Linux Analysis Report
hdqqxiAaUa.elf

Overview

General Information

Sample name: hdqqxiAaUa.elf
renamed because original name is a hash value
Original sample name: 40defb2c363e2ae06208f242cb262b3b.elf
Analysis ID: 1436484
MD5: 40defb2c363e2ae06208f242cb262b3b
SHA1: fee15c7407b2d14797eb0d002123d16ac9cf9023
SHA256: 70cb868eedf88b6c5ceb69aab9d4882dffca1dade03ef0aff6d8dc7aaaa5541c
Tags: 32armelfmirai
Infos:

Detection

Mirai
Score: 88
Range: 0 - 100
Whitelisted: false

Signatures

Malicious sample detected (through community Yara rule)
Multi AV Scanner detection for submitted file
Yara detected Mirai
Sample is packed with UPX
Uses known network protocols on non-standard ports
Detected TCP or UDP traffic on non-standard ports
ELF contains segments with high entropy indicating compressed/encrypted content
Sample contains only a LOAD segment without any section mappings
Uses the "uname" system call to query kernel version information (possible evasion)
Yara signature match

Classification

Name Description Attribution Blogpost URLs Link
Mirai Mirai is one of the first significant botnets targeting exposed networking devices running Linux. Found in August 2016 by MalwareMustDie, its name means "future" in Japanese. Nowadays it targets a wide range of networked embedded devices such as IP cameras, home routers (many vendors involved), and other IoT devices. Since the source code was published on "Hack Forums" many variants of the Mirai family appeared, infecting mostly home networks all around the world. No Attribution https://malpedia.caad.fkie.fraunhofer.de/details/elf.mirai

AV Detection
barindex
Multi AV Scanner detection for submitted file
Source: hdqqxiAaUa.elf Virustotal: Detection: 27% Perma Link
Source: hdqqxiAaUa.elf ReversingLabs: Detection: 42%

