Loading Joe Sandbox Report ...

Edit tour

Linux Analysis Report
M5VGS77ZYY

Overview

General Information

Sample Name:M5VGS77ZYY
Analysis ID:626496
MD5:d415fdebf7bd931bee44ead0bd610670
SHA1:d86d4995ba2709a3a99087c2ddae368d9ffc4a09
SHA256:a24e8198dde3955f7b2007a8b9e25eefa1f1dc30ffaac3f0b31d650930c63c1c
Tags:32elfmiraimotorola
Infos:

Detection

Mirai
Score:60
Range:0 - 100
Whitelisted:false

Signatures

Yara detected Mirai
Multi AV Scanner detection for submitted file
Uses known network protocols on non-standard ports
Sample has stripped symbol table
Uses the "uname" system call to query kernel version information (possible evasion)
Enumerates processes within the "proc" file system
Tries to connect to HTTP servers, but all servers are down (expired dropper behavior)
Detected TCP or UDP traffic on non-standard ports
Sample listens on a socket
Sample tries to kill a process (SIGKILL)

Classification

Analysis Advice

Static ELF header machine description suggests that the sample might not execute correctly on this machine.
All HTTP servers contacted by the sample do not answer. The sample is likely an old dropper which does no longer work.
Joe Sandbox Version:34.0.0 Boulder Opal
Analysis ID:626496
Start date and time: 14/05/202204:55:322022-05-14 04:55:32 +02:00
Joe Sandbox Product:CloudBasic
Overall analysis duration:0h 7m 39s
Hypervisor based Inspection enabled:false
Report type:full
Sample file name:M5VGS77ZYY
Cookbook file name:defaultlinuxfilecookbook.jbs
Analysis system description:Ubuntu Linux 20.04 x64 (Kernel 5.4.0-72, Firefox 91.0, Evince Document Viewer 3.36.10, LibreOffice 6.4.7.2, OpenJDK 11.0.11)
Analysis Mode:default
Detection:MAL
Classification:mal60.troj.lin@0/0@0/0
  • Report size exceeded maximum capacity and may have missing network information.
Command:/tmp/M5VGS77ZYY
PID:6250
Exit Code:0
Exit Code Info:
Killed:False
Standard Output:
Connected To CNC
Standard Error:
  • system is lnxubuntu20
  • cleanup
SourceRuleDescriptionAuthorStrings
dump.pcapJoeSecurity_Mirai_12Yara detected MiraiJoe Security
    No Snort rule has matched

