Linux Analysis Report
shAwKMD85K

Overview

General Information

Sample Name: shAwKMD85K
Analysis ID: 635419
MD5: e0c4f532b0a9fda3ee7d800775deb908
SHA1: 63f144f5b1f316e34510f15d4f93c3fc41d0b73e
SHA256: aa18cc657da907f749d8bf4aae9867152acc7320f518aa1f9a33bba195e19328
Tags: 32elfmirairenesas
Infos:

Detection

Mirai
Score: 68
Range: 0 - 100
Whitelisted: false

Signatures

Yara detected Mirai
Multi AV Scanner detection for submitted file
Uses known network protocols on non-standard ports
Sample tries to kill multiple processes (SIGKILL)
Connects to many ports of the same IP (likely port scanning)
Sample has stripped symbol table
Uses the "uname" system call to query kernel version information (possible evasion)
Enumerates processes within the "proc" file system
Tries to connect to HTTP servers, but all servers are down (expired dropper behavior)
Detected TCP or UDP traffic on non-standard ports
Sample listens on a socket
Sample tries to kill a process (SIGKILL)

Classification

AV Detection
barindex
Multi AV Scanner detection for submitted file
Source: shAwKMD85K Virustotal: Detection: 43% Perma Link
Source: shAwKMD85K ReversingLabs: Detection: 41%

