Info about host

Please enable make sure that the ntop html/ directory is properly installed

Info about host

IP Address 163.30.63.129 Flag for ISO 3166 code tw (from p2c file) [unicast] [ Purge Asset ]

Custom Host Name

First/Last Seen Tue Jul 2 00:00:10 2024 - Tue Jul 2 20:16:01 2024 [Inactive since 1 sec]

Autonomous System 3462

Subnet 163.30.63.128/25

Domain tw

MAC Address Network Interface Card (NIC) 00:26:18:2C:75:E2

Origin AS 3462

Host Location Local (inside specified/local subnet or known network list)

IP TTL (Time to Live) 64:64 [~0 hop(s)]

Total Data Sent 670/15 Pkts/0 Retran. Pkts [0%]

Broadcast Pkts Sent 6 Pkts

Data Sent Stats
Local 50.1 %

Rem 49.9 %

IP vs. Non-IP Sent
IP 49.9 %

Non-IP 50.1 %

Total Data Rcvd 35.2 MBytes/244,600 Pkts/0 Retran. Pkts [0%]

Data Rcvd Stats
0 %

Rem 100 %

IP vs. Non-IP Rcvd
IP 100 %

Non-IP 0 %

Sent vs. Rcvd Pkts
0 %

Rcvd 100 %

Sent vs. Rcvd Data
0 %

Rcvd 100 %

Used Subnet Routers 00:5D:73:14:1A:C1 Network Card
Host Type Printer Printer
VoIP Host VoIP
SMTP (Mail) Server Mail (SMTP)
POP Server
IMAP Server
FTP Server
HTTP Server

Host Healthness (Risk Flags) High Risk Medium Risk Low Risk
Suspicious activities: too many host contacts
Unexpected packets (e.g. traffic to closed port or connection reset):
[Rcvd: rst] [Rcvd: port unreac] [Rcvd: admin prohib]

Host Traffic Stats

Time	Tot. Traffic Sent	% Traffic Sent	Tot. Traffic Rcvd	% Traffic Rcvd
8 PM	0	0.0 %	655.1 KBytes	1.8 %
7 PM	150	22.4 %	2.3 MBytes	6.7 %
6 PM	0	0.0 %	2.0 MBytes	5.8 %
5 PM	56	8.4 %	2.3 MBytes	6.5 %
4 PM	0	0.0 %	2.1 MBytes	6.0 %
3 PM	0	0.0 %	2.1 MBytes	6.1 %
2 PM	56	8.4 %	2.1 MBytes	6.0 %
1 PM	0	0.0 %	2.1 MBytes	6.1 %
12 PM	0	0.0 %	2.3 MBytes	6.4 %
11 AM	56	8.4 %	2.2 MBytes	6.3 %
10 AM	118	17.6 %	2.3 MBytes	6.7 %
9 AM	0	0.0 %	2.2 MBytes	6.2 %
8 AM	56	8.4 %	2.9 MBytes	8.2 %
7 AM	0	0.0 %	2.3 MBytes	6.4 %
6 AM	0	0.0 %	2.1 MBytes	5.9 %
5 AM	122	18.2 %	945.1 KBytes	2.6 %
4 AM	0	0.0 %	399.1 KBytes	1.1 %
3 AM	0	0.0 %	438.7 KBytes	1.2 %
2 AM	56	8.4 %	326.3 KBytes	0.9 %
1 AM	0	0.0 %	500.1 KBytes	1.4 %
12 AM	0	0.0 %	600.8 KBytes	1.7 %
11 PM	0	0.0 %	0	0.0 %
10 PM	0	0.0 %	0	0.0 %
9 PM	0	0.0 %	0	0.0 %
Total

Packet Statistics

TCP Connections	Directed to		Rcvd From
Attempted	105	a.gtld-servers.net h.gtld-servers.net d.gtld-servers.net i.gtld-servers.net e.gtld-servers.net 194.0.1.18 g.gtld-servers.net c.gtld-servers.net	21,720	138.197.221.102 165.154.227.151 visit.keznews.com ec2-18-222-203-183.us-east-2.compute.amazonaws.com unused-space.coop.net 181.82.107.34.bc.googleusercontent.com ec2-3-15-192-152.us-east-2.compute.amazonaws.com ip-58-134.4vendeta.com
Established	105 [100 %]	a.gtld-servers.net h.gtld-servers.net d.gtld-servers.net i.gtld-servers.net e.gtld-servers.net 194.0.1.18 g.gtld-servers.net c.gtld-servers.net	14,157 [65 %]	ec2-18-191-202-41.us-east-2.compute.amazonaws.com 114.119.139.181 ec2-18-222-105-245.us-east-2.compute.amazonaws.com 114.119.135.158 138.197.221.102 ec2-3-144-109-54.us-east-2.compute.amazonaws.com ec2-3-145-201-75.us-east-2.compute.amazonaws.com ec2-3-15-192-152.us-east-2.compute.amazonaws.com