    Click to jump to signature section

    Show All Signature Results

    AV Detection

    barindex
    Source: M5VGS77ZYYVirustotal: Detection: 50%Perma Link

    Networking

    barindex
    Source: unknownNetwork traffic detected: HTTP traffic on port 23 -> 52222
    Source: unknownNetwork traffic detected: HTTP traffic on port 23 -> 52224
    Source: unknownNetwork traffic detected: HTTP traffic on port 23 -> 52226
    Source: unknownNetwork traffic detected: HTTP traffic on port 23 -> 52228
    Source: unknownNetwork traffic detected: HTTP traffic on port 23 -> 52230
    Source: unknownNetwork traffic detected: HTTP traffic on port 23 -> 52232
    Source: unknownNetwork traffic detected: HTTP traffic on port 23 -> 52236
    Source: unknownNetwork traffic detected: HTTP traffic on port 23 -> 52238
    Source: unknownNetwork traffic detected: HTTP traffic on port 23 -> 52242
    Source: unknownNetwork traffic detected: HTTP traffic on port 23 -> 52246
    Source: unknownNetwork traffic detected: HTTP traffic on port 23 -> 51856
    Source: unknownNetwork traffic detected: HTTP traffic on port 23 -> 51862
    Source: unknownNetwork traffic detected: HTTP traffic on port 23 -> 51866
    Source: unknownNetwork traffic detected: HTTP traffic on port 23 -> 51874
    Source: unknownNetwork traffic detected: HTTP traffic on port 23 -> 51888
    Source: unknownNetwork traffic detected: HTTP traffic on port 23 -> 51898
    Source: unknownNetwork traffic detected: HTTP traffic on port 23 -> 51908
    Source: unknownNetwork traffic detected: HTTP traffic on port 23 -> 51918
    Source: unknownNetwork traffic detected: HTTP traffic on port 23 -> 51928
    Source: unknownNetwork traffic detected: HTTP traffic on port 23 -> 51932
    Source: global trafficTCP traffic: 192.168.2.23:42836 -> 91.189.91.43:443
    Source: global trafficTCP traffic: 192.168.2.23:42516 -> 109.202.202.202:80
    Source: global trafficTCP traffic: 192.168.2.23:43928 -> 91.189.91.42:443
    Source: global trafficTCP traffic: 192.168.2.23:39634 -> 198.98.54.25:1312
    Source: /tmp/M5VGS77ZYY (PID: 6252)Socket: 0.0.0.0::0Jump to behavior
    Source: /tmp/M5VGS77ZYY (PID: 6258)Socket: 0.0.0.0::0Jump to behavior
    Source: unknownNetwork traffic detected: HTTP traffic on port 43928 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 42836 -> 443
    Source: unknownTCP traffic detected without corresponding DNS query: 62.141.119.126
    Source: unknownTCP traffic detected without corresponding DNS query: 91.189.91.43
    Source: unknownTCP traffic detected without corresponding DNS query: 109.202.202.202
    Source: unknownTCP traffic detected without corresponding DNS query: 198.98.54.25
    Source: unknownTCP traffic detected without corresponding DNS query: 203.227.76.157
    Source: unknownTCP traffic detected without corresponding DNS query: 60.57.87.155
    Source: unknownTCP traffic detected without corresponding DNS query: 169.220.25.105
    Source: unknownTCP traffic detected without corresponding DNS query: 12.108.125.203
    Source: unknownTCP traffic detected without corresponding DNS query: 18.72.69.103
    Source: unknownTCP traffic detected without corresponding DNS query: 41.68.123.209
    Source: unknownTCP traffic detected without corresponding DNS query: 73.35.152.69
    Source: unknownTCP traffic detected without corresponding DNS query: 48.57.127.196
    Source: unknownTCP traffic detected without corresponding DNS query: 158.251.86.76
    Source: unknownTCP traffic detected without corresponding DNS query: 150.122.244.200
    Source: unknownTCP traffic detected without corresponding DNS query: 37.130.236.117