Networking
barindex
Uses known network protocols on non-standard ports
Source: unknown Network traffic detected: HTTP traffic on port 23 -> 57286
Source: unknown Network traffic detected: HTTP traffic on port 23 -> 57292
Source: unknown Network traffic detected: HTTP traffic on port 23 -> 57300
Source: unknown Network traffic detected: HTTP traffic on port 23 -> 57306
Source: unknown Network traffic detected: HTTP traffic on port 23 -> 57314
Source: unknown Network traffic detected: HTTP traffic on port 23 -> 57320
Source: unknown Network traffic detected: HTTP traffic on port 23 -> 57330
Source: unknown Network traffic detected: HTTP traffic on port 23 -> 57336
Source: unknown Network traffic detected: HTTP traffic on port 23 -> 57342
Source: unknown Network traffic detected: HTTP traffic on port 23 -> 57348
Source: unknown Network traffic detected: HTTP traffic on port 23 -> 57354
Source: unknown Network traffic detected: HTTP traffic on port 23 -> 57360
Source: unknown Network traffic detected: HTTP traffic on port 23 -> 57366
Source: unknown Network traffic detected: HTTP traffic on port 23 -> 57372
Source: unknown Network traffic detected: HTTP traffic on port 23 -> 57376
Source: unknown Network traffic detected: HTTP traffic on port 23 -> 57378
Source: unknown Network traffic detected: HTTP traffic on port 23 -> 57384
Source: unknown Network traffic detected: HTTP traffic on port 23 -> 57386
Source: unknown Network traffic detected: HTTP traffic on port 23 -> 57388
Source: unknown Network traffic detected: HTTP traffic on port 23 -> 57390
Source: unknown Network traffic detected: HTTP traffic on port 23 -> 57392
Source: unknown Network traffic detected: HTTP traffic on port 23 -> 57398
Source: unknown Network traffic detected: HTTP traffic on port 23 -> 57400
Source: unknown Network traffic detected: HTTP traffic on port 23 -> 57402
Source: unknown Network traffic detected: HTTP traffic on port 23 -> 57406
Source: unknown Network traffic detected: HTTP traffic on port 23 -> 57410
Source: unknown Network traffic detected: HTTP traffic on port 23 -> 57428
Source: unknown Network traffic detected: HTTP traffic on port 23 -> 57456
Source: unknown Network traffic detected: HTTP traffic on port 23 -> 53624
Source: unknown Network traffic detected: HTTP traffic on port 23 -> 53634
Source: unknown Network traffic detected: HTTP traffic on port 23 -> 53646
Source: unknown Network traffic detected: HTTP traffic on port 23 -> 53658
Source: unknown Network traffic detected: HTTP traffic on port 23 -> 53686
Source: unknown Network traffic detected: HTTP traffic on port 23 -> 53726
Source: unknown Network traffic detected: HTTP traffic on port 23 -> 53770
Source: unknown Network traffic detected: HTTP traffic on port 23 -> 53800
Source: unknown Network traffic detected: HTTP traffic on port 23 -> 53814
Source: unknown Network traffic detected: HTTP traffic on port 23 -> 53824
Source: unknown Network traffic detected: HTTP traffic on port 23 -> 53832
Source: unknown Network traffic detected: HTTP traffic on port 23 -> 53846
Source: unknown Network traffic detected: HTTP traffic on port 23 -> 53866
Source: unknown Network traffic detected: HTTP traffic on port 23 -> 53888
Source: unknown Network traffic detected: HTTP traffic on port 23 -> 53900
Source: unknown Network traffic detected: HTTP traffic on port 23 -> 53906
Source: unknown Network traffic detected: HTTP traffic on port 23 -> 53916
Source: unknown Network traffic detected: HTTP traffic on port 23 -> 53922
Source: unknown Network traffic detected: HTTP traffic on port 23 -> 53938
Source: unknown Network traffic detected: HTTP traffic on port 23 -> 53946
Source: unknown Network traffic detected: HTTP traffic on port 23 -> 53960
Source: unknown Network traffic detected: HTTP traffic on port 23 -> 53972
Source: unknown Network traffic detected: HTTP traffic on port 23 -> 53982
Source: unknown Network traffic detected: HTTP traffic on port 23 -> 53994
Source: unknown Network traffic detected: HTTP traffic on port 23 -> 54012
Source: unknown Network traffic detected: HTTP traffic on port 23 -> 54032
Source: unknown Network traffic detected: HTTP traffic on port 23 -> 54048
Source: unknown Network traffic detected: HTTP traffic on port 23 -> 54066
Source: unknown Network traffic detected: HTTP traffic on port 23 -> 60628
Source: unknown Network traffic detected: HTTP traffic on port 23 -> 60644
Source: unknown Network traffic detected: HTTP traffic on port 23 -> 60662
Source: unknown Network traffic detected: HTTP traffic on port 23 -> 60682
Source: unknown Network traffic detected: HTTP traffic on port 23 -> 60702
Source: unknown Network traffic detected: HTTP traffic on port 23 -> 60714
Source: unknown Network traffic detected: HTTP traffic on port 23 -> 60724
Source: unknown Network traffic detected: HTTP traffic on port 23 -> 60732
Source: unknown Network traffic detected: HTTP traffic on port 23 -> 60746
Source: unknown Network traffic detected: HTTP traffic on port 23 -> 60756
Source: unknown Network traffic detected: HTTP traffic on port 23 -> 60770
Source: unknown Network traffic detected: HTTP traffic on port 23 -> 60778
Source: unknown Network traffic detected: HTTP traffic on port 23 -> 60792
Source: unknown Network traffic detected: HTTP traffic on port 23 -> 60800
Source: unknown Network traffic detected: HTTP traffic on port 23 -> 60816
Source: unknown Network traffic detected: HTTP traffic on port 23 -> 60834
Source: unknown Network traffic detected: HTTP traffic on port 23 -> 60854
Source: unknown Network traffic detected: HTTP traffic on port 23 -> 60872
Source: unknown Network traffic detected: HTTP traffic on port 23 -> 60890
