detected: HTTP traffic on port 23 -> 37670
Source: unknown Network traffic detected: HTTP traffic on port 23 -> 37672
Source: unknown Network traffic detected: HTTP traffic on port 23 -> 37678
Source: unknown Network traffic detected: HTTP traffic on port 23 -> 37680
Source: unknown Network traffic detected: HTTP traffic on port 23 -> 37480
Source: unknown Network traffic detected: HTTP traffic on port 23 -> 37496
Source: unknown Network traffic detected: HTTP traffic on port 23 -> 37510
Source: unknown Network traffic detected: HTTP traffic on port 23 -> 37516
Source: unknown Network traffic detected: HTTP traffic on port 23 -> 37524
Source: unknown Network traffic detected: HTTP traffic on port 23 -> 37534
Source: unknown Network traffic detected: HTTP traffic on port 23 -> 37542
Source: unknown Network traffic detected: HTTP traffic on port 23 -> 37560
Source: unknown Network traffic detected: HTTP traffic on port 23 -> 37618
Source: unknown Network traffic detected: HTTP traffic on port 23 -> 37644
Uses the "uname" system call to query kernel version information (possible evasion)
Source: /tmp/peYe24ayqp (PID: 6228) Queries kernel information via 'uname': Jump to behavior
Source: peYe24ayqp, 6228.1.00000000d1404dbe.00000000a76905e6.rw-.sdmp, peYe24ayqp, 6230.1.00000000d1404dbe.00000000a76905e6.rw-.sdmp, peYe24ayqp, 6326.1.00000000d1404dbe.00000000a76905e6.rw-.sdmp, peYe24ayqp, 6344.1.00000000d1404dbe.00000000a76905e6.rw-.sdmp, peYe24ayqp, 6336.1.00000000d1404dbe.00000000a76905e6.rw-.sdmp, peYe24ayqp, 6231.1.00000000d1404dbe.00000000a76905e6.rw-.sdmp, peYe24ayqp, 6327.1.00000000d1404dbe.00000000a76905e6.rw-.sdmp, peYe24ayqp, 6238.1.00000000d1404dbe.00000000a76905e6.rw-.sdmp Binary or memory string: x86_64/usr/bin/qemu-mips/tmp/peYe24ayqpSUDO_USER=saturninoPATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:/snap/binDISPLAY=:1.0XAUTHORITY=/run/user/1000/gdm/XauthoritySUDO_UID=1000TERM=xterm-256colorCOLORTERM=truecolorLOGNAME=rootUSER=rootLANG=en_US.UTF-8SUDO_COMMAND=/bin/bashHOME=/rootMAIL=/var/mail/rootSUDO_GID=1000SHELL=/bin/bash/tmp/peYe24ayqp
Source: peYe24ayqp, 6228.1.00000000d1aa28eb.0000000094e88a65.rw-.sdmp, peYe24ayqp, 6230.1.00000000d1aa28eb.0000000094e88a65.rw-.sdmp, peYe24ayqp, 6326.1.00000000d1aa28eb.0000000094e88a65.rw-.sdmp, peYe24ayqp, 6344.1.00000000d1aa28eb.0000000094e88a65.rw-.sdmp, peYe24ayqp, 6336.1.00000000d1aa28eb.0000000094e88a65.rw-.sdmp, peYe24ayqp, 6231.1.00000000d1aa28eb.0000000094e88a65.rw-.sdmp, peYe24ayqp, 6327.1.00000000d1aa28eb.0000000094e88a65.rw-.sdmp, peYe24ayqp, 6238.1.00000000d1aa28eb.0000000094e88a65.rw-.sdmp Binary or memory string: U!/etc/qemu-binfmt/mips
Source: peYe24ayqp, 6228.1.00000000d1aa28eb.0000000094e88a65.rw-.sdmp, peYe24ayqp, 6230.1.00000000d1aa28eb.0000000094e88a65.rw-.sdmp, peYe24ayqp, 6326.1.00000000d1aa28eb.0000000094e88a65.rw-.sdmp, peYe24ayqp, 6344.1.00000000d1aa28eb.0000000094e88a65.rw-.sdmp, peYe24ayqp, 6336.1.00000000d1aa28eb.0000000094e88a65.rw-.sdmp, peYe24ayqp, 6231.1.00000000d1aa28eb.0000000094e88a65.rw-.sdmp, peYe24ayqp, 6327.1.00000000d1aa28eb.0000000094e88a65.rw-.sdmp, peYe24ayqp, 6238.1.00000000d1aa28eb.0000000094e88a65.rw-.sdmp Binary or memory string: /etc/qemu-binfmt/mips
Source: peYe24ayqp, 6228.1.00000000d1404dbe.00000000a76905e6.rw-.sdmp, peYe24ayqp, 6230.1.00000000d1404dbe.00000000a76905e6.rw-.sdmp, peYe24ayqp, 6326.1.00000000d1404dbe.00000000a76905e6.rw-.sdmp, peYe24ayqp, 6344.1.00000000d1404dbe.00000000a76905e6.rw-.sdmp, peYe24ayqp, 6336.1.00000000d1404dbe.00000000a76905e6.rw-.sdmp, peYe24ayqp, 6231.1.00000000d1404dbe.00000000a76905e6.rw-.sdmp, peYe24ayqp, 6327.1.00000000d1404dbe.00000000a76905e6.rw-.sdmp, peYe24ayqp, 6238.1.00000000d1404dbe.00000000a76905e6.rw-.sdmp Binary or memory string: /usr/bin/qemu-mips