    Source: unknownTCP traffic detected without corresponding DNS query: 104.133.180.16
    Source: unknownTCP traffic detected without corresponding DNS query: 63.192.94.233
    Source: unknownTCP traffic detected without corresponding DNS query: 169.243.20.154
    Source: unknownTCP traffic detected without corresponding DNS query: 166.73.193.120
    Source: unknownTCP traffic detected without corresponding DNS query: 221.29.107.237
    Source: unknownTCP traffic detected without corresponding DNS query: 92.135.68.163
    Source: unknownTCP traffic detected without corresponding DNS query: 183.235.148.197
    Source: unknownTCP traffic detected without corresponding DNS query: 216.101.65.207
    Source: unknownTCP traffic detected without corresponding DNS query: 38.116.78.199
    Source: unknownTCP traffic detected without corresponding DNS query: 126.40.190.88
    Source: unknownTCP traffic detected without corresponding DNS query: 187.34.248.129
    Source: unknownTCP traffic detected without corresponding DNS query: 200.206.232.208
    Source: unknownTCP traffic detected without corresponding DNS query: 253.11.162.193
    Source: unknownTCP traffic detected without corresponding DNS query: 155.201.217.73
    Source: unknownTCP traffic detected without corresponding DNS query: 112.14.195.21
    Source: unknownTCP traffic detected without corresponding DNS query: 122.58.177.6
    Source: unknownTCP traffic detected without corresponding DNS query: 151.165.107.248
    Source: unknownTCP traffic detected without corresponding DNS query: 93.85.229.156
    Source: unknownTCP traffic detected without corresponding DNS query: 96.5.216.127
    Source: unknownTCP traffic detected without corresponding DNS query: 105.80.231.155
    Source: unknownTCP traffic detected without corresponding DNS query: 197.65.67.244
    Source: unknownTCP traffic detected without corresponding DNS query: 200.141.226.69
    Source: unknownTCP traffic detected without corresponding DNS query: 112.44.19.72
    Source: unknownTCP traffic detected without corresponding DNS query: 68.239.246.86
    Source: unknownTCP traffic detected without corresponding DNS query: 103.172.116.137
    Source: unknownTCP traffic detected without corresponding DNS query: 192.69.62.239
    Source: unknownTCP traffic detected without corresponding DNS query: 111.190.53.39
    Source: unknownTCP traffic detected without corresponding DNS query: 105.171.30.92
    Source: unknownTCP traffic detected without corresponding DNS query: 187.153.193.172
    Source: unknownTCP traffic detected without corresponding DNS query: 143.2.121.43
    Source: unknownTCP traffic detected without corresponding DNS query: 126.227.239.106
    Source: unknownTCP traffic detected without corresponding DNS query: 149.140.8.224
    Source: unknownTCP traffic detected without corresponding DNS query: 253.163.89.73
    Source: unknownTCP traffic detected without corresponding DNS query: 79.195.253.175
    Source: unknownTCP traffic detected without corresponding DNS query: 66.106.97.181
    Source: ELF static info symbol of initial sample.symtab present: no
    Source: /tmp/M5VGS77ZYY (PID: 6252)SIGKILL sent: pid: 936, result: successfulJump to behavior
    Source: /tmp/M5VGS77ZYY (PID: 6258)SIGKILL sent: pid: 936, result: successfulJump to behavior
    Source: classification engineClassification label: mal60.troj.lin@0/0@0/0
    Source: /tmp/M5VGS77ZYY (PID: 6252)File opened: /proc/491/fdJump to behavior
    Source: /tmp/M5VGS77ZYY (PID: 6252)File opened: /proc/793/fdJump to behavior
    Source: /tmp/M5VGS77ZYY (PID: 6252)File opened: /proc/772/fdJump to behavior
    Source: /tmp/M5VGS77ZYY (PID: 6252)File opened: /proc/796/fdJump to behavior