Source: unknown Network traffic detected: HTTP traffic on port 23 -> 60912
Source: unknown Network traffic detected: HTTP traffic on port 23 -> 60924
Source: unknown Network traffic detected: HTTP traffic on port 23 -> 60936
Source: unknown Network traffic detected: HTTP traffic on port 23 -> 60948
Source: unknown Network traffic detected: HTTP traffic on port 23 -> 60958
Source: unknown Network traffic detected: HTTP traffic on port 23 -> 60968
Source: unknown Network traffic detected: HTTP traffic on port 23 -> 60982
Source: unknown Network traffic detected: HTTP traffic on port 23 -> 60996
Source: unknown Network traffic detected: HTTP traffic on port 23 -> 32774
Connects to many ports of the same IP (likely port scanning)
Source: global traffic TCP traffic: 45.95.169.139 ports 17244,9372,2,3,7,9
Tries to connect to HTTP servers, but all servers are down (expired dropper behavior)
Source: global traffic TCP traffic: 192.168.2.23:43928 -> 91.189.91.42:443
Source: global traffic TCP traffic: 192.168.2.23:42836 -> 91.189.91.43:443
Source: global traffic TCP traffic: 192.168.2.23:42516 -> 109.202.202.202:80
Detected TCP or UDP traffic on non-standard ports
Source: global traffic TCP traffic: 192.168.2.23:39008 -> 45.95.169.139:9372
Sample listens on a socket
Source: /tmp/shAwKMD85K (PID: 6239) Socket: 0.0.0.0::23 Jump to behavior
Source: unknown Network traffic detected: HTTP traffic on port 43928 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 42836 -> 443
Source: unknown TCP traffic detected without corresponding DNS query: 194.156.189.65
Source: unknown TCP traffic detected without corresponding DNS query: 141.20.85.65
Source: unknown TCP traffic detected without corresponding DNS query: 194.245.158.69
Source: unknown TCP traffic detected without corresponding DNS query: 103.96.209.65
Source: unknown TCP traffic detected without corresponding DNS query: 181.208.1.221
Source: unknown TCP traffic detected without corresponding DNS query: 114.8.240.128
Source: unknown TCP traffic detected without corresponding DNS query: 83.35.133.32
Source: unknown TCP traffic detected without corresponding DNS query: 144.9.72.233
Source: unknown TCP traffic detected without corresponding DNS query: 181.178.20.236
Source: unknown TCP traffic detected without corresponding DNS query: 140.195.233.234
Source: unknown TCP traffic detected without corresponding DNS query: 180.173.150.183
Source: unknown TCP traffic detected without corresponding DNS query: 28.24.156.119
Source: unknown TCP traffic detected without corresponding DNS query: 12.241.246.22
Source: unknown TCP traffic detected without corresponding DNS query: 96.116.137.210
Source: unknown TCP traffic detected without corresponding DNS query: 152.56.21.23
Source: unknown TCP traffic detected without corresponding DNS query: 246.186.28.56
Source: unknown TCP traffic detected without corresponding DNS query: 171.178.159.27
Source: unknown TCP traffic detected without corresponding DNS query: 220.244.29.31
Source: unknown TCP traffic detected without corresponding DNS query: 80.99.200.10
Source: unknown TCP traffic detected without corresponding DNS query: 81.0.246.54
Source: unknown TCP traffic detected without corresponding DNS query: 62.117.198.20
Source: unknown TCP traffic detected without corresponding DNS query: 212.14.185.185
Source: unknown TCP traffic detected without corresponding DNS query: 108.101.134.238
Source: unknown TCP traffic detected without corresponding DNS query: 196.169.98.41
Source: unknown TCP traffic detected without corresponding DNS query: 163.6.218.171
Source: unknown TCP traffic detected without corresponding DNS query: 167.118.252.130
Source: unknown TCP traffic detected without corresponding DNS query: 244.40.132.89
Source: unknown TCP traffic detected without corresponding DNS query: 165.67.34.79
Source: unknown TCP traffic detected without corresponding DNS query: 66.186.117.133
Source: unknown TCP traffic detected without corresponding DNS query: 121.221.93.12
Source: unknown TCP traffic detected without corresponding DNS query: 40.182.92.158
Source: unknown TCP traffic detected without corresponding DNS query: 48.137.15.209
Source: unknown TCP traffic detected without corresponding DNS query: 71.40.177.108
Source: unknown TCP traffic detected without corresponding DNS query: 133.102.245.142
Source: unknown TCP traffic detected without corresponding DNS query: 16.232.69.155
Source: unknown TCP traffic detected without corresponding DNS query: 51.123.209.80
Source: unknown TCP traffic detected without corresponding DNS query: 193.109.103.86
Source: unknown TCP traffic detected without corresponding DNS query: 201.125.108.181
Source: unknown TCP traffic detected without corresponding DNS query: 132.72.140.4
Source: unknown TCP traffic detected without corresponding DNS query: 139.27.139.59
Source: unknown TCP traffic detected without corresponding DNS query: 189.153.132.49
Source: unknown TCP traffic detected without corresponding DNS query: 116.202.39.34
Source: unknown TCP traffic detected without corresponding DNS query: 207.254.36.225
Source: unknown TCP traffic detected without corresponding DNS query: 207.101.157.127
Source: unknown TCP traffic detected without corresponding DNS query: 118.7.221.236
Source: unknown TCP traffic detected without corresponding DNS query: 81.39.106.72
Source: unknown TCP traffic detected without corresponding DNS query: 188.81.96.224
Source: unknown TCP traffic detected without corresponding DNS query: 39.101.200.132
Source: unknown TCP traffic detected without corresponding DNS query: 70.4.209.210
Source: unknown TCP traffic detected without corresponding DNS query: 211.36.92.160