Networking
barindex
Uses known network protocols on non-standard ports
Source: unknown Network traffic detected: HTTP traffic on port 23 -> 60434
Source: unknown Network traffic detected: HTTP traffic on port 23 -> 60440
Source: unknown Network traffic detected: HTTP traffic on port 23 -> 60442
Source: unknown Network traffic detected: HTTP traffic on port 23 -> 60446
Source: unknown Network traffic detected: HTTP traffic on port 23 -> 60452
Source: unknown Network traffic detected: HTTP traffic on port 23 -> 50028
Source: unknown Network traffic detected: HTTP traffic on port 23 -> 60466
Source: unknown Network traffic detected: HTTP traffic on port 23 -> 50038
Source: unknown Network traffic detected: HTTP traffic on port 23 -> 60480
Source: unknown Network traffic detected: HTTP traffic on port 23 -> 50054
Source: unknown Network traffic detected: HTTP traffic on port 23 -> 50072
Source: unknown Network traffic detected: HTTP traffic on port 23 -> 60498
Source: unknown Network traffic detected: HTTP traffic on port 23 -> 50084
Source: unknown Network traffic detected: HTTP traffic on port 23 -> 60518
Source: unknown Network traffic detected: HTTP traffic on port 23 -> 50098
Source: unknown Network traffic detected: HTTP traffic on port 23 -> 50118
Source: unknown Network traffic detected: HTTP traffic on port 23 -> 50136
Source: unknown Network traffic detected: HTTP traffic on port 23 -> 60536
Source: unknown Network traffic detected: HTTP traffic on port 23 -> 50152
Source: unknown Network traffic detected: HTTP traffic on port 23 -> 50168
Source: unknown Network traffic detected: HTTP traffic on port 23 -> 38794
Source: unknown Network traffic detected: HTTP traffic on port 23 -> 38796
Source: unknown Network traffic detected: HTTP traffic on port 23 -> 38800
Source: unknown Network traffic detected: HTTP traffic on port 23 -> 38804
Source: unknown Network traffic detected: HTTP traffic on port 23 -> 38806
Source: unknown Network traffic detected: HTTP traffic on port 23 -> 38816
Source: unknown Network traffic detected: HTTP traffic on port 23 -> 38828
Source: unknown Network traffic detected: HTTP traffic on port 23 -> 38842
Source: unknown Network traffic detected: HTTP traffic on port 23 -> 38848
Source: unknown Network traffic detected: HTTP traffic on port 23 -> 38858
Detected TCP or UDP traffic on non-standard ports
Source: global traffic TCP traffic: 192.168.2.14:39788 -> 45.89.190.114:1312
Source: unknown TCP traffic detected without corresponding DNS query: 45.89.190.114
Source: unknown TCP traffic detected without corresponding DNS query: 75.7.75.79
Source: unknown TCP traffic detected without corresponding DNS query: 197.62.48.104
Source: unknown TCP traffic detected without corresponding DNS query: 222.29.218.78
Source: unknown TCP traffic detected without corresponding DNS query: 145.24.190.12
Source: unknown TCP traffic detected without corresponding DNS query: 125.217.200.18
Source: unknown TCP traffic detected without corresponding DNS query: 216.157.126.227
Source: unknown TCP traffic detected without corresponding DNS query: 201.98.232.45
Source: unknown TCP traffic detected without corresponding DNS query: 155.98.55.165
Source: unknown TCP traffic detected without corresponding DNS query: 125.43.102.72
Source: unknown TCP traffic detected without corresponding DNS query: 4.55.22.97
Source: unknown TCP traffic detected without corresponding DNS query: 54.12.239.137
Source: unknown TCP traffic detected without corresponding DNS query: 251.217.137.37
Source: unknown TCP traffic detected without corresponding DNS query: 79.190.134.8
Source: unknown TCP traffic detected without corresponding DNS query: 4.53.150.123
Source: unknown TCP traffic detected without corresponding DNS query: 176.5.177.0
Source: unknown TCP traffic detected without corresponding DNS query: 203.194.178.95
Source: unknown TCP traffic detected without corresponding DNS query: 80.76.160.112
Source: unknown TCP traffic detected without corresponding DNS query: 158.161.23.58
Source: unknown TCP traffic detected without corresponding DNS query: 202.139.255.41
Source: unknown TCP traffic detected without corresponding DNS query: 167.64.170.207
Source: unknown TCP traffic detected without corresponding DNS query: 182.146.237.170
Source: unknown TCP traffic detected without corresponding DNS query: 19.164.57.44
Source: unknown TCP traffic detected without corresponding DNS query: 170.24.37.220
Source: unknown TCP traffic detected without corresponding DNS query: 35.65.255.39
Source: unknown TCP traffic detected without corresponding DNS query: 41.188.75.19
Source: unknown TCP traffic detected without corresponding DNS query: 99.103.154.66
Source: unknown TCP traffic detected without corresponding DNS query: 74.171.214.226
Source: unknown TCP traffic detected without corresponding DNS query: 53.186.153.98
Source: unknown TCP traffic detected without corresponding DNS query: 165.70.132.142
Source: unknown TCP traffic detected without corresponding DNS query: 39.57.86.24
Source: unknown TCP traffic detected without corresponding DNS query: 248.240.191.160
Source: unknown TCP traffic detected without corresponding DNS query: 18.151.225.223
Source: unknown TCP traffic detected without corresponding DNS query: 167.106.177.107
Source: unknown TCP traffic detected without corresponding DNS query: 46.5.119.12
Source: unknown TCP traffic detected without corresponding DNS query: 190.199.133.61
Source: unknown TCP traffic detected without corresponding DNS query: 68.176.161.36
Source: unknown TCP traffic detected without corresponding DNS query: 165.255.22.163
Source: unknown TCP traffic detected without corresponding DNS query: 118.192.124.132
Source: unknown TCP traffic detected without corresponding DNS query: 85.180.21.119
Source: unknown TCP traffic detected without corresponding DNS query: 18.208.3.26
Source: unknown TCP traffic detected without corresponding DNS query: 190.213.88.131
Source: unknown TCP traffic detected without corresponding DNS query: 216.121.241.78
Source: unknown TCP traffic detected without corresponding DNS query: 155.177.92.184
Source: unknown TCP traffic detected without corresponding DNS query: 79.83.177.130
Source: unknown TCP traffic detected without corresponding DNS query: 70.118.187.65
Source: unknown TCP traffic detected without corresponding DNS query: 93.52.217.250
Source: unknown TCP traffic detected without corresponding DNS query: 254.146.106.67
Source: unknown TCP traffic detected without corresponding DNS query: 250.59.222.1
Source: unknown TCP traffic detected without corresponding DNS query: 86.74.90.225
Source: hdqqxiAaUa.elf String found in binary or memory: http://upx.sf.net