    Source: /tmp/M5VGS77ZYY (PID: 6252)File opened: /proc/774/fdJump to behavior
    Source: /tmp/M5VGS77ZYY (PID: 6252)File opened: /proc/797/fdJump to behavior
    Source: /tmp/M5VGS77ZYY (PID: 6252)File opened: /proc/777/fdJump to behavior
    Source: /tmp/M5VGS77ZYY (PID: 6252)File opened: /proc/799/fdJump to behavior
    Source: /tmp/M5VGS77ZYY (PID: 6252)File opened: /proc/658/fdJump to behavior
    Source: /tmp/M5VGS77ZYY (PID: 6252)File opened: /proc/912/fdJump to behavior
    Source: /tmp/M5VGS77ZYY (PID: 6252)File opened: /proc/759/fdJump to behavior
    Source: /tmp/M5VGS77ZYY (PID: 6252)File opened: /proc/936/fdJump to behavior
    Source: /tmp/M5VGS77ZYY (PID: 6252)File opened: /proc/918/fdJump to behavior
    Source: /tmp/M5VGS77ZYY (PID: 6252)File opened: /proc/1/fdJump to behavior
    Source: /tmp/M5VGS77ZYY (PID: 6252)File opened: /proc/761/fdJump to behavior
    Source: /tmp/M5VGS77ZYY (PID: 6252)File opened: /proc/785/fdJump to behavior
    Source: /tmp/M5VGS77ZYY (PID: 6252)File opened: /proc/884/fdJump to behavior
    Source: /tmp/M5VGS77ZYY (PID: 6252)File opened: /proc/720/fdJump to behavior
    Source: /tmp/M5VGS77ZYY (PID: 6252)File opened: /proc/721/fdJump to behavior
    Source: /tmp/M5VGS77ZYY (PID: 6252)File opened: /proc/788/fdJump to behavior
    Source: /tmp/M5VGS77ZYY (PID: 6252)File opened: /proc/789/fdJump to behavior
    Source: /tmp/M5VGS77ZYY (PID: 6252)File opened: /proc/800/fdJump to behavior
    Source: /tmp/M5VGS77ZYY (PID: 6252)File opened: /proc/801/fdJump to behavior
    Source: /tmp/M5VGS77ZYY (PID: 6252)File opened: /proc/847/fdJump to behavior
    Source: /tmp/M5VGS77ZYY (PID: 6252)File opened: /proc/904/fdJump to behavior
    Source: /tmp/M5VGS77ZYY (PID: 6258)File opened: /proc/491/fdJump to behavior
    Source: /tmp/M5VGS77ZYY (PID: 6258)File opened: /proc/793/fdJump to behavior
    Source: /tmp/M5VGS77ZYY (PID: 6258)File opened: /proc/772/fdJump to behavior
    Source: /tmp/M5VGS77ZYY (PID: 6258)File opened: /proc/796/fdJump to behavior
    Source: /tmp/M5VGS77ZYY (PID: 6258)File opened: /proc/774/fdJump to behavior
    Source: /tmp/M5VGS77ZYY (PID: 6258)File opened: /proc/797/fdJump to behavior
    Source: /tmp/M5VGS77ZYY (PID: 6258)File opened: /proc/777/fdJump to behavior
    Source: /tmp/M5VGS77ZYY (PID: 6258)File opened: /proc/799/fdJump to behavior
    Source: /tmp/M5VGS77ZYY (PID: 6258)File opened: /proc/658/fdJump to behavior
    Source: /tmp/M5VGS77ZYY (PID: 6258)File opened: /proc/912/fdJump to behavior
    Source: /tmp/M5VGS77ZYY (PID: 6258)File opened: /proc/759/fdJump to behavior
    Source: /tmp/M5VGS77ZYY (PID: 6258)File opened: /proc/936/fdJump to behavior
    Source: /tmp/M5VGS77ZYY (PID: 6258)File opened: /proc/918/fdJump to behavior
    Source: /tmp/M5VGS77ZYY (PID: 6258)File opened: /proc/1/fdJump to behavior
    Source: /tmp/M5VGS77ZYY (PID: 6258)File opened: /proc/761/fdJump to behavior
    Source: /tmp/M5VGS77ZYY (PID: 6258)File opened: /proc/785/fdJump to behavior
    Source: /tmp/M5VGS77ZYY (PID: 6258)File opened: /proc/884/fdJump to behavior
    Source: /tmp/M5VGS77ZYY (PID: 6258)File opened: /proc/720/fdJump to behavior
    Source: /tmp/M5VGS77ZYY (PID: 6258)File opened: /proc/721/fdJump to behavior
    Source: /tmp/M5VGS77ZYY (PID: 6258)File opened: /proc/788/fdJump to behavior
    Source: /tmp/M5VGS77ZYY (PID: 6258)File opened: /proc/789/fdJump to behavior
    Source: /tmp/M5VGS77ZYY (PID: 6258)File opened: /proc/800/fdJump to behavior
    Source: /tmp/M5VGS77ZYY (PID: 6258)File opened: /proc/801/fdJump to behavior
    Source: /tmp/M5VGS77ZYY (PID: 6258)File opened: /proc/847/fdJump to behavior
    Source: /tmp/M5VGS77ZYY (PID: 6258)File opened: /proc/904/fdJump to behavior