System Summary
barindex
Sample tries to kill multiple processes (SIGKILL)
Source: /tmp/shAwKMD85K (PID: 6239) SIGKILL sent: pid: 658, result: successful Jump to behavior
Source: /tmp/shAwKMD85K (PID: 6239) SIGKILL sent: pid: 720, result: successful Jump to behavior
Source: /tmp/shAwKMD85K (PID: 6239) SIGKILL sent: pid: 759, result: successful Jump to behavior
Source: /tmp/shAwKMD85K (PID: 6239) SIGKILL sent: pid: 772, result: successful Jump to behavior
Source: /tmp/shAwKMD85K (PID: 6239) SIGKILL sent: pid: 789, result: successful Jump to behavior
Source: /tmp/shAwKMD85K (PID: 6239) SIGKILL sent: pid: 800, result: successful Jump to behavior
Source: /tmp/shAwKMD85K (PID: 6239) SIGKILL sent: pid: 904, result: successful Jump to behavior
Source: /tmp/shAwKMD85K (PID: 6239) SIGKILL sent: pid: 936, result: successful Jump to behavior
Source: /tmp/shAwKMD85K (PID: 6239) SIGKILL sent: pid: 1320, result: successful Jump to behavior
Source: /tmp/shAwKMD85K (PID: 6239) SIGKILL sent: pid: 1334, result: successful Jump to behavior
Source: /tmp/shAwKMD85K (PID: 6239) SIGKILL sent: pid: 1335, result: successful Jump to behavior
Source: /tmp/shAwKMD85K (PID: 6239) SIGKILL sent: pid: 1389, result: successful Jump to behavior
Source: /tmp/shAwKMD85K (PID: 6239) SIGKILL sent: pid: 1463, result: successful Jump to behavior
Source: /tmp/shAwKMD85K (PID: 6239) SIGKILL sent: pid: 1465, result: successful Jump to behavior
Source: /tmp/shAwKMD85K (PID: 6239) SIGKILL sent: pid: 1576, result: successful Jump to behavior
Source: /tmp/shAwKMD85K (PID: 6239) SIGKILL sent: pid: 1809, result: successful Jump to behavior
Source: /tmp/shAwKMD85K (PID: 6239) SIGKILL sent: pid: 1872, result: successful Jump to behavior
Source: /tmp/shAwKMD85K (PID: 6239) SIGKILL sent: pid: 1888, result: successful Jump to behavior
Source: /tmp/shAwKMD85K (PID: 6239) SIGKILL sent: pid: 1890, result: successful Jump to behavior
Source: /tmp/shAwKMD85K (PID: 6239) SIGKILL sent: pid: 1983, result: successful Jump to behavior
Source: /tmp/shAwKMD85K (PID: 6239) SIGKILL sent: pid: 2048, result: successful Jump to behavior
Source: /tmp/shAwKMD85K (PID: 6239) SIGKILL sent: pid: 2062, result: successful Jump to behavior
Source: /tmp/shAwKMD85K (PID: 6239) SIGKILL sent: pid: 6039, result: successful Jump to behavior
Source: /tmp/shAwKMD85K (PID: 6239) SIGKILL sent: pid: 6192, result: successful Jump to behavior
Source: /tmp/shAwKMD85K (PID: 6239) SIGKILL sent: pid: 6234, result: successful Jump to behavior
Source: /tmp/shAwKMD85K (PID: 6239) SIGKILL sent: pid: 6243, result: successful Jump to behavior
Sample has stripped symbol table
Source: ELF static info symbol of initial sample .symtab present: no
Sample tries to kill a process (SIGKILL)
Source: /tmp/shAwKMD85K (PID: 6239) SIGKILL sent: pid: 658, result: successful Jump to behavior
Source: /tmp/shAwKMD85K (PID: 6239) SIGKILL sent: pid: 720, result: successful Jump to behavior
Source: /tmp/shAwKMD85K (PID: 6239) SIGKILL sent: pid: 759, result: successful Jump to behavior
Source: /tmp/shAwKMD85K (PID: 6239) SIGKILL sent: pid: 772, result: successful Jump to behavior
Source: /tmp/shAwKMD85K (PID: 6239) SIGKILL sent: pid: 789, result: successful Jump to behavior
Source: /tmp/shAwKMD85K (PID: 6239) SIGKILL sent: pid: 800, result: successful Jump to behavior
Source: /tmp/shAwKMD85K (PID: 6239) SIGKILL sent: pid: 904, result: successful Jump to behavior
Source: /tmp/shAwKMD85K (PID: 6239) SIGKILL sent: pid: 936, result: successful Jump to behavior
Source: /tmp/shAwKMD85K (PID: 6239) SIGKILL sent: pid: 1320, result: successful Jump to behavior
Source: /tmp/shAwKMD85K (PID: 6239) SIGKILL sent: pid: 1334, result: successful Jump to behavior
Source: /tmp/shAwKMD85K (PID: 6239) SIGKILL sent: pid: 1335, result: successful Jump to behavior
Source: /tmp/shAwKMD85K (PID: 6239) SIGKILL sent: pid: 1389, result: successful Jump to behavior
Source: /tmp/shAwKMD85K (PID: 6239) SIGKILL sent: pid: 1463, result: successful Jump to behavior
Source: /tmp/shAwKMD85K (PID: 6239) SIGKILL sent: pid: 1465, result: successful Jump to behavior
Source: /tmp/shAwKMD85K (PID: 6239) SIGKILL sent: pid: 1576, result: successful Jump to behavior
Source: /tmp/shAwKMD85K (PID: 6239) SIGKILL sent: pid: 1809, result: successful Jump to behavior
Source: /tmp/shAwKMD85K (PID: 6239) SIGKILL sent: pid: 1872, result: successful Jump to behavior
Source: /tmp/shAwKMD85K (PID: 6239) SIGKILL sent: pid: 1888, result: successful Jump to behavior
Source: /tmp/shAwKMD85K (PID: 6239) SIGKILL sent: pid: 1890, result: successful Jump to behavior
Source: /tmp/shAwKMD85K (PID: 6239) SIGKILL sent: pid: 1983, result: successful Jump to behavior
