Analysis
-
max time kernel
148s -
max time network
150s -
platform
windows10-2004_x64 -
resource
win10v2004-20241007-en -
resource tags
arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system -
submitted
12/10/2024, 01:49 UTC
Static task
static1
Behavioral task
behavioral1
Sample
c108c9f1c3c725b221c947df56589449e367a112cc443b4fca8f1b53ec7412c3.exe
Resource
win7-20240903-en
Behavioral task
behavioral2
Sample
c108c9f1c3c725b221c947df56589449e367a112cc443b4fca8f1b53ec7412c3.exe
Resource
win10v2004-20241007-en
General
-
Target
c108c9f1c3c725b221c947df56589449e367a112cc443b4fca8f1b53ec7412c3.exe
-
Size
1.0MB
-
MD5
64250fbc0c8194727c46f0a4ab569139
-
SHA1
9f08f52161a6870763b7beae581524f41e4260cb
-
SHA256
c108c9f1c3c725b221c947df56589449e367a112cc443b4fca8f1b53ec7412c3
-
SHA512
55f534333a39b36b5e99f551c286282bba7ce346c91014cd42b520471f86dcc5cb4c2681ce6a0e02224f2ae6970fa5d32294ee63839b4a6521914ced8dba0ee4
-
SSDEEP
24576:o5EmXFtKaL4/oFe5T9yyXYfP1ijXdamU3JupouR+:oPVt/LZeJbInQRam9
Malware Config
Extracted
snakekeylogger
Protocol: smtp- Host:
smtp.skagenships.com - Port:
587 - Username:
hr@skagenships.com - Password:
XAqEAz@4
Signatures
-
Snake Keylogger
Keylogger and Infostealer first seen in November 2020.
-
Snake Keylogger payload 1 IoCs
resource yara_rule behavioral2/memory/3412-7-0x0000000000400000-0x0000000000426000-memory.dmp family_snakekeylogger -
Looks up external IP address via web service 1 IoCs
Uses a legitimate IP lookup service to find the infected system's external IP.
flow ioc 9 checkip.dyndns.org -
Suspicious use of SetThreadContext 1 IoCs
description pid Process procid_target PID 2984 set thread context of 3412 2984 c108c9f1c3c725b221c947df56589449e367a112cc443b4fca8f1b53ec7412c3.exe 86 -
Program crash 1 IoCs
pid pid_target Process procid_target 4960 2984 WerFault.exe 82 -
System Location Discovery: System Language Discovery 1 TTPs 4 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
description ioc Process Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language choice.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language c108c9f1c3c725b221c947df56589449e367a112cc443b4fca8f1b53ec7412c3.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language RegSvcs.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language cmd.exe -
Suspicious behavior: EnumeratesProcesses 1 IoCs
pid Process 3412 RegSvcs.exe -
Suspicious behavior: MapViewOfSection 1 IoCs
pid Process 2984 c108c9f1c3c725b221c947df56589449e367a112cc443b4fca8f1b53ec7412c3.exe -
Suspicious use of AdjustPrivilegeToken 1 IoCs
description pid Process Token: SeDebugPrivilege 3412 RegSvcs.exe -
Suspicious use of FindShellTrayWindow 2 IoCs
pid Process 2984 c108c9f1c3c725b221c947df56589449e367a112cc443b4fca8f1b53ec7412c3.exe 2984 c108c9f1c3c725b221c947df56589449e367a112cc443b4fca8f1b53ec7412c3.exe -
Suspicious use of SendNotifyMessage 2 IoCs
pid Process 2984 c108c9f1c3c725b221c947df56589449e367a112cc443b4fca8f1b53ec7412c3.exe 2984 c108c9f1c3c725b221c947df56589449e367a112cc443b4fca8f1b53ec7412c3.exe -
Suspicious use of WriteProcessMemory 10 IoCs