Stealing of Sensitive Information
barindex
Yara detected Mirai
Source: Yara match File source: dump.pcap, type: PCAP

Remote Access Functionality
barindex
Yara detected Mirai
Source: Yara match File source: dump.pcap, type: PCAP

No Screenshots

  • No. of IPs < 25%
  • 25% < No. of IPs < 50%
  • 50% < No. of IPs < 75%
  • 75% < No. of IPs

Contacted Public IPs

IP Domain Country Flag ASN ASN Name Malicious
14.29.123.26
 unknown China
58466 CT-GUANGZHOU-IDCCHINANETGuangdongprovincenetworkCN false
68.146.32.212
 unknown Canada
6327 SHAWCA false
102.55.12.135
 unknown Morocco
6713 IAM-ASMA false
119.135.93.16
 unknown China
4134 CHINANET-BACKBONENo31Jin-rongStreetCN false
4.126.218.135
 unknown United States
3356 LEVEL3US false
161.29.58.110
 unknown New Zealand
9790 VOCUSGROUPNZVocusGroupNZ false
190.41.237.126
 unknown Peru
6147 TelefonicadelPeruSAAPE false
157.199.114.232
 unknown United States
3356 LEVEL3US false
133.84.240.180
 unknown Japan 55904 KOGAKUIN-ASKOGAKUINUniversityJP false
32.129.235.55
 unknown United States
2686 ATGS-MMD-ASUS false
24.210.193.128
 unknown United States
10796 TWC-10796-MIDWESTUS false
177.35.57.101
 unknown Brazil
28573 CLAROSABR false
253.161.145.216
 unknown Reserved
unknown unknown false
58.208.50.191
 unknown China
4134 CHINANET-BACKBONENo31Jin-rongStreetCN false
160.27.251.134
 unknown Japan 9371 SAKURA-CSAKURAInternetIncJP false
14.222.189.102
 unknown China
4134 CHINANET-BACKBONENo31Jin-rongStreetCN false
240.152.191.178
 unknown Reserved
unknown unknown false
60.181.164.23
 unknown China
4134 CHINANET-BACKBONENo31Jin-rongStreetCN false
42.116.150.25
 unknown Viet Nam
18403 FPT-AS-APTheCorporationforFinancingPromotingTechnolo false
95.229.249.242
 unknown Italy
3269 ASN-IBSNAZIT false
68.232.101.62
 unknown United States
21570 ACI-1CA false
252.212.204.102
 unknown Reserved
unknown unknown false
240.245.1.2
 unknown Reserved
unknown unknown false
161.93.54.151
 unknown Japan 14298 EPA-NETUS false
46.56.82.245
 unknown Belarus
25106 MTSBY-ASBY false
41.215.59.21
 unknown Kenya
15808 ACCESSKENYA-KEACCESSKENYAGROUPLTDisanISPservingKE false
59.84.94.186
 unknown Japan 10010 TOKAITOKAICommunicationsCorporationJP false
207.123.91.124
 unknown United States
3356 LEVEL3US false
45.2.242.94
 unknown Canada
7311 FRONTIERCA false
78.166.82.213
 unknown Turkey
9121 TTNETTR false
187.218.161.255
 unknown Mexico
8151 UninetSAdeCVMX false
12.175.157.173
 unknown United States
7018 ATT-INTERNET4US false
194.175.56.102
 unknown Germany
702 UUNETUS false
43.110.126.185
 unknown Japan 4249 LILLY-ASUS false
74.205.21.243
 unknown United States
27357 RACKSPACEUS false
113.155.242.51
 unknown Japan 2516 KDDIKDDICORPORATIONJP false
39.205.48.21
 unknown Indonesia
23693 TELKOMSEL-ASN-IDPTTelekomunikasiSelularID false
93.143.119.222
 unknown Croatia (LOCAL Name: Hrvatska)
5391 T-HTCroatianTelecomIncHR false
14.49.183.189
 unknown Korea Republic of
4766 KIXS-AS-KRKoreaTelecomKR false
105.108.43.204
 unknown Algeria
36947 ALGTEL-ASDZ false
32.66.61.204
 unknown United States
2686 ATGS-MMD-ASUS false
81.223.241.91
 unknown Austria
6830 LIBERTYGLOBALLibertyGlobalformerlyUPCBroadbandHolding false
142.124.141.1
 unknown Canada
577 BACOMCA false
169.209.98.56
 unknown Korea Republic of
37611 AfrihostZA false
209.101.91.219
 unknown United States
4565 MEGAPATH2-US false
210.212.47.131
 unknown India
9829 BSNL-NIBNationalInternetBackboneIN false
86.55.160.151
 unknown Iran (ISLAMIC Republic Of)
197207 MCCI-ASIR false
210.212.47.132
 unknown India