Source: /tmp/shAwKMD85K (PID: 6239) SIGKILL sent: pid: 2048, result: successful Jump to behavior
Source: /tmp/shAwKMD85K (PID: 6239) SIGKILL sent: pid: 2062, result: successful Jump to behavior
Source: /tmp/shAwKMD85K (PID: 6239) SIGKILL sent: pid: 6039, result: successful Jump to behavior
Source: /tmp/shAwKMD85K (PID: 6239) SIGKILL sent: pid: 6192, result: successful Jump to behavior
Source: /tmp/shAwKMD85K (PID: 6239) SIGKILL sent: pid: 6234, result: successful Jump to behavior
Source: /tmp/shAwKMD85K (PID: 6239) SIGKILL sent: pid: 6243, result: successful Jump to behavior
Source: classification engine Classification label: mal68.spre.troj.lin@0/0@0/0
Enumerates processes within the "proc" file system
Source: /tmp/shAwKMD85K (PID: 6239) File opened: /proc/6234/exe Jump to behavior
Source: /tmp/shAwKMD85K (PID: 6239) File opened: /proc/1582/exe Jump to behavior
Source: /tmp/shAwKMD85K (PID: 6239) File opened: /proc/2033/exe Jump to behavior
Source: /tmp/shAwKMD85K (PID: 6239) File opened: /proc/2275/exe Jump to behavior
Source: /tmp/shAwKMD85K (PID: 6239) File opened: /proc/3088/exe Jump to behavior
Source: /tmp/shAwKMD85K (PID: 6239) File opened: /proc/6193/exe Jump to behavior
Source: /tmp/shAwKMD85K (PID: 6239) File opened: /proc/6192/exe Jump to behavior
Source: /tmp/shAwKMD85K (PID: 6239) File opened: /proc/1612/exe Jump to behavior
Source: /tmp/shAwKMD85K (PID: 6239) File opened: /proc/1579/exe Jump to behavior
Source: /tmp/shAwKMD85K (PID: 6239) File opened: /proc/1699/exe Jump to behavior
Source: /tmp/shAwKMD85K (PID: 6239) File opened: /proc/1335/exe Jump to behavior
Source: /tmp/shAwKMD85K (PID: 6239) File opened: /proc/1698/exe Jump to behavior
Source: /tmp/shAwKMD85K (PID: 6239) File opened: /proc/2028/exe Jump to behavior
Source: /tmp/shAwKMD85K (PID: 6239) File opened: /proc/1334/exe Jump to behavior
Source: /tmp/shAwKMD85K (PID: 6239) File opened: /proc/1576/exe Jump to behavior
Source: /tmp/shAwKMD85K (PID: 6239) File opened: /proc/2302/exe Jump to behavior
Source: /tmp/shAwKMD85K (PID: 6239) File opened: /proc/3236/exe Jump to behavior
Source: /tmp/shAwKMD85K (PID: 6239) File opened: /proc/2025/exe Jump to behavior
Source: /tmp/shAwKMD85K (PID: 6239) File opened: /proc/2146/exe Jump to behavior
Source: /tmp/shAwKMD85K (PID: 6239) File opened: /proc/910/exe Jump to behavior
Source: /tmp/shAwKMD85K (PID: 6239) File opened: /proc/912/exe Jump to behavior
Source: /tmp/shAwKMD85K (PID: 6239) File opened: /proc/517/exe Jump to behavior
Source: /tmp/shAwKMD85K (PID: 6239) File opened: /proc/759/exe Jump to behavior
Source: /tmp/shAwKMD85K (PID: 6239) File opened: /proc/2307/exe Jump to behavior
Source: /tmp/shAwKMD85K (PID: 6239) File opened: /proc/918/exe Jump to behavior
Source: /tmp/shAwKMD85K (PID: 6239) File opened: /proc/6243/exe Jump to behavior
Source: /tmp/shAwKMD85K (PID: 6239) File opened: /proc/4465/exe Jump to behavior
Source: /tmp/shAwKMD85K (PID: 6239) File opened: /proc/1594/exe Jump to behavior
Source: /tmp/shAwKMD85K (PID: 6239) File opened: /proc/2285/exe Jump to behavior
Source: /tmp/shAwKMD85K (PID: 6239) File opened: /proc/2281/exe Jump to behavior
Source: /tmp/shAwKMD85K (PID: 6239) File opened: /proc/1349/exe Jump to behavior
Source: /tmp/shAwKMD85K (PID: 6239) File opened: /proc/1623/exe Jump to behavior
Source: /tmp/shAwKMD85K (PID: 6239) File opened: /proc/761/exe Jump to behavior
Source: /tmp/shAwKMD85K (PID: 6239) File opened: /proc/1622/exe Jump to behavior
Source: /tmp/shAwKMD85K (PID: 6239) File opened: /proc/884/exe Jump to behavior
Source: /tmp/shAwKMD85K (PID: 6239) File opened: /proc/1983/exe Jump to behavior
Source: /tmp/shAwKMD85K (PID: 6239) File opened: /proc/2038/exe Jump to behavior
Source: /tmp/shAwKMD85K (PID: 6239) File opened: /proc/1344/exe Jump to behavior
Source: /tmp/shAwKMD85K (PID: 6239) File opened: /proc/1465/exe Jump to behavior
Source: /tmp/shAwKMD85K (PID: 6239) File opened: /proc/1586/exe Jump to behavior
Source: /tmp/shAwKMD85K (PID: 6239) File opened: /proc/1463/exe Jump to behavior
Source: /tmp/shAwKMD85K (PID: 6239) File opened: /proc/2156/exe Jump to behavior
Source: /tmp/shAwKMD85K (PID: 6239) File opened: /proc/800/exe Jump to behavior
Source: /tmp/shAwKMD85K (PID: 6239) File opened: /proc/801/exe Jump to behavior
Source: /tmp/shAwKMD85K (PID: 6239) File opened: /proc/6116/exe Jump to behavior
Source: /tmp/shAwKMD85K (PID: 6239) File opened: /proc/1629/exe Jump to behavior
Source: /tmp/shAwKMD85K (PID: 6239) File opened: /proc/1627/exe Jump to behavior
Source: /tmp/shAwKMD85K (PID: 6239) File opened: /proc/1900/exe Jump to behavior