System Summary
barindex
Malicious sample detected (through community Yara rule)
Source: 5516.1.00007ff77c017000.00007ff77c028000.r-x.sdmp, type: MEMORY Matched rule: Detects ELF malware Mirai related Author: Florian Roth
Source: 5490.1.00007ff77c017000.00007ff77c028000.r-x.sdmp, type: MEMORY Matched rule: Detects ELF malware Mirai related Author: Florian Roth
Source: 5492.1.00007ff77c017000.00007ff77c028000.r-x.sdmp, type: MEMORY Matched rule: Detects ELF malware Mirai related Author: Florian Roth
Source: 5507.1.00007ff77c017000.00007ff77c028000.r-x.sdmp, type: MEMORY Matched rule: Detects ELF malware Mirai related Author: Florian Roth
Source: 5499.1.00007ff77c017000.00007ff77c028000.r-x.sdmp, type: MEMORY Matched rule: Detects ELF malware Mirai related Author: Florian Roth
Source: 5513.1.00007ff77c017000.00007ff77c028000.r-x.sdmp, type: MEMORY Matched rule: Detects ELF malware Mirai related Author: Florian Roth
Source: 5529.1.00007ff77c017000.00007ff77c028000.r-x.sdmp, type: MEMORY Matched rule: Detects ELF malware Mirai related Author: Florian Roth
Source: 5494.1.00007ff77c017000.00007ff77c028000.r-x.sdmp, type: MEMORY Matched rule: Detects ELF malware Mirai related Author: Florian Roth
Sample contains only a LOAD segment without any section mappings
Source: LOAD without section mappings Program segment: 0x8000
Yara signature match
Source: 5516.1.00007ff77c017000.00007ff77c028000.r-x.sdmp, type: MEMORY Matched rule: MAL_ELF_LNX_Mirai_Oct10_2 date = 2018-10-27, hash1 = fa0018e75f503f9748a5de0d14d4358db234f65e28c31c8d5878cc58807081c9, author = Florian Roth, description = Detects ELF malware Mirai related, reference = Internal Research
Source: 5490.1.00007ff77c017000.00007ff77c028000.r-x.sdmp, type: MEMORY Matched rule: MAL_ELF_LNX_Mirai_Oct10_2 date = 2018-10-27, hash1 = fa0018e75f503f9748a5de0d14d4358db234f65e28c31c8d5878cc58807081c9, author = Florian Roth, description = Detects ELF malware Mirai related, reference = Internal Research
Source: 5492.1.00007ff77c017000.00007ff77c028000.r-x.sdmp, type: MEMORY Matched rule: MAL_ELF_LNX_Mirai_Oct10_2 date = 2018-10-27, hash1 = fa0018e75f503f9748a5de0d14d4358db234f65e28c31c8d5878cc58807081c9, author = Florian Roth, description = Detects ELF malware Mirai related, reference = Internal Research
Source: 5507.1.00007ff77c017000.00007ff77c028000.r-x.sdmp, type: MEMORY Matched rule: MAL_ELF_LNX_Mirai_Oct10_2 date = 2018-10-27, hash1 = fa0018e75f503f9748a5de0d14d4358db234f65e28c31c8d5878cc58807081c9, author = Florian Roth, description = Detects ELF malware Mirai related, reference = Internal Research
Source: 5499.1.00007ff77c017000.00007ff77c028000.r-x.sdmp, type: MEMORY Matched rule: MAL_ELF_LNX_Mirai_Oct10_2 date = 2018-10-27, hash1 = fa0018e75f503f9748a5de0d14d4358db234f65e28c31c8d5878cc58807081c9, author = Florian Roth, description = Detects ELF malware Mirai related, reference = Internal Research
Source: 5513.1.00007ff77c017000.00007ff77c028000.r-x.sdmp, type: MEMORY Matched rule: MAL_ELF_LNX_Mirai_Oct10_2 date = 2018-10-27, hash1 = fa0018e75f503f9748a5de0d14d4358db234f65e28c31c8d5878cc58807081c9, author = Florian Roth, description = Detects ELF malware Mirai related, reference = Internal Research
Source: 5529.1.00007ff77c017000.00007ff77c028000.r-x.sdmp, type: MEMORY Matched rule: MAL_ELF_LNX_Mirai_Oct10_2 date = 2018-10-27, hash1 = fa0018e75f503f9748a5de0d14d4358db234f65e28c31c8d5878cc58807081c9, author = Florian Roth, description = Detects ELF malware Mirai related, reference = Internal Research
Source: 5494.1.00007ff77c017000.00007ff77c028000.r-x.sdmp, type: MEMORY Matched rule: MAL_ELF_LNX_Mirai_Oct10_2 date = 2018-10-27, hash1 = fa0018e75f503f9748a5de0d14d4358db234f65e28c31c8d5878cc58807081c9, author = Florian Roth, description = Detects ELF malware Mirai related, reference = Internal Research
Source: classification engine Classification label: mal88.troj.evad.linELF@0/0@0/0