    Hooking and other Techniques for Hiding and Protection

    barindex
    Source: unknownNetwork traffic detected: HTTP traffic on port 23 -> 52222
    Source: unknownNetwork traffic detected: HTTP traffic on port 23 -> 52224
    Source: unknownNetwork traffic detected: HTTP traffic on port 23 -> 52226
    Source: unknownNetwork traffic detected: HTTP traffic on port 23 -> 52228
    Source: unknownNetwork traffic detected: HTTP traffic on port 23 -> 52230
    Source: unknownNetwork traffic detected: HTTP traffic on port 23 -> 52232
    Source: unknownNetwork traffic detected: HTTP traffic on port 23 -> 52236
    Source: unknownNetwork traffic detected: HTTP traffic on port 23 -> 52238
    Source: unknownNetwork traffic detected: HTTP traffic on port 23 -> 52242
    Source: unknownNetwork traffic detected: HTTP traffic on port 23 -> 52246
    Source: unknownNetwork traffic detected: HTTP traffic on port 23 -> 51856
    Source: unknownNetwork traffic detected: HTTP traffic on port 23 -> 51862
    Source: unknownNetwork traffic detected: HTTP traffic on port 23 -> 51866
    Source: unknownNetwork traffic detected: HTTP traffic on port 23 -> 51874
    Source: unknownNetwork traffic detected: HTTP traffic on port 23 -> 51888
    Source: unknownNetwork traffic detected: HTTP traffic on port 23 -> 51898
    Source: unknownNetwork traffic detected: HTTP traffic on port 23 -> 51908
    Source: unknownNetwork traffic detected: HTTP traffic on port 23 -> 51918
    Source: unknownNetwork traffic detected: HTTP traffic on port 23 -> 51928
    Source: unknownNetwork traffic detected: HTTP traffic on port 23 -> 51932
    Source: /tmp/M5VGS77ZYY (PID: 6250)Queries kernel information via 'uname': Jump to behavior
    Source: M5VGS77ZYY, 6250.1.000000003cb3f590.00000000099936e7.rw-.sdmp, M5VGS77ZYY, 6252.1.000000003cb3f590.00000000099936e7.rw-.sdmp, M5VGS77ZYY, 6352.1.000000003cb3f590.00000000099936e7.rw-.sdmp, M5VGS77ZYY, 6365.1.000000003cb3f590.00000000099936e7.rw-.sdmp, M5VGS77ZYY, 6358.1.000000003cb3f590.00000000099936e7.rw-.sdmp, M5VGS77ZYY, 6253.1.000000003cb3f590.00000000099936e7.rw-.sdmp, M5VGS77ZYY, 6348.1.000000003cb3f590.00000000099936e7.rw-.sdmp, M5VGS77ZYY, 6259.1.000000003cb3f590.00000000099936e7.rw-.sdmpBinary or memory string: SWEtAx86_64/usr/bin/qemu-m68k/tmp/M5VGS77ZYYSUDO_USER=saturninoPATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:/snap/binDISPLAY=:1.0XAUTHORITY=/run/user/1000/gdm/XauthoritySUDO_UID=1000TERM=xterm-256colorCOLORTERM=truecolorLOGNAME=rootUSER=rootLANG=en_US.UTF-8SUDO_COMMAND=/bin/bashHOME=/rootMAIL=/var/mail/rootSUDO_GID=1000SHELL=/bin/bash/tmp/M5VGS77ZYY
    Source: M5VGS77ZYY, 6250.1.00000000f99d94f6.000000002c545420.rw-.sdmp, M5VGS77ZYY, 6252.1.00000000f99d94f6.000000002c545420.rw-.sdmp, M5VGS77ZYY, 6352.1.00000000f99d94f6.000000002c545420.rw-.sdmp, M5VGS77ZYY, 6365.1.00000000f99d94f6.000000002c545420.rw-.sdmp, M5VGS77ZYY, 6358.1.00000000f99d94f6.000000002c545420.rw-.sdmp, M5VGS77ZYY, 6253.1.00000000f99d94f6.000000002c545420.rw-.sdmp, M5VGS77ZYY, 6348.1.00000000f99d94f6.000000002c545420.rw-.sdmp, M5VGS77ZYY, 6259.1.00000000f99d94f6.000000002c545420.rw-.sdmpBinary or memory string: U!/etc/qemu-binfmt/m68k
    Source: M5VGS77ZYY, 6250.1.000000003cb3f590.00000000099936e7.rw-.sdmp, M5VGS77ZYY, 6252.1.000000003cb3f590.00000000099936e7.rw-.sdmp, M5VGS77ZYY, 6352.1.000000003cb3f590.00000000099936e7.rw-.sdmp, M5VGS77ZYY, 6365.1.000000003cb3f590.00000000099936e7.rw-.sdmp, M5VGS77ZYY, 6358.1.000000003cb3f590.00000000099936e7.rw-.sdmp, M5VGS77ZYY, 6253.1.000000003cb3f590.00000000099936e7.rw-.sdmp, M5VGS77ZYY, 6348.1.000000003cb3f590.00000000099936e7.rw-.sdmp, M5VGS77ZYY, 6259.1.000000003cb3f590.00000000099936e7.rw-.sdmpBinary or memory string: /usr/bin/qemu-m68k
    Source: M5VGS77ZYY, 6250.1.00000000f99d94f6.000000002c545420.rw-.sdmp, M5VGS77ZYY, 6252.1.00000000f99d94f6.000000002c545420.rw-.sdmp, M5VGS77ZYY, 6352.1.00000000f99d94f6.000000002c545420.rw-.sdmp, M5VGS77ZYY, 6365.1.00000000f99d94f6.000000002c545420.rw-.sdmp, M5VGS77ZYY, 6358.1.00000000f99d94f6.000000002c545420.rw-.sdmp, M5VGS77ZYY, 6253.1.00000000f99d94f6.000000002c545420.rw-.sdmp, M5VGS77ZYY, 6348.1.00000000f99d94f6.000000002c545420.rw-.sdmp, M5VGS77ZYY, 6259.1.00000000f99d94f6.000000002c545420.rw-.sdmpBinary or memory string: /etc/qemu-binfmt/m68k