description pid Process procid_target PID 2984 wrote to memory of 3412 2984 c108c9f1c3c725b221c947df56589449e367a112cc443b4fca8f1b53ec7412c3.exe 86 PID 2984 wrote to memory of 3412 2984 c108c9f1c3c725b221c947df56589449e367a112cc443b4fca8f1b53ec7412c3.exe 86 PID 2984 wrote to memory of 3412 2984 c108c9f1c3c725b221c947df56589449e367a112cc443b4fca8f1b53ec7412c3.exe 86 PID 2984 wrote to memory of 3412 2984 c108c9f1c3c725b221c947df56589449e367a112cc443b4fca8f1b53ec7412c3.exe 86 PID 3412 wrote to memory of 4976 3412 RegSvcs.exe 90 PID 3412 wrote to memory of 4976 3412 RegSvcs.exe 90 PID 3412 wrote to memory of 4976 3412 RegSvcs.exe 90 PID 4976 wrote to memory of 5104 4976 cmd.exe 92 PID 4976 wrote to memory of 5104 4976 cmd.exe 92 PID 4976 wrote to memory of 5104 4976 cmd.exe 92
Processes
-
C:\Users\Admin\AppData\Local\Temp\c108c9f1c3c725b221c947df56589449e367a112cc443b4fca8f1b53ec7412c3.exe"C:\Users\Admin\AppData\Local\Temp\c108c9f1c3c725b221c947df56589449e367a112cc443b4fca8f1b53ec7412c3.exe"1⤵
- Suspicious use of SetThreadContext
- System Location Discovery: System Language Discovery
- Suspicious behavior: MapViewOfSection
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2984 -
C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe"C:\Users\Admin\AppData\Local\Temp\c108c9f1c3c725b221c947df56589449e367a112cc443b4fca8f1b53ec7412c3.exe"2⤵
- System Location Discovery: System Language Discovery
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:3412 -
C:\Windows\SysWOW64\cmd.exe"C:\Windows\System32\cmd.exe" /C choice /C Y /N /D Y /T 3 & Del "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe"3⤵
- System Location Discovery: System Language Discovery
- Suspicious use of WriteProcessMemory
PID:4976 -
C:\Windows\SysWOW64\choice.exechoice /C Y /N /D Y /T 34⤵
- System Location Discovery: System Language Discovery
PID:5104
-
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 2984 -s 6962⤵
- Program crash
PID:4960
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -pss -s 184 -p 2984 -ip 29841⤵PID:4268
Network
-
Remote address:8.8.8.8:53Requestcheckip.dyndns.orgIN AResponsecheckip.dyndns.orgIN CNAMEcheckip.dyndns.comcheckip.dyndns.comIN A193.122.6.168checkip.dyndns.comIN A132.226.247.73checkip.dyndns.comIN A132.226.8.169checkip.dyndns.comIN A158.101.44.242checkip.dyndns.comIN A193.122.130.0
-
Remote address:193.122.6.168:80RequestGET / HTTP/1.1
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)
Host: checkip.dyndns.org
Connection: Keep-Alive
ResponseHTTP/1.1 200 OK
Content-Type: text/html
Content-Length: 105
Connection: keep-alive
Cache-Control: no-cache
Pragma: no-cache
X-Request-ID: 3f7164a06d39643b3aefb69c573f7888
-
Remote address:193.122.6.168:80RequestGET / HTTP/1.1
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)
Host: checkip.dyndns.org
ResponseHTTP/1.1 200 OK
Content-Type: text/html
Content-Length: 105
Connection: keep-alive
Cache-Control: no-cache
Pragma: no-cache
X-Request-ID: f887291c9875ac89455321ec1d9e550c
-
Remote address:193.122.6.168:80RequestGET / HTTP/1.1
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)
Host: checkip.dyndns.org
ResponseHTTP/1.1 200 OK
Content-Type: text/html
Content-Length: 105
Connection: keep-alive
Cache-Control: no-cache
Pragma: no-cache
X-Request-ID: e031ddd7a2e24c43ae99bf829aeb8f9b
-
Remote address:193.122.6.168:80RequestGET / HTTP/1.1
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)
Host: checkip.dyndns.org
ResponseHTTP/1.1 200 OK
Content-Type: text/html
Content-Length: 105
Connection: keep-alive
Cache-Control: no-cache
Pragma: no-cache
X-Request-ID: f6980f77622f02639fb19730f51d1cd5