Data Obfuscation
barindex
Sample is packed with UPX
Source: initial sample String containing UPX found: $Info: This file is packed with the UPX executable packer http://upx.sf.net $
Source: initial sample String containing UPX found: $Info: This file is packed with the UPX executable packer http://upx.sf.net $
Source: initial sample String containing UPX found: $Id: UPX 3.94 Copyright (C) 1996-2017 the UPX Team. All Rights Reserved. $

Hooking and other Techniques for Hiding and Protection
barindex
Uses known network protocols on non-standard ports
Source: unknown Network traffic detected: HTTP traffic on port 23 -> 60434
Source: unknown Network traffic detected: HTTP traffic on port 23 -> 60440
Source: unknown Network traffic detected: HTTP traffic on port 23 -> 60442
Source: unknown Network traffic detected: HTTP traffic on port 23 -> 60446
Source: unknown Network traffic detected: HTTP traffic on port 23 -> 60452
Source: unknown Network traffic detected: HTTP traffic on port 23 -> 50028
Source: unknown Network traffic detected: HTTP traffic on port 23 -> 60466
Source: unknown Network traffic detected: HTTP traffic on port 23 -> 50038
Source: unknown Network traffic detected: HTTP traffic on port 23 -> 60480
Source: unknown Network traffic detected: HTTP traffic on port 23 -> 50054
Source: unknown Network traffic detected: HTTP traffic on port 23 -> 50072
Source: unknown Network traffic detected: HTTP traffic on port 23 -> 60498
Source: unknown Network traffic detected: HTTP traffic on port 23 -> 50084
Source: unknown Network traffic detected: HTTP traffic on port 23 -> 60518
Source: unknown Network traffic detected: HTTP traffic on port 23 -> 50098
Source: unknown Network traffic detected: HTTP traffic on port 23 -> 50118
Source: unknown Network traffic detected: HTTP traffic on port 23 -> 50136
Source: unknown Network traffic detected: HTTP traffic on port 23 -> 60536
Source: unknown Network traffic detected: HTTP traffic on port 23 -> 50152
Source: unknown Network traffic detected: HTTP traffic on port 23 -> 50168
Source: unknown Network traffic detected: HTTP traffic on port 23 -> 38794
Source: unknown Network traffic detected: HTTP traffic on port 23 -> 38796
Source: unknown Network traffic detected: HTTP traffic on port 23 -> 38800
Source: unknown Network traffic detected: HTTP traffic on port 23 -> 38804
Source: unknown Network traffic detected: HTTP traffic on port 23 -> 38806
Source: unknown Network traffic detected: HTTP traffic on port 23 -> 38816
Source: unknown Network traffic detected: HTTP traffic on port 23 -> 38828
Source: unknown Network traffic detected: HTTP traffic on port 23 -> 38842
Source: unknown Network traffic detected: HTTP traffic on port 23 -> 38848
Source: unknown Network traffic detected: HTTP traffic on port 23 -> 38858
ELF contains segments with high entropy indicating compressed/encrypted content