Source: /tmp/shAwKMD85K (PID: 6239) File opened: /proc/3021/exe Jump to behavior
Source: /tmp/shAwKMD85K (PID: 6239) File opened: /proc/491/exe Jump to behavior
Source: /tmp/shAwKMD85K (PID: 6239) File opened: /proc/2294/exe Jump to behavior
Source: /tmp/shAwKMD85K (PID: 6239) File opened: /proc/2050/exe Jump to behavior
Source: /tmp/shAwKMD85K (PID: 6239) File opened: /proc/1877/exe Jump to behavior
Source: /tmp/shAwKMD85K (PID: 6239) File opened: /proc/772/exe Jump to behavior
Source: /tmp/shAwKMD85K (PID: 6239) File opened: /proc/1633/exe Jump to behavior
Source: /tmp/shAwKMD85K (PID: 6239) File opened: /proc/1599/exe Jump to behavior
Source: /tmp/shAwKMD85K (PID: 6239) File opened: /proc/1632/exe Jump to behavior
Source: /tmp/shAwKMD85K (PID: 6239) File opened: /proc/774/exe Jump to behavior
Source: /tmp/shAwKMD85K (PID: 6239) File opened: /proc/1477/exe Jump to behavior
Source: /tmp/shAwKMD85K (PID: 6239) File opened: /proc/654/exe Jump to behavior
Source: /tmp/shAwKMD85K (PID: 6239) File opened: /proc/896/exe Jump to behavior
Source: /tmp/shAwKMD85K (PID: 6239) File opened: /proc/1476/exe Jump to behavior
Source: /tmp/shAwKMD85K (PID: 6239) File opened: /proc/1872/exe Jump to behavior
Source: /tmp/shAwKMD85K (PID: 6239) File opened: /proc/2048/exe Jump to behavior
Source: /tmp/shAwKMD85K (PID: 6239) File opened: /proc/655/exe Jump to behavior
Source: /tmp/shAwKMD85K (PID: 6239) File opened: /proc/1475/exe Jump to behavior
Source: /tmp/shAwKMD85K (PID: 6239) File opened: /proc/2289/exe Jump to behavior
Source: /tmp/shAwKMD85K (PID: 6239) File opened: /proc/656/exe Jump to behavior
Source: /tmp/shAwKMD85K (PID: 6239) File opened: /proc/777/exe Jump to behavior
Source: /tmp/shAwKMD85K (PID: 6239) File opened: /proc/657/exe Jump to behavior
Source: /tmp/shAwKMD85K (PID: 6239) File opened: /proc/4466/exe Jump to behavior
Source: /tmp/shAwKMD85K (PID: 6239) File opened: /proc/658/exe Jump to behavior
Source: /tmp/shAwKMD85K (PID: 6239) File opened: /proc/4467/exe Jump to behavior
Source: /tmp/shAwKMD85K (PID: 6239) File opened: /proc/4468/exe Jump to behavior
Source: /tmp/shAwKMD85K (PID: 6239) File opened: /proc/419/exe Jump to behavior
Source: /tmp/shAwKMD85K (PID: 6239) File opened: /proc/936/exe Jump to behavior
Source: /tmp/shAwKMD85K (PID: 6239) File opened: /proc/1639/exe Jump to behavior
Source: /tmp/shAwKMD85K (PID: 6239) File opened: /proc/1638/exe Jump to behavior
Source: /tmp/shAwKMD85K (PID: 6239) File opened: /proc/2208/exe Jump to behavior
Source: /tmp/shAwKMD85K (PID: 6239) File opened: /proc/2180/exe Jump to behavior
Source: /tmp/shAwKMD85K (PID: 6239) File opened: /proc/1809/exe Jump to behavior
Source: /tmp/shAwKMD85K (PID: 6239) File opened: /proc/1494/exe Jump to behavior
Source: /tmp/shAwKMD85K (PID: 6239) File opened: /proc/1890/exe Jump to behavior
Source: /tmp/shAwKMD85K (PID: 6239) File opened: /proc/2063/exe Jump to behavior
Source: /tmp/shAwKMD85K (PID: 6239) File opened: /proc/2062/exe Jump to behavior
Source: /tmp/shAwKMD85K (PID: 6239) File opened: /proc/1888/exe Jump to behavior
Source: /tmp/shAwKMD85K (PID: 6239) File opened: /proc/1886/exe Jump to behavior
Source: /tmp/shAwKMD85K (PID: 6239) File opened: /proc/420/exe Jump to behavior
Source: /tmp/shAwKMD85K (PID: 6239) File opened: /proc/1489/exe Jump to behavior
Source: /tmp/shAwKMD85K (PID: 6239) File opened: /proc/785/exe Jump to behavior
Source: /tmp/shAwKMD85K (PID: 6239) File opened: /proc/1642/exe Jump to behavior
Source: /tmp/shAwKMD85K (PID: 6239) File opened: /proc/788/exe Jump to behavior
Source: /tmp/shAwKMD85K (PID: 6239) File opened: /proc/667/exe Jump to behavior
Source: /tmp/shAwKMD85K (PID: 6239) File opened: /proc/789/exe Jump to behavior
Source: /tmp/shAwKMD85K (PID: 6239) File opened: /proc/1648/exe Jump to behavior
Source: /tmp/shAwKMD85K (PID: 6239) File opened: /proc/6157/exe Jump to behavior
Source: /tmp/shAwKMD85K (PID: 6239) File opened: /proc/6310/exe Jump to behavior
Source: /tmp/shAwKMD85K (PID: 6239) File opened: /proc/4498/exe Jump to behavior
Source: /tmp/shAwKMD85K (PID: 6239) File opened: /proc/2078/exe Jump to behavior
Source: /tmp/shAwKMD85K (PID: 6239) File opened: /proc/2077/exe Jump to behavior
Source: /tmp/shAwKMD85K (PID: 6239) File opened: /proc/2074/exe Jump to behavior
Source: /tmp/shAwKMD85K (PID: 6239) File opened: /proc/2195/exe Jump to behavior
Source: /tmp/shAwKMD85K (PID: 6239) File opened: /proc/670/exe Jump to behavior
Source: /tmp/shAwKMD85K (PID: 6239) File opened: /proc/2746/exe Jump to behavior
Source: /tmp/shAwKMD85K (PID: 6239) File opened: /proc/793/exe Jump to behavior