-
Remote address:193.122.6.168:80RequestGET / HTTP/1.1
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)
Host: checkip.dyndns.org
ResponseHTTP/1.1 200 OK
Content-Type: text/html
Content-Length: 105
Connection: keep-alive
Cache-Control: no-cache
Pragma: no-cache
X-Request-ID: 09671aaf839c73a591074e6371195718
-
Remote address:193.122.6.168:80RequestGET / HTTP/1.1
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)
Host: checkip.dyndns.org
ResponseHTTP/1.1 200 OK
Content-Type: text/html
Content-Length: 105
Connection: keep-alive
Cache-Control: no-cache
Pragma: no-cache
X-Request-ID: 647f7824bdd35909d53583ad4b39fef6
-
Remote address:193.122.6.168:80RequestGET / HTTP/1.1
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)
Host: checkip.dyndns.org
ResponseHTTP/1.1 200 OK
Content-Type: text/html
Content-Length: 105
Connection: keep-alive
Cache-Control: no-cache
Pragma: no-cache
X-Request-ID: 6d45b71712ea751b238615c0e1819e41
-
Remote address:193.122.6.168:80RequestGET / HTTP/1.1
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)
Host: checkip.dyndns.org
ResponseHTTP/1.1 200 OK
Content-Type: text/html
Content-Length: 105
Connection: keep-alive
Cache-Control: no-cache
Pragma: no-cache
X-Request-ID: b17cce2d2d154ed48e177fccab57ddaf
-
Remote address:193.122.6.168:80RequestGET / HTTP/1.1
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)
Host: checkip.dyndns.org
ResponseHTTP/1.1 200 OK
Content-Type: text/html
Content-Length: 105
Connection: keep-alive
Cache-Control: no-cache
Pragma: no-cache
X-Request-ID: b580d47e6c3ad9c0390bcde7812e1095
-
Remote address:8.8.8.8:53Request83.210.23.2.in-addr.arpaIN PTRResponse83.210.23.2.in-addr.arpaIN PTRa2-23-210-83deploystaticakamaitechnologiescom
-
Remote address:8.8.8.8:53Request20.160.190.20.in-addr.arpaIN PTRResponse
-
Remote address:8.8.8.8:53Requestreallyfreegeoip.orgIN AResponsereallyfreegeoip.orgIN A104.21.67.152reallyfreegeoip.orgIN A172.67.177.134
-
Remote address:104.21.67.152:443RequestGET /xml/138.199.29.44 HTTP/1.1
Host: reallyfreegeoip.org
Connection: Keep-Alive
ResponseHTTP/1.1 200 OK
Content-Type: application/xml
Transfer-Encoding: chunked
Connection: keep-alive
access-control-allow-origin: *
vary: Accept-Encoding
Cache-Control: max-age=86400
CF-Cache-Status: HIT
Age: 2858
Last-Modified: Sat, 12 Oct 2024 01:01:30 GMT
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=sdkCQkiORJ5ugN%2BIG0WTrK1Y2KVLp0%2FZP9Ng0SFYrp1CHNCBr8rUAiv8pJBfgqBqMqFLQZX%2BnZlHGWPsdKegHx78Eqh4%2FOy2ggPUmRsBcOlFd%2B5frI8IkMYkxJ1FJlxToxpJBxOw"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Server: cloudflare
CF-RAY: 8d136e8169e43da9-LHR
alt-svc: h3=":443"; ma=86400
-
Remote address:104.21.67.152:443RequestGET /xml/138.199.29.44 HTTP/1.1
Host: reallyfreegeoip.org
ResponseHTTP/1.1 200 OK
Content-Type: application/xml
Transfer-Encoding: chunked
Connection: keep-alive
access-control-allow-origin: *
vary: Accept-Encoding
Cache-Control: max-age=86400
CF-Cache-Status: HIT
Age: 2858
Last-Modified: Sat, 12 Oct 2024 01:01:30 GMT
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=SZZKPdDb2%2BkQrfa%2BiGzankPKLxzl%2FOa5WpFcji2eFzosgyJy3iNXtgeITKTpPZMtCg%2FYRiWVBeoSo8kl8oZLyh9%2BnsPP%2BAKn2fSJSEzRI1XpO8fe7dBkV533PFI8ICVXlWEkHyuz"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Server: cloudflare
CF-RAY: 8d136e822a353da9-LHR
alt-svc: h3=":443"; ma=86400
-