    Stealing of Sensitive Information

    barindex
    Source: Yara matchFile source: dump.pcap, type: PCAP

    Remote Access Functionality

    barindex
    Source: Yara matchFile source: dump.pcap, type: PCAP
    Initial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionExfiltrationCommand and ControlNetwork EffectsRemote Service EffectsImpact
    Valid AccountsWindows Management InstrumentationPath InterceptionPath InterceptionDirect Volume Access1
    OS Credential Dumping
    11
    Security Software Discovery
    Remote ServicesData from Local SystemExfiltration Over Other Network Medium1
    Encrypted Channel
    Eavesdrop on Insecure Network CommunicationRemotely Track Device Without AuthorizationModify System Partition
    Default AccountsScheduled Task/JobBoot or Logon Initialization ScriptsBoot or Logon Initialization ScriptsRootkitLSASS MemoryApplication Window DiscoveryRemote Desktop ProtocolData from Removable MediaExfiltration Over Bluetooth11
    Non-Standard Port
    Exploit SS7 to Redirect Phone Calls/SMSRemotely Wipe Data Without AuthorizationDevice Lockout
    Domain AccountsAt (Linux)Logon Script (Windows)Logon Script (Windows)Obfuscated Files or InformationSecurity Account ManagerQuery RegistrySMB/Windows Admin SharesData from Network Shared DriveAutomated Exfiltration1
    Application Layer Protocol
    Exploit SS7 to Track Device LocationObtain Device Cloud BackupsDelete Device Data
    No configs have been found
    Hide Legend

    Legend:

    • Process
    • Signature
    • Created File
    • DNS/IP Info
    • Is Dropped
    • Number of created Files
    • Is malicious
    • Internet
    behaviorgraph top1 dnsIp2 2 Behavior Graph ID: 626496 Sample: M5VGS77ZYY Startdate: 14/05/2022 Architecture: LINUX Score: 60 42 133.132.203.243 XEPHIONNTT-MECorporationJP Japan 2->42 44 187.130.196.250 UninetSAdeCVMX Mexico 2->44 46 98 other IPs or domains 2->46 48 Multi AV Scanner detection for submitted file 2->48 50 Yara detected Mirai 2->50 52 Uses known network protocols on non-standard ports 2->52 10 M5VGS77ZYY 2->10         started        signatures3 process4 process5 12 M5VGS77ZYY 10->12         started        14 M5VGS77ZYY 10->14         started        16 M5VGS77ZYY 10->16         started        process6 18 M5VGS77ZYY 12->18         started        20 M5VGS77ZYY 12->20         started        22 M5VGS77ZYY 14->22         started        24 M5VGS77ZYY 14->24         started        26 M5VGS77ZYY 14->26         started        process7 28 M5VGS77ZYY 18->28         started        30 M5VGS77ZYY 18->30         started        32 M5VGS77ZYY 18->32         started        34 M5VGS77ZYY 22->34         started        36 M5VGS77ZYY 22->36         started        process8 38 M5VGS77ZYY 28->38         started        40 M5VGS77ZYY 28->40         started       
    SourceDetectionScannerLabelLink
    M5VGS77ZYY51%VirustotalBrowse
    No Antivirus matches
    No Antivirus matches
    No Antivirus matches
    No contacted domains info
    • No. of IPs < 25%
    • 25% < No. of IPs < 50%
    • 50% < No. of IPs < 75%
    • 75% < No. of IPs
    IPDomainCountryFlagASNASN NameMalicious
    151.237.40.148
    unknownBulgaria
    39024NASTECHBGfalse
    53.60.28.134
    unknownGermany
    31399DAIMLER-ASITIGNGlobalNetworkDEfalse
    151.13.95.197
    unknownItaly
    1267ASN-WINDTREIUNETEUfalse
    83.41.29.137
    unknownSpain
    3352TELEFONICA_DE_ESPANAESfalse
    162.234.46.48
    unknownUnited States
    7018ATT-INTERNET4USfalse
    246.230.10.226
    unknownReserved
    unknownunknownfalse
    85.204.5.0
    unknownRomania
    6830LIBERTYGLOBALLibertyGlobalformerlyUPCBroadbandHoldingfalse
    92.123.156.114
    unknownEuropean Union
    16625AKAMAI-ASUSfalse
    58.210.144.249
    unknownChina
    4134CHINANET-BACKBONENo31Jin-rongStreetCNfalse
    45.30.40.126
    unknownUnited States
    7018ATT-INTERNET4USfalse
    58.170.69.165
    unknownAustralia
    1221ASN-TELSTRATelstraCorporationLtdAUfalse
    211.3.200.9
    unknownJapan4725ODNSoftBankMobileCorpJPfalse
    42.254.110.115
    unknownChina
    4134CHINANET-BACKBONENo31Jin-rongStreetCNfalse
    65.3.230.49
    unknownUnited States
    16509AMAZON-02USfalse
    155.174.218.52
    unknownUnited States
    797AMERITECH-ASUSfalse
    12.157.160.70
    unknownUnited States
    7018ATT-INTERNET4USfalse
    123.216.155.190
    unknownJapan4713OCNNTTCommunicationsCorporationJPfalse
    135.140.7.135
    unknownUnited States
    10455LUCENT-CIOUSfalse
    191.186.71.159
    unknownBrazil
    28573CLAROSABRfalse
    75.41.107.11
    unknownUnited States
    7018ATT-INTERNET4USfalse
    173.139.22.47
    unknownUnited States
    10507SPCSUSfalse
    58.181.254.137
    unknownThailand
    7693COMNET-THKSCCommercialInternetCoLtdTHfalse
    247.234.69.3
    unknownReserved
    unknownunknownfalse
    220.44.187.236
    unknownJapan17676GIGAINFRASoftbankBBCorpJPfalse
    221.133.37.91
    unknownMalaysia
    38199MACROLYNX-ASMacroLynxSdnBhdInternetServiceProviderfalse
    111.161.26.53
    unknownChina
    4837CHINA169-BACKBONECHINAUNICOMChina169BackboneCNfalse
    248.88.181.80
    unknownReserved
    unknownunknownfalse
    158.86.240.54
    unknownUnited States
    20379NET-BAKERUSfalse
    252.181.246.233
    unknownReserved
    unknownunknownfalse
    212.213.69.86
    unknownFinland
    1759TSF-IP-CORETeliaFinlandOyjEUfalse
    207.161.43.85
    unknownCanada
    7122MTS-ASNCAfalse
    41.54.12.214
    unknownSouth Africa
    37168CELL-CZAfalse
    19.50.113.160
    unknownUnited States
    3MIT-GATEWAYSUSfalse
    179.100.198.207
    unknownBrazil
    27699TELEFONICABRASILSABRfalse
    169.15