Source: hdqqxiAaUa.elf Submission file: segment LOAD with 7.9434 entropy (max. 8.0)
Uses the "uname" system call to query kernel version information (possible evasion)
Source: /tmp/hdqqxiAaUa.elf (PID: 5490) Queries kernel information via 'uname': Jump to behavior
Source: hdqqxiAaUa.elf, 5490.1.00005591c0bba000.00005591c0da8000.rw-.sdmp, hdqqxiAaUa.elf, 5492.1.00005591c0bba000.00005591c0da8000.rw-.sdmp, hdqqxiAaUa.elf, 5507.1.00005591c0bba000.00005591c0da8000.rw-.sdmp, hdqqxiAaUa.elf, 5529.1.00005591c0bba000.00005591c0da8000.rw-.sdmp, hdqqxiAaUa.elf, 5513.1.00005591c0bba000.00005591c0da8000.rw-.sdmp, hdqqxiAaUa.elf, 5494.1.00005591c0bba000.00005591c0da8000.rw-.sdmp, hdqqxiAaUa.elf, 5516.1.00005591c0bba000.00005591c0da8000.rw-.sdmp, hdqqxiAaUa.elf, 5499.1.00005591c0bba000.00005591c0da8000.rw-.sdmp Binary or memory string: U!/etc/qemu-binfmt/arm
Source: hdqqxiAaUa.elf, 5490.1.00005591c0bba000.00005591c0da8000.rw-.sdmp, hdqqxiAaUa.elf, 5492.1.00005591c0bba000.00005591c0da8000.rw-.sdmp, hdqqxiAaUa.elf, 5507.1.00005591c0bba000.00005591c0da8000.rw-.sdmp, hdqqxiAaUa.elf, 5529.1.00005591c0bba000.00005591c0da8000.rw-.sdmp, hdqqxiAaUa.elf, 5513.1.00005591c0bba000.00005591c0da8000.rw-.sdmp, hdqqxiAaUa.elf, 5494.1.00005591c0bba000.00005591c0da8000.rw-.sdmp, hdqqxiAaUa.elf, 5516.1.00005591c0bba000.00005591c0da8000.rw-.sdmp, hdqqxiAaUa.elf, 5499.1.00005591c0bba000.00005591c0da8000.rw-.sdmp Binary or memory string: /etc/qemu-binfmt/arm
Source: hdqqxiAaUa.elf, 5490.1.00007fff639d9000.00007fff639fa000.rw-.sdmp, hdqqxiAaUa.elf, 5492.1.00007fff639d9000.00007fff639fa000.rw-.sdmp, hdqqxiAaUa.elf, 5507.1.00007fff639d9000.00007fff639fa000.rw-.sdmp, hdqqxiAaUa.elf, 5529.1.00007fff639d9000.00007fff639fa000.rw-.sdmp, hdqqxiAaUa.elf, 5513.1.00007fff639d9000.00007fff639fa000.rw-.sdmp, hdqqxiAaUa.elf, 5494.1.00007fff639d9000.00007fff639fa000.rw-.sdmp, hdqqxiAaUa.elf, 5516.1.00007fff639d9000.00007fff639fa000.rw-.sdmp, hdqqxiAaUa.elf, 5499.1.00007fff639d9000.00007fff639fa000.rw-.sdmp Binary or memory string: /usr/bin/qemu-arm
Source: hdqqxiAaUa.elf, 5490.1.00007fff639d9000.00007fff639fa000.rw-.sdmp, hdqqxiAaUa.elf, 5492.1.00007fff639d9000.00007fff639fa000.rw-.sdmp, hdqqxiAaUa.elf, 5507.1.00007fff639d9000.00007fff639fa000.rw-.sdmp, hdqqxiAaUa.elf, 5529.1.00007fff639d9000.00007fff639fa000.rw-.sdmp, hdqqxiAaUa.elf, 5513.1.00007fff639d9000.00007fff639fa000.rw-.sdmp, hdqqxiAaUa.elf, 5494.1.00007fff639d9000.00007fff639fa000.rw-.sdmp, hdqqxiAaUa.elf, 5516.1.00007fff639d9000.00007fff639fa000.rw-.sdmp, hdqqxiAaUa.elf, 5499.1.00007fff639d9000.00007fff639fa000.rw-.sdmp Binary or memory string: :x86_64/usr/bin/qemu-arm/tmp/hdqqxiAaUa.elfSUDO_USER=saturninoPATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:/snap/binDISPLAY=:1.0XAUTHORITY=/run/user/1000/gdm/XauthoritySUDO_UID=1000TERM=xterm-256colorCOLORTERM=truecolorLOGNAME=rootUSER=rootLANG=en_US.UTF-8SUDO_COMMAND=/bin/bashHOME=/rootMAIL=/var/mail/rootSUDO_GID=1000SHELL=/bin/bash/tmp/hdqqxiAaUa.elf