Remote address:104.21.67.152:443RequestGET /xml/138.199.29.44 HTTP/1.1
Host: reallyfreegeoip.org
ResponseHTTP/1.1 200 OK
Content-Type: application/xml
Transfer-Encoding: chunked
Connection: keep-alive
access-control-allow-origin: *
vary: Accept-Encoding
Cache-Control: max-age=86400
CF-Cache-Status: HIT
Age: 2858
Last-Modified: Sat, 12 Oct 2024 01:01:30 GMT
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=OTZwY%2BO2ASi21tbomVXyJQ57YEA4ygN5fwmDWC9jDncal5Jfa%2B%2BsWjUFOMln9TLYaWNK2F%2FFgLVx09HsFbUCm4%2FU2WOu%2ForKDryHWaw%2FcBf2V7RDHZim69JQxEnnaqchfrUo5MQJ"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Server: cloudflare
CF-RAY: 8d136e82ca943da9-LHR
alt-svc: h3=":443"; ma=86400
-
Remote address:104.21.67.152:443RequestGET /xml/138.199.29.44 HTTP/1.1
Host: reallyfreegeoip.org
ResponseHTTP/1.1 200 OK
Content-Type: application/xml
Transfer-Encoding: chunked
Connection: keep-alive
access-control-allow-origin: *
vary: Accept-Encoding
Cache-Control: max-age=86400
CF-Cache-Status: HIT
Age: 2859
Last-Modified: Sat, 12 Oct 2024 01:01:30 GMT
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=WsnOj%2BULEHMhei1wHzm99c4svsAbrixZzJdk1%2BAzsQawAXH5IJXd%2Bdl7Y9WRVXRQ6wFFHUoahRfanPF%2BQHplBXPMB%2FQpyl38jMU2CrA4hdSSvTP0E5nuwi3reG8tHyDlqsnjqwIg"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Server: cloudflare
CF-RAY: 8d136e837adb3da9-LHR
alt-svc: h3=":443"; ma=86400
-
Remote address:104.21.67.152:443RequestGET /xml/138.199.29.44 HTTP/1.1
Host: reallyfreegeoip.org
ResponseHTTP/1.1 200 OK
Content-Type: application/xml
Transfer-Encoding: chunked
Connection: keep-alive
access-control-allow-origin: *
vary: Accept-Encoding
Cache-Control: max-age=86400
CF-Cache-Status: HIT
Age: 2859
Last-Modified: Sat, 12 Oct 2024 01:01:30 GMT
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=%2FIp2oiGulKzHAX7tclcnRPGcFI5%2FXEx80AHQ4C477x6UvNOvYhAo%2FeB8F2tFIMReZ3C4OjbVoQeyN1zj%2BfIzbJJuK%2B6gD6T%2BSeAu4D18idH3tKsaBiHymNlYgTJSvALurF2i02aS"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Server: cloudflare
CF-RAY: 8d136e843b323da9-LHR
alt-svc: h3=":443"; ma=86400
-
Remote address:104.21.67.152:443RequestGET /xml/138.199.29.44 HTTP/1.1
Host: reallyfreegeoip.org
ResponseHTTP/1.1 200 OK
Content-Type: application/xml
Transfer-Encoding: chunked
Connection: keep-alive
access-control-allow-origin: *
vary: Accept-Encoding
Cache-Control: max-age=86400
CF-Cache-Status: HIT
Age: 2859
Last-Modified: Sat, 12 Oct 2024 01:01:30 GMT
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=5zXDkkD6ubljTVgKkOd4exzvCfQ%2BGrBh7SSeJbGpkG3p8YHrVkGrv6WVJEuj%2BQcYUaX%2FODf%2BaLOeved%2F9cmuOorrGBrhpEw3f0VEtVjFIsRJcdn3skY3BtndH5%2FRUXrIrycCSUNy"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Server: cloudflare
CF-RAY: 8d136e84db9d3da9-LHR
alt-svc: h3=":443"; ma=86400
-
Remote address:104.21.67.152:443RequestGET /xml/138.199.29.44 HTTP/1.1
Host: reallyfreegeoip.org
ResponseHTTP/1.1 200 OK
Content-Type: application/xml
Transfer-Encoding: chunked
Connection: keep-alive
access-control-allow-origin: *
vary: Accept-Encoding
Cache-Control: max-age=86400
CF-Cache-Status: HIT
Age: 2859
Last-Modified: Sat, 12 Oct 2024 01:01:30 GMT
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=zIjX%2FQBPjJM9fAjaruzkVZuGgCV7fUzDNFkSaJu1M4%2BNyZvjrdaR75%2FbjoSpXyXRjHgm9L%2FruYjOTlIGJ4yzL6p94f%2FBWFWGJLCKqww%2F0pZRkariMYEvoNTPwYXcAQOw5Mvhv%2BiW"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Server: cloudflare