Hooking and other Techniques for Hiding and Protection
barindex
Uses known network protocols on non-standard ports
Source: unknown Network traffic detected: HTTP traffic on port 23 -> 57286
Source: unknown Network traffic detected: HTTP traffic on port 23 -> 57292
Source: unknown Network traffic detected: HTTP traffic on port 23 -> 57300
Source: unknown Network traffic detected: HTTP traffic on port 23 -> 57306
Source: unknown Network traffic detected: HTTP traffic on port 23 -> 57314
Source: unknown Network traffic detected: HTTP traffic on port 23 -> 57320
Source: unknown Network traffic detected: HTTP traffic on port 23 -> 57330
Source: unknown Network traffic detected: HTTP traffic on port 23 -> 57336
Source: unknown Network traffic detected: HTTP traffic on port 23 -> 57342
Source: unknown Network traffic detected: HTTP traffic on port 23 -> 57348
Source: unknown Network traffic detected: HTTP traffic on port 23 -> 57354
Source: unknown Network traffic detected: HTTP traffic on port 23 -> 57360
Source: unknown Network traffic detected: HTTP traffic on port 23 -> 57366
Source: unknown Network traffic detected: HTTP traffic on port 23 -> 57372
Source: unknown Network traffic detected: HTTP traffic on port 23 -> 57376
Source: unknown Network traffic detected: HTTP traffic on port 23 -> 57378
Source: unknown Network traffic detected: HTTP traffic on port 23 -> 57384
Source: unknown Network traffic detected: HTTP traffic on port 23 -> 57386
Source: unknown Network traffic detected: HTTP traffic on port 23 -> 57388
Source: unknown Network traffic detected: HTTP traffic on port 23 -> 57390
Source: unknown Network traffic detected: HTTP traffic on port 23 -> 57392
Source: unknown Network traffic detected: HTTP traffic on port 23 -> 57398
Source: unknown Network traffic detected: HTTP traffic on port 23 -> 57400
Source: unknown Network traffic detected: HTTP traffic on port 23 -> 57402
Source: unknown Network traffic detected: HTTP traffic on port 23 -> 57406
Source: unknown Network traffic detected: HTTP traffic on port 23 -> 57410
Source: unknown Network traffic detected: HTTP traffic on port 23 -> 57428
Source: unknown Network traffic detected: HTTP traffic on port 23 -> 57456
Source: unknown Network traffic detected: HTTP traffic on port 23 -> 53624
Source: unknown Network traffic detected: HTTP traffic on port 23 -> 53634
Source: unknown Network traffic detected: HTTP traffic on port 23 -> 53646
Source: unknown Network traffic detected: HTTP traffic on port 23 -> 53658
Source: unknown Network traffic detected: HTTP traffic on port 23 -> 53686
Source: unknown Network traffic detected: HTTP traffic on port 23 -> 53726
Source: unknown Network traffic detected: HTTP traffic on port 23 -> 53770
Source: unknown Network traffic detected: HTTP traffic on port 23 -> 53800
Source: unknown Network traffic detected: HTTP traffic on port 23 -> 53814
Source: unknown Network traffic detected: HTTP traffic on port 23 -> 53824
Source: unknown Network traffic detected: HTTP traffic on port 23 -> 53832
Source: unknown Network traffic detected: HTTP traffic on port 23 -> 53846
Source: unknown Network traffic detected: HTTP traffic on port 23 -> 53866
Source: unknown Network traffic detected: HTTP traffic on port 23 -> 53888
Source: unknown Network traffic detected: HTTP traffic on port 23 -> 53900
Source: unknown Network traffic detected: HTTP traffic on port 23 -> 53906
Source: unknown Network traffic detected: HTTP traffic on port 23 -> 53916
Source: unknown Network traffic detected: HTTP traffic on port 23 -> 53922
Source: unknown Network traffic detected: HTTP traffic on port 23 -> 53938
Source: unknown Network traffic detected: HTTP traffic on port 23 -> 53946
Source: unknown Network traffic detected: HTTP traffic on port 23 -> 53960
Source: unknown Network traffic detected: HTTP traffic on port 23 -> 53972
Source: unknown Network traffic detected: HTTP traffic on port 23 -> 53982
Source: unknown Network traffic detected: HTTP traffic on port 23 -> 53994
Source: unknown Network traffic detected: HTTP traffic on port 23 -> 54012
Source: unknown Network traffic detected: HTTP traffic on port 23 -> 54032
Source: unknown Network traffic detected: HTTP traffic on port 23 -> 54048
Source: unknown Network traffic detected: HTTP traffic on port 23 -> 54066
Source: unknown Network traffic detected: HTTP traffic on port 23 -> 60628
Source: unknown Network traffic detected: HTTP traffic on port 23 -> 60644
Source: unknown Network traffic detected: HTTP traffic on port 23 -> 60662
Source: unknown Network traffic detected: HTTP traffic on port 23 -> 60682
Source: unknown Network traffic detected: HTTP traffic on port 23 -> 60702
Source: unknown Network traffic detected: HTTP traffic on port 23 -> 60714
Source: unknown Network traffic detected: HTTP traffic on port 23 -> 60724
Source: unknown Network traffic detected: HTTP traffic on port 23 -> 60732
Source: unknown Network traffic detected: HTTP traffic on port 23 -> 60746
Source: unknown Network traffic detected: HTTP traffic on port 23 -> 60756
Source: unknown Network traffic detected: HTTP traffic on port 23 -> 60770
Source: unknown Network traffic detected: HTTP traffic on port 23 -> 60778
Source: unknown Network traffic detected: HTTP traffic on port 23 -> 60792
Source: unknown Network traffic detected: HTTP traffic on port 23 -> 60800
Source: unknown Network traffic detected: HTTP traffic on port 23 -> 60816
Source: unknown Network traffic detected: HTTP traffic on port 23 -> 60834
Source: unknown Network traffic detected: HTTP traffic on port 23 -> 60854
Source: unknown Network traffic detected: HTTP traffic on port 23 -> 60872
Source: unknown Network traffic detected: HTTP traffic on port 23 -> 60890
Source: unknown Network traffic detected: HTTP traffic on port 23 -> 60912
Source: unknown Network traffic detected: HTTP traffic on port 23 -> 60924
Source: unknown Network traffic detected: HTTP traffic on port 23 -> 60936
Source: unknown Network traffic detected: HTTP traffic on port 23 -> 60948
Source: unknown Network traffic detected: HTTP traffic on port 23 -> 60958
Source: unknown Network traffic detected: HTTP traffic on port 23 -> 60968
Source: unknown Network traffic detected: HTTP traffic on port 23 -> 60982
Source: unknown Network traffic detected: HTTP traffic on port 23 -> 60996
Source: unknown Network traffic detected: HTTP traffic on port 23 -> 32774
Uses the "uname" system call to query kernel version information (possible evasion)
Source: /tmp/shAwKMD85K (PID: 6232) Queries kernel information via 'uname': Jump to behavior
Source: shAwKMD85K, 6232.1.00000000a1b01e61.00000000e0dd4486.rw-.sdmp, shAwKMD85K, 6234.1.00000000a1b01e61.00000000e0dd4486.rw-.sdmp, shAwKMD85K, 6310.1.00000000a1b01e61.00000000e0dd4486.rw-.sdmp, shAwKMD85K, 6235.1.00000000a1b01e61.00000000e0dd4486.rw-.sdmp, shAwKMD85K, 6241.1.00000000a1b01e61.00000000e0dd4486.rw-.sdmp, shAwKMD85K, 6243.1.00000000a1b01e61.00000000e0dd4486.rw-.sdmp Binary or memory string: r}x86_64/usr/bin/qemu-sh4/tmp/shAwKMD85KSUDO_USER=saturninoPATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:/snap/binDISPLAY=:1.0XAUTHORITY=/run/user/1000/gdm/XauthoritySUDO_UID=1000TERM=xterm-256colorCOLORTERM=truecolorLOGNAME=rootUSER=rootLANG=en_US.UTF-8SUDO_COMMAND=/bin/bashHOME=/rootMAIL=/var/mail/rootSUDO_GID=1000SHELL=/bin/bash/tmp/shAwKMD85K
Source: shAwKMD85K, 6232.1.00000000a1b01e61.00000000e0dd4486.rw-.sdmp, shAwKMD85K, 6234.1.00000000a1b01e61.00000000e0dd4486.rw-.sdmp, shAwKMD85K, 6310.1.00000000a1b01e61.00000000e0dd4486.rw-.sdmp, shAwKMD85K, 6235.1.00000000a1b01e61.00000000e0dd4486.rw-.sdmp, shAwKMD85K, 6241.1.00000000a1b01e61.00000000e0dd4486.rw-.sdmp, shAwKMD85K, 6243.1.00000000a1b01e61.00000000e0dd4486.rw-.sdmp Binary or memory string: /usr/bin/qemu-sh4
Source: shAwKMD85K, 6232.1.00000000d75652a9.000000006ca34ec5.rw-.sdmp, shAwKMD85K, 6234.1.00000000d75652a9.000000006ca34ec5.rw-.sdmp, shAwKMD85K, 6310.1.00000000d75652a9.000000006ca34ec5.rw-.sdmp, shAwKMD85K, 6235.1.00000000d75652a9.000000006ca34ec5.rw-.sdmp, shAwKMD85K, 6241.1.00000000d75652a9.000000006ca34ec5.rw-.sdmp, shAwKMD85K, 6243.1.00000000d75652a9.000000006ca34ec5.rw-.sdmp Binary or memory string: U5!/etc/qemu-binfmt/sh4
Source: shAwKMD85K, 6232.1.00000000d75652a9.000000006ca34ec5.rw-.sdmp, shAwKMD85K, 6234.1.00000000d75652a9.000000006ca34ec5.rw-.sdmp, shAwKMD85K, 6310.1.00000000d75652a9.000000006ca34ec5.rw-.sdmp, shAwKMD85K, 6235.1.00000000d75652a9.000000006ca34ec5.rw-.sdmp, shAwKMD85K, 6241.1.00000000d75652a9.000000006ca34ec5.rw-.sdmp, shAwKMD85K, 6243.1.00000000d75652a9.000000006ca34ec5.rw-.sdmp Binary or memory string: /etc/qemu-binfmt/sh4