TCP Flags	Pkts Sent		Pkts Rcvd
SYN	105	a.gtld-servers.net h.gtld-servers.net d.gtld-servers.net i.gtld-servers.net e.gtld-servers.net 194.0.1.18 g.gtld-servers.net c.gtld-servers.net	21,720	138.197.221.102 165.154.227.151 visit.keznews.com ec2-18-222-203-183.us-east-2.compute.amazonaws.com unused-space.coop.net 181.82.107.34.bc.googleusercontent.com ec2-3-15-192-152.us-east-2.compute.amazonaws.com ip-58-134.4vendeta.com
RST\|ACK	0		492	198.235.24.64 visit.keznews.com 45.133.173.32 unn-169-150-208-140.datapacket.com 45.133.173.48 unn-149-34-245-206.datapacket.com unn-84-17-51-13.cdn77.com static.194.35.154.94.client.virtualine.xyz
RST	0		8,386	visit.keznews.com visit.keznews.com ec2-3-137-187-204.us-east-2.compute.amazonaws.com ip-114-110.superbithost.com 64.225.111.54 visit.keznews.com 181.82.107.34.bc.googleusercontent.com ip-58-134.4vendeta.com
NULL	0		9	mail413.us2.mcsv.net scanner-11.ch1.censys-scanner.com 199.204.98.122 47.250.81.129 www.internet-albedo.net ip61.ip-87-98-243.eu 199.204.97.10

Anomaly	Pkts Sent to		Pkts Rcvd from
UDP Pkt to Closed Port	31	moestar.edu.tw moemoon.edu.tw ns3.nic.kz ns3.deidoutlet.com ns3.deidoutlet.com ns1.adnet.ro 92.63.202.5 92.63.202.4	0
TCP Pkt Disgnostic Port	0		3	165.154.227.246 192.34.59.235
Tiny Fragments	0		76	ns3.afrinic.net ns1.afrinic.net c.icann-servers.net
ICMP Port Unreachable	0		31	moestar.edu.tw moemoon.edu.tw ns3.nic.kz ns3.deidoutlet.com ns3.deidoutlet.com ns1.adnet.ro 92.63.202.5 92.63.202.4
ICMP Administratively Prohibited	0		20	192.192.61.70 152.67.216.185 sun1.ncu.edu.tw rdns2.ssdnodes.com n303.xyz 188.166.237.80 hostglobal.plus

ARP	Packet
Request Sent	6
Reply Rcvd	6 (100.0 %)
Reply Sent	6

Protocol Distribution

Protocol

Data Sent

Data Rcvd

TCP

0.3 KBytes

30.2 MBytes

UDP

0.0 KBytes

4.8 MBytes

ICMP

0.0 KBytes

6.0 KBytes

(R)ARP

0.3 KBytes

0.5 KBytes

Protocol Distribution

IP Distribution

ICMP Traffic

Type	Pkt Sent	Pkt Rcvd
Echo Request	0	7
Unreach	0	51
Time Exceeded	0	2

IP Fragments Distribution

Protocol	Data Sent	Data Rcvd
UDP	0.0 KBytes	169.0 KBytes
Fragment Distribution
IP Fragment Distribution

Last Contacted Peers

Sent To	IP Address
163.30.63.147	163.30.63.147
138.197.221.102	138.197.221.102
Total Contacts	3

Received From	IP Address
181.82.107.34.bc.googleusercontent.com	34.107.82.181
u.arin.net	204.61.216.50
ns-gce-public3.googledomains.com	216.239.36.102
ns4-16-us-east-2.ec2-rdns.amazonaws.com	205.251.194.123
ns3-24-us-east-2.ec2-rdns.amazonaws.com	205.251.199.23
138.197.221.102	138.197.221.102
ec2-3-15-192-152.us-east-2.compute.amazonaws.com	3.15.192.152
ip-58-134.4vendeta.com	79.124.58.134
Total Contacts	18978

IP Service Stats: Server Role

# Loc. Req. Rcvd # Rem. Req. Rcvd # Pos. Reply Sent # Neg. Reply Sent Local RndTrip Rem RndTrip

DNS 24 100.0% 0 0.0% 0 0.0% 0 0.0% 0.0 ms - 0.0 ms 0.0 ms - 0.0 ms

	# Loc. Req. Rcvd	# Rem. Req. Rcvd	# Pos. Reply Sent	# Neg. Reply Sent	Local RndTrip	Rem RndTrip
DNS	24	100.0%	0	0.0%	0	0.0%	0	0.0%	0.0 ms - 0.0 ms	0.0 ms - 0.0 ms

TCP/UDP Service/Port Usage

IP Service	Port	# Client Sess.	Last Client Peer	# Server Sess.	Last Server Peer
ftp	21			7/968	88.214.25.62
ssh	22			16051/14.7 MBytes	138.197.221.102
smtp	25			88/1.4 KBytes	static.194.35.154.94.client.virtualine.xyz
domain	53	13836/4.1 MBytes	ns3-24-us-east-2.ec2-rdns.amazonaws.com	27/1.3 KBytes	206.168.34.217
http	80			1/91	scan-13k.shadowserver.org
pop3	110			8/649	00:5D:73:14:1A:C1
smux	199			6/366	165.154.227.205
submission	587			10/792	azpdwsc33.stretchoid.com

TCP/UDP - Traffic on Other Ports

Client Port	Server Port
	3000

TCP/UDP Recently Used Ports

Client Port	Server Port
50021	ssh

Active TCP/UDP Sessions

Client	Server	Data Sent	Data Rcvd	Active Since	Last Seen	Duration	Inactive	Client/Server Network Delay		L7 Proto	Note
138.197.221.102 :56740	host :ssh	1.1 KBytes	0	Tue Jul 2 20:16:00 2024	Tue Jul 2 20:16:01 2024	1 sec	1 sec				SYN ACK PUSH

The color of the host link indicates how recently the host was FIRST seen
0 to 5 minutes	5 to 15 minutes	15 to 30 minutes	30 to 60 minutes	60+ minutes