CF-RAY: 8d136e858be43da9-LHR
alt-svc: h3=":443"; ma=86400
-
Remote address:104.21.67.152:443RequestGET /xml/138.199.29.44 HTTP/1.1
Host: reallyfreegeoip.org
ResponseHTTP/1.1 200 OK
Content-Type: application/xml
Transfer-Encoding: chunked
Connection: keep-alive
access-control-allow-origin: *
vary: Accept-Encoding
Cache-Control: max-age=86400
CF-Cache-Status: HIT
Age: 2859
Last-Modified: Sat, 12 Oct 2024 01:01:30 GMT
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=1meeMGEd6vLvvBsnVtuTQD2%2BFZXsTnDhfBhWpy2qroyWossPhwYjK7VOjeFzsPObLt8z%2FnvvWZwEvQKiyHNcyw579a2iR%2Frq%2B8XgGgAXcq5LwbiYk5Lu2ietByqekGGNUjgFlvYS"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Server: cloudflare
CF-RAY: 8d136e863c333da9-LHR
alt-svc: h3=":443"; ma=86400
-
Remote address:8.8.8.8:53Request168.6.122.193.in-addr.arpaIN PTRResponse
-
Remote address:8.8.8.8:53Request152.67.21.104.in-addr.arpaIN PTRResponse
-
Remote address:8.8.8.8:53Request50.23.12.20.in-addr.arpaIN PTRResponse
-
Remote address:8.8.8.8:53Request18.31.95.13.in-addr.arpaIN PTRResponse
-
Remote address:8.8.8.8:53Request75.117.19.2.in-addr.arpaIN PTRResponse75.117.19.2.in-addr.arpaIN PTRa2-19-117-75deploystaticakamaitechnologiescom
-
Remote address:8.8.8.8:53Request172.214.232.199.in-addr.arpaIN PTRResponse
-
Remote address:8.8.8.8:53Request22.236.111.52.in-addr.arpaIN PTRResponse
-
2.0kB 3.4kB 20 11
HTTP Request
GET http://checkip.dyndns.org/HTTP Response
200HTTP Request
GET http://checkip.dyndns.org/HTTP Response
200HTTP Request
GET http://checkip.dyndns.org/HTTP Response
200HTTP Request
GET http://checkip.dyndns.org/HTTP Response
200HTTP Request
GET http://checkip.dyndns.org/HTTP Response
200HTTP Request
GET http://checkip.dyndns.org/HTTP Response
200HTTP Request
GET http://checkip.dyndns.org/HTTP Response
200HTTP Request
GET http://checkip.dyndns.org/HTTP Response
200HTTP Request
GET http://checkip.dyndns.org/HTTP Response
200 -
2.0kB 12.6kB 22 22
HTTP Request
GET https://reallyfreegeoip.org/xml/138.199.29.44HTTP Response
200HTTP Request
GET https://reallyfreegeoip.org/xml/138.199.29.44HTTP Response
200HTTP Request
GET https://reallyfreegeoip.org/xml/138.199.29.44HTTP Response
200HTTP Request
GET https://reallyfreegeoip.org/xml/138.199.29.44HTTP Response
200HTTP Request
GET https://reallyfreegeoip.org/xml/138.199.29.44HTTP Response
200HTTP Request
GET https://reallyfreegeoip.org/xml/138.199.29.44HTTP Response
200HTTP Request
GET https://reallyfreegeoip.org/xml/138.199.29.44HTTP Response
200HTTP Request
GET https://reallyfreegeoip.org/xml/138.199.29.44HTTP Response
200
-
64 B 176 B 1 1
DNS Request
checkip.dyndns.org
DNS Response
193.122.6.168132.226.247.73132.226.8.169158.101.44.242193.122.130.0
-
70 B 133 B 1 1
DNS Request
83.210.23.2.in-addr.arpa
-
72 B 158 B 1 1
DNS Request
20.160.190.20.in-addr.arpa
-
65 B 97 B 1 1
DNS Request
reallyfreegeoip.org
DNS Response
104.21.67.152172.67.177.134
-
72 B 146 B 1 1
DNS Request
168.6.122.193.in-addr.arpa
-
72 B 134 B 1 1
DNS Request
152.67.21.104.in-addr.arpa
-
70 B 156 B 1 1
DNS Request
50.23.12.20.in-addr.arpa
-
70 B 144 B 1 1
DNS Request
18.31.95.13.in-addr.arpa
-
70 B 133 B 1 1
DNS Request
75.117.19.2.in-addr.arpa
-
74 B 128 B 1 1
DNS Request
172.214.232.199.in-addr.arpa
-
72 B 158 B 1 1
DNS Request
22.236.111.52.in-addr.arpa