Stealing of Sensitive Information
barindex
Yara detected Mirai
Source: Yara match File source: 5516.1.00007ff77c017000.00007ff77c028000.r-x.sdmp, type: MEMORY
Source: Yara match File source: 5490.1.00007ff77c017000.00007ff77c028000.r-x.sdmp, type: MEMORY
Source: Yara match File source: 5492.1.00007ff77c017000.00007ff77c028000.r-x.sdmp, type: MEMORY
Source: Yara match File source: 5507.1.00007ff77c017000.00007ff77c028000.r-x.sdmp, type: MEMORY
Source: Yara match File source: 5499.1.00007ff77c017000.00007ff77c028000.r-x.sdmp, type: MEMORY
Source: Yara match File source: 5513.1.00007ff77c017000.00007ff77c028000.r-x.sdmp, type: MEMORY
Source: Yara match File source: 5529.1.00007ff77c017000.00007ff77c028000.r-x.sdmp, type: MEMORY
Source: Yara match File source: 5494.1.00007ff77c017000.00007ff77c028000.r-x.sdmp, type: MEMORY
Source: Yara match File source: Process Memory Space: hdqqxiAaUa.elf PID: 5490, type: MEMORYSTR
Source: Yara match File source: Process Memory Space: hdqqxiAaUa.elf PID: 5492, type: MEMORYSTR
Source: Yara match File source: Process Memory Space: hdqqxiAaUa.elf PID: 5499, type: MEMORYSTR
Source: Yara match File source: Process Memory Space: hdqqxiAaUa.elf PID: 5507, type: MEMORYSTR
Source: Yara match File source: Process Memory Space: hdqqxiAaUa.elf PID: 5513, type: MEMORYSTR
Source: Yara match File source: Process Memory Space: hdqqxiAaUa.elf PID: 5516, type: MEMORYSTR
Source: Yara match File source: dump.pcap, type: PCAP

Remote Access Functionality
barindex
Yara detected Mirai
Source: Yara match File source: 5516.1.00007ff77c017000.00007ff77c028000.r-x.sdmp, type: MEMORY
Source: Yara match File source: 5490.1.00007ff77c017000.00007ff77c028000.r-x.sdmp, type: MEMORY
Source: Yara match File source: 5492.1.00007ff77c017000.00007ff77c028000.r-x.sdmp, type: MEMORY
Source: Yara match File source: 5507.1.00007ff77c017000.00007ff77c028000.r-x.sdmp, type: MEMORY
Source: Yara match File source: 5499.1.00007ff77c017000.00007ff77c028000.r-x.sdmp, type: MEMORY
Source: Yara match File source: 5513.1.00007ff77c017000.00007ff77c028000.r-x.sdmp, type: MEMORY
Source: Yara match File source: 5529.1.00007ff77c017000.00007ff77c028000.r-x.sdmp, type: MEMORY
Source: Yara match File source: 5494.1.00007ff77c017000.00007ff77c028000.r-x.sdmp, type: MEMORY
Source: Yara match File source: Process Memory Space: hdqqxiAaUa.elf PID: 5490, type: MEMORYSTR
Source: Yara match File source: Process Memory Space: hdqqxiAaUa.elf PID: 5492, type: MEMORYSTR
Source: Yara match File source: Process Memory Space: hdqqxiAaUa.elf PID: 5499, type: MEMORYSTR
Source: Yara match File source: Process Memory Space: hdqqxiAaUa.elf PID: 5507, type: MEMORYSTR
Source: Yara match File source: Process Memory Space: hdqqxiAaUa.elf PID: 5513, type: MEMORYSTR
Source: Yara match File source: Process Memory Space: hdqqxiAaUa.elf PID: 5516, type: MEMORYSTR
Source: Yara match File source: dump.pcap, type: PCAP

No Screenshots

  • No. of IPs < 25%
  • 25% < No. of IPs < 50%
  • 50% < No. of IPs < 75%
  • 75% < No. of IPs