Stealing of Sensitive Information
barindex
Yara detected Mirai
Source: Yara match File source: dump.pcap, type: PCAP

Remote Access Functionality
barindex
Yara detected Mirai
Source: Yara match File source: dump.pcap, type: PCAP

No Screenshots

  • No. of IPs < 25%
  • 25% < No. of IPs < 50%
  • 50% < No. of IPs < 75%
  • 75% < No. of IPs

Contacted Public IPs

IP Domain Country Flag ASN ASN Name Malicious
136.254.214.133
 unknown United States
72 SCHLUMBERGER-ASUS false
28.228.21.175
 unknown United States
7922 COMCAST-7922US false
195.29.138.1
 unknown Croatia (LOCAL Name: Hrvatska)
5391 T-HTCroatianTelecomIncHR false
174.70.114.79
 unknown United States
22773 ASN-CXA-ALL-CCI-22773-RDCUS false
53.59.26.92
 unknown Germany
31399 DAIMLER-ASITIGNGlobalNetworkDE false
192.56.173.43
 unknown United States
20804 ASN-TELENERGOulPERKUNA47WARSZAWAPL false
248.201.75.77
 unknown Reserved
unknown unknown false
194.67.57.227
 unknown Russian Federation
3216 SOVAM-ASRU false
119.162.54.226
 unknown China
4837 CHINA169-BACKBONECHINAUNICOMChina169BackboneCN false
199.163.235.129
 unknown United States
4152 USDA-1US false
23.117.172.126
 unknown United States
7018 ATT-INTERNET4US false
150.205.154.182
 unknown Switzerland
786 JANETJiscServicesLimitedGB false
6.212.101.86
 unknown United States
3356 LEVEL3US false
54.138.90.26
 unknown United States
14618 AMAZON-AESUS false
248.213.170.174
 unknown Reserved
unknown unknown false
160.226.233.205
 unknown South Africa
37542 Iclix-CCZA false
86.126.4.50
 unknown Romania
8708 RCS-RDS73-75DrStaicoviciRO false
253.14.220.175
 unknown Reserved
unknown unknown false
198.242.181.154
 unknown United States
174 COGENT-174US false
195.133.157.153
 unknown Russian Federation
48347 MTW-ASRU false
68.207.70.127
 unknown United States
11427 TWC-11427-TEXASUS false
126.214.54.224
 unknown Japan 17676 GIGAINFRASoftbankBBCorpJP false
104.189.55.132
 unknown United States
7018 ATT-INTERNET4US false
183.186.246.100
 unknown China
4837 CHINA169-BACKBONECHINAUNICOMChina169BackboneCN false
125.171.111.182
 unknown China
4134 CHINANET-BACKBONENo31Jin-rongStreetCN false
51.236.88.62
 unknown United States
2686 ATGS-MMD-ASUS false
205.103.66.165
 unknown United States
721 DNIC-ASBLK-00721-00726US false
98.81.120.23
 unknown United States
11351 TWC-11351-NORTHEASTUS false
175.74.138.216
 unknown China
9394 CTTNETChinaTieTongTelecommunicationsCorporationCN false
118.167.170.25
 unknown Taiwan; Republic of China (ROC)
3462 HINETDataCommunicationBusinessGroupTW false
104.150.9.208
 unknown United States
1832 SMUUS false
136.138.233.92
 unknown United States
60311 ONEFMCH false
172.212.107.176
 unknown United States
18747 IFX18747US false
18.30.220.199
 unknown United States
3 MIT-GATEWAYSUS false
79.85.94.147
 unknown France
15557 LDCOMNETFR false
77.19.124.193
 unknown Norway
2119 TELENOR-NEXTELTelenorNorgeASNO false
177.159.140.161
 unknown Brazil
10429 TELEFONICABRASILSABR false
81.43.163.136
 unknown Spain
3352 TELEFONICA_DE_ESPANAES false
161.152.221.235
 unknown Australia
9328 DATACOM-AUDATACOMSYSTEMSAUPTYLTDAU false
169.246.49.42
 unknown United States
557 UMAINE-SYS-ASUS false
144.73.195.181
 unknown United States
14349 KCPLASN-1US false
221.20.125.203
 unknown Japan 17676 GIGAINFRASoftbankBBCorpJP false
177.44.205.251
 unknown Brazil
262907 AVATOTECNOLOGIABR false
3.164.141.135
 unknown United States
16509 AMAZON-02US false
150.135.225.41
 unknown United States
1706 UNIV-ARIZUS false
159.178.244.61
 unknown United States
6356 NERDCNETUS false
164.137.126.173
 unknown United Kingdom
3303 SWISSCOMSwisscomSwitzerlandLtdCH false
184.226.57.208
 unknown United States
10507 SPCSUS false
40.57.240.237
 unknown United States
4249 LILLY-ASUS false
137.55.229.174
 unknown Netherlands
225 VIRGINIA-ASUS false
89.126.163.87
 unknown Ireland
25441 IBIS-ASImagineGroupLtdIE false
75.35.144.106
 unknown United States
7018 ATT-INTERNET4US false
210.27.170.113
 unknown China
4538 ERX-CERNET-BKBChinaEducationandResearchNetworkCenter false
3.221.46.249
 unknown United States
14618 AMAZON-AESUS false
197.191.38.224
 unknown Ghana
37140 zain-asGH false
164.184.8.109
 unknown United States
37717 EL-KhawarizmiTN false
15.246.89.191
 unknown United States
71 HP-INTERNET-ASUS false
219.205.35.16
 unknown Japan 17676 GIGAINFRASoftbankBBCorpJP false
218.148.64.29
 unknown Korea Republic of
4766 KIXS-AS-KRKoreaTelecomKR false
166.130.159.187
 unknown United States
20057 ATT-MOBILITY-LLC-AS20057US false
49.239.222.105
 unknown China
58834 GCABLENETGuangdongCableCorporationLimitedCN false
60.186.225.144
 unknown China
4134 CHINANET-BACKBONENo31Jin-rongStreetCN false
201.43.5.197
 unknown Brazil
27699 TELEFONICABRASILSABR false
86.93.169.12
 unknown Netherlands
1136 KPNKPNNationalEU false
180.68.95.71
 unknown Korea Republic of
9318 SKB-ASSKBroadbandCoLtdKR false
105.143.188.13
 unknown Morocco
6713 IAM-ASMA false
108.194.245.34
 unknown United States
7018 ATT-INTERNET4US false
29.103.97.167
 unknown United States
7922 COMCAST-7922US false
150.97.135.253
 unknown Japan 2907 SINET-ASResearchOrganizationofInformationandSystemsN false
92.63.171.7
 unknown Netherlands
48635 ASTRALUSNL false
180.131.171.17
 unknown Hong Kong
9304 HUTCHISON-AS-APHGCGlobalCommunicationsLimitedHK false
59.213.224.239
 unknown China
2516 KDDIKDDICORPORATIONJP false
118.82.150.187
 unknown New Zealand
55872 BAYCITY-AS-APBayCityCommunicationsLimitedNZ false
165.239.233.2
 unknown United States
11663 SUG-1US false
201.19.125.109
 unknown Brazil
7738 TelemarNorteLesteSABR false
196.233.130.47
 unknown Tunisia
37492 ORANGE-TN false
66.67.247.157
 unknown United States
11351 TWC-11351-NORTHEASTUS false
100.154.190.21
 unknown United States
21928 T-MOBILE-AS21928US false
190.239.136.114
 unknown Peru
6147 TelefonicadelPeruSAAPE false
91.0.219.10
 unknown Germany
3320 DTAGInternetserviceprovideroperationsDE false
144.192.204.109
 unknown United States
58541 CHINATELECOM-SHANDONG-QINGDAO-IDCQingdao266000CN false
188.2.186.193
 unknown Serbia
31042 SERBIA-BROADBAND-ASSerbiaBroadBand-SrpskeKablovskemreze false
253.81.9.10
 unknown Reserved
unknown unknown false
50.49.184.122
 unknown United States
7011 FRONTIER-AND-CITIZENSUS false
167.248.94.90
 unknown United States
209 CENTURYLINK-US-LEGACY-QWESTUS false
41.125.243.153
 unknown South Africa
16637 MTNNS-ASZA false
4.69.47.250
 unknown United States
3356 LEVEL3US false
39.6.249.2
 unknown Korea Republic of
4766 KIXS-AS-KRKoreaTelecomKR false
188.131.137.206
 unknown China
45090 CNNIC-TENCENT-NET-APShenzhenTencentComputerSystemsCompa false
141.192.80.40
 unknown Finland
1342 FujitsuInviaFinlandIP-networkEU false
120.135.246.182
 unknown China
4835 CHINANET-IDC-SNChinaTelecomGroupCN false
150.84.99.173
 unknown Japan 2907 SINET-ASResearchOrganizationofInformationandSystemsN false
84.218.165.36
 unknown Sweden
2119 TELENOR-NEXTELTelenorNorgeASNO false
37.12.240.43
 unknown Spain
3352 TELEFONICA_DE_ESPANAES false
158.16.70.229
 unknown United States
1504 DNIC-AS-01504US false
196.154.22.45
 unknown Egypt
36935 Vodafone-EG false
202.235.239.206
 unknown Japan 4686 BEKKOAMEBEKKOAMEINTERNETINCJP false
211.91.48.181
 unknown China
4837 CHINA169-BACKBONECHINAUNICOMChina169BackboneCN false
28.216.162.76
 unknown United States
7922 COMCAST-7922US false
143.153.23.32
 unknown United States
385 AFCONC-BLOCK1-ASUS false