9829 BSNL-NIBNationalInternetBackboneIN false
89.45.44.194
 unknown Romania
6830 LIBERTYGLOBALLibertyGlobalformerlyUPCBroadbandHolding false
156.146.203.249
 unknown United States
1448 UNITED-BROADBANDUS false
35.21.235.111
 unknown United States
36375 UMICH-AS-5US false
62.215.172.89
 unknown Kuwait
21050 FAST-TELCOKW false
110.42.146.95
 unknown China
136188 CHINATELECOM-ZHEJIANG-NINGBO-IDCNINGBOZHEJIANGProvince false
252.12.195.243
 unknown Reserved
unknown unknown false
78.88.244.98
 unknown Poland
29314 VECTRANET-ASAlZwyciestwa25381-525GdyniaPolandPL false
213.13.73.149
 unknown Portugal
3243 MEO-RESIDENCIALPT false
39.29.179.34
 unknown Korea Republic of
4766 KIXS-AS-KRKoreaTelecomKR false
37.165.124.192
 unknown France
51207 FREEMFR false
69.174.188.24
 unknown United States
54373 MESSAGEEXPRESSINTERNETUS false
107.232.142.23
 unknown United States
20057 ATT-MOBILITY-LLC-AS20057US false
172.141.183.80
 unknown United States
7018 ATT-INTERNET4US false
89.62.186.148
 unknown Germany
5430 FREENETDEfreenetDatenkommunikationsGmbHDE false
108.228.181.104
 unknown United States
7018 ATT-INTERNET4US false
254.126.128.144
 unknown Reserved
unknown unknown false
31.193.145.83
 unknown Iran (ISLAMIC Republic Of)
58224 TCIIR false
100.167.204.98
 unknown United States
21928 T-MOBILE-AS21928US false
121.65.193.191
 unknown Korea Republic of
3786 LGDACOMLGDACOMCorporationKR false
203.23.189.104
 unknown unknown
17914 MULTIBASETECH-AS-APMultibaseTechnologiesPtyLtdAU false
142.121.109.61
 unknown Canada
577 BACOMCA false
182.251.40.205
 unknown Japan 2516 KDDIKDDICORPORATIONJP false
249.7.138.185
 unknown Reserved
unknown unknown false
58.44.27.66
 unknown China
4134 CHINANET-BACKBONENo31Jin-rongStreetCN false
102.40.44.183
 unknown Egypt
8452 TE-ASTE-ASEG false
165.170.160.55
 unknown United States
5647 ASN-KODAKUS false
196.177.152.107
 unknown Tunisia
37693 TUNISIANATN false
187.206.32.243
 unknown Mexico
8151 UninetSAdeCVMX false
172.255.161.128
 unknown United States
395954 LEASEWEB-USA-LAX-11US false
31.215.25.216
 unknown United Arab Emirates
5384 EMIRATES-INTERNETEmiratesInternetAE false
189.218.211.162
 unknown Mexico
11888 TelevisionInternacionalSAdeCVMX false
196.17.109.119
 unknown Seychelles
9009 M247GB false
74.66.112.106
 unknown United States
12271 TWC-12271-NYCUS false
195.176.251.214
 unknown Switzerland
559 SWITCHPeeringrequestspeeringswitchchEU false
98.60.86.32
 unknown United States
7922 COMCAST-7922US false
121.44.190.55
 unknown Australia
4739 INTERNODE-ASInternodePtyLtdAU false
202.218.0.120
 unknown Japan 4694 IDCFIDCFrontierIncJP false
117.58.42.55
 unknown China
4782 GSNETDataCommunicationBusinessGroupTW false
117.69.181.50
 unknown China
4134 CHINANET-BACKBONENo31Jin-rongStreetCN false
109.93.37.75
 unknown Serbia
8400 TELEKOM-ASRS false
83.54.6.155
 unknown Spain
3352 TELEFONICA_DE_ESPANAES false
147.195.9.104
 unknown United States
15128 COMWAVE-BGP-01CA false
8.90.239.74
 unknown United States
3356 LEVEL3US false
153.158.25.137
 unknown Japan 4713 OCNNTTCommunicationsCorporationJP false
71.19.80.21
 unknown Canada
14366 MNTNCA false
92.184.7.87
 unknown France
12479 UNI2-ASES false
85.136.26.187
 unknown Spain
12357 COMUNITELSPAINES false
35.149.133.149
 unknown United States
394141 ROCKET-FIBERUS false
18.81.216.181
 unknown United States
3 MIT-GATEWAYSUS false
68.219.64.2
 unknown United States
6389 BELLSOUTH-NET-BLKUS false
61.242.114.67
 unknown China
17622 CNCGROUP-GZChinaUnicomGuangzhounetworkCN false
104.94.61.209
 unknown United States
16625 AKAMAI-ASUS false