Contacted Public IPs

IP Domain Country Flag ASN ASN Name Malicious
142.130.197.202
 unknown Canada
13576 SDNW-13576US false
20.41.150.179
 unknown United States
8075 MICROSOFT-CORP-MSN-AS-BLOCKUS false
86.145.153.97
 unknown United Kingdom
2856 BT-UK-ASBTnetUKRegionalnetworkGB false
135.100.115.128
 unknown United States
18676 AVAYAUS false
98.125.215.5
 unknown United States
209 CENTURYLINK-US-LEGACY-QWESTUS false
63.110.252.214
 unknown United States
705 UUNETUS false
173.111.92.223
 unknown United States
10507 SPCSUS false
112.79.175.60
 unknown India
38266 VODAFONE-INVodafoneIndiaLtdIN false
39.165.76.244
 unknown China
24445 CMNET-V4HENAN-AS-APHenanMobileCommunicationsCoLtdCN false
108.137.225.97
 unknown United States
16509 AMAZON-02US false
244.168.57.252
 unknown Reserved
unknown unknown false
81.43.115.235
 unknown Spain
3352 TELEFONICA_DE_ESPANAES false
84.174.71.111
 unknown Germany
3320 DTAGInternetserviceprovideroperationsDE false
218.205.187.21
 unknown China
56048 CMNET-BEIJING-APChinaMobileCommunicaitonsCorporationCN false
187.145.42.203
 unknown Mexico
8151 UninetSAdeCVMX false
43.187.109.17
 unknown Japan 4249 LILLY-ASUS false
168.92.214.243
 unknown United States
2707 FIRSTCOMM-AS1US false
160.203.239.184
 unknown Japan 7687 D-CRUISENETTOYOTADIGITALCRUISEINCORPORATEDJP false
102.20.106.69
 unknown unknown
37054 Telecom-MalagasyMG false
213.178.82.22
 unknown Germany
13101 TNG-ASTNGStadtnetzGmbHDE false
38.21.136.64
 unknown United States
393670 SFC-GAUS false
253.216.79.122
 unknown Reserved
unknown unknown false
153.239.116.234
 unknown Japan 4713 OCNNTTCommunicationsCorporationJP false
147.148.199.54
 unknown United Kingdom
2856 BT-UK-ASBTnetUKRegionalnetworkGB false
157.141.165.100
 unknown United States
27064 DNIC-ASBLK-27032-27159US false
171.31.126.34
 unknown Hungary
6784 MOLHungarianOilandGasCompanyHU false
209.184.226.176
 unknown United States
797 AMERITECH-ASUS false
68.146.80.104
 unknown Canada
6327 SHAWCA false
173.118.216.82
 unknown United States
10507 SPCSUS false
194.82.82.93
 unknown United Kingdom
786 JANETJiscServicesLimitedGB false
118.164.117.163
 unknown Taiwan; Republic of China (ROC)
3462 HINETDataCommunicationBusinessGroupTW false
13.31.111.164
 unknown United States
26662 XEROX-WVUS false
37.132.200.32
 unknown Spain
12479 UNI2-ASES false
207.165.106.200
 unknown United States
6122 ICN-ASUS false
122.114.141.4
 unknown China
4837 CHINA169-BACKBONECHINAUNICOMChina169BackboneCN false
160.90.83.112
 unknown Morocco
6713 IAM-ASMA false
167.164.195.50
 unknown United States
59447 SAYFANETTR false
62.167.11.172
 unknown Switzerland
6730 SUNRISECH false
93.77.136.58
 unknown Ukraine
25229 VOLIA-ASUA false
148.248.202.130
 unknown Mexico
6503 AxtelSABdeCVMX false
186.116.212.229
 unknown Colombia
3816 COLOMBIATELECOMUNICACIONESSAESPCO false
168.84.247.118
 unknown United States
57717 FBX-ASNL false
105.136.175.99
 unknown Morocco
6713 IAM-ASMA false
110.30.50.130
 unknown Taiwan; Republic of China (ROC)
9674 FET-TWFarEastToneTelecommunicationCoLtdTW false
35.249.207.208
 unknown United States
3549 LVLT-3549US false
100.154.165.82
 unknown United States
21928 T-MOBILE-AS21928US false
218.177.66.155
 unknown Japan 17676 GIGAINFRASoftbankBBCorpJP false
241.83.241.106
 unknown Reserved
unknown unknown false
221.67.214.8
 unknown Japan 17676 GIGAINFRASoftbankBBCorpJP false
200.161.59.70
 unknown Brazil
27699 TELEFONICABRASILSABR false
