← Back to Pulse Feed
PULSE DETAIL
PULSE NAME
React2Shell (CVE-2025-55182) Honeypot
WHITE jnazario 2026-01-17 Modified: 2026-02-16
14
IOCs
MEDIUM VOLUME
React2Shell (CVE-2025-55182) is a critical Remote Code Execution (RCE) vulnerability affecting the React Server Components (RSC) "Flight" protocol. It has a CVSS score of 10.0 (Critical). The analyzed logs cover the period from December 4, 2025 to December 8, 2025. The following atomic indicators were extracted from the "Suspicious" traffic logs.
url httpreact2shellcve202555182react serverdecemberbase64