185.108.193.64
 unknown Russian Federation
204276 EUTELSATRU false
88.211.40.92
 unknown United Kingdom
39633 PITCOREGB false
251.217.137.37
 unknown Reserved
unknown unknown false
67.38.159.108
 unknown United States
7018 ATT-INTERNET4US false
31.66.126.245
 unknown United Kingdom
12576 EELtdGB false
2.149.150.33
 unknown Norway
2119 TELENOR-NEXTELTelenorNorgeASNO false
206.193.222.236
 unknown United States
11915 US-TELEPACIFICUS false
102.222.82.207
 unknown unknown
36926 CKL1-ASNKE false
156.220.29.244
 unknown Egypt
8452 TE-ASTE-ASEG false
57.1.255.189
 unknown Belgium
2686 ATGS-MMD-ASUS false
254.163.195.239
 unknown Reserved
unknown unknown false
176.65.15.67
 unknown Palestinian Territory Occupied
15975 HADARA-ASPS false
71.215.163.161
 unknown United States
209 CENTURYLINK-US-LEGACY-QWESTUS false
179.243.75.75
 unknown Brazil
22085 ClaroSABR false
196.182.137.165
 unknown Cote D'ivoire
36974 AFNET-ASCI false
133.30.102.40
 unknown Japan 2907 SINET-ASResearchOrganizationofInformationandSystemsN false
110.151.219.5
 unknown Australia
1221 ASN-TELSTRATelstraCorporationLtdAU false
179.152.173.174
 unknown Brazil
26599 TELEFONICABRASILSABR false
16.214.161.196
 unknown United States
unknown unknown false
54.119.116.90
 unknown United States
16509 AMAZON-02US false
70.157.209.207
 unknown United States
6389 BELLSOUTH-NET-BLKUS false
223.52.70.200
 unknown Korea Republic of
9644 SKTELECOM-NET-ASSKTelecomKR false
178.1.232.217
 unknown Germany
3209 VODANETInternationalIP-BackboneofVodafoneDE false
240.30.159.80
 unknown Reserved
unknown unknown false
220.182.67.3
 unknown China
4134 CHINANET-BACKBONENo31Jin-rongStreetCN false
80.155.119.161
 unknown Germany
3320 DTAGInternetserviceprovideroperationsDE false
164.88.224.171
 unknown South Africa
137951 CLAYERLIMITED-AS-APClayerLimitedHK false
186.164.26.138
 unknown Venezuela
21575 ENTELPERUSAPE false
142.106.106.108
 unknown Canada
808 GONET-ASN-1CA false
167.228.141.238
 unknown United States
2897 GEORGIA-1US false
218.0.150.179
 unknown China
4134 CHINANET-BACKBONENo31Jin-rongStreetCN false
221.75.176.224
 unknown Japan 17676 GIGAINFRASoftbankBBCorpJP false
96.57.34.5
 unknown United States
6128 CABLE-NET-1US false
147.224.4.200
 unknown United States
2527 SO-NETSo-netEntertainmentCorporationJP false
163.126.72.32
 unknown United States
1761 TDIR-CAPNETUS false
82.172.66.76
 unknown Netherlands
13127 VERSATELASfortheTrans-EuropeanTele2IPTransportbackbo false
200.237.110.244
 unknown Brazil
14886 AtosOriginBrasilLtdaBR false
68.137.134.46
 unknown United States
23148 TERRENAPUS false
76.56.115.49
 unknown United States
18494 CENTURYLINK-LEGACY-EMBARQ-WRBGUS false
94.60.211.163
 unknown Portugal
12353 VODAFONE-PTVodafonePortugalPT false
150.91.201.196
 unknown Japan 18126 CTCXChubuTelecommunicationsCompanyIncJP false
166.42.83.83
 unknown United States
3372 MCI-ASNUS false
165.112.239.231
 unknown United States
3527 NIH-NETUS false
251.144.16.51
 unknown Reserved
unknown unknown false
155.61.20.71
 unknown United States
10235 NAB-AS-APNationalAustraliaBankLimitedAU false
87.22.129.24
 unknown Italy
3269 ASN-IBSNAZIT false
173.83.199.4
 unknown United States
46606 UNIFIEDLAYER-AS-1US false
110.90.127.74
 unknown China
4134 CHINANET-BACKBONENo31Jin-rongStreetCN false
175.96.85.173
 unknown Taiwan; Republic of China (ROC)
24158 TAIWANMOBILE-ASTaiwanMobileCoLtdTW false
63.123.239.180
 unknown United States
11486 COLO-PREM-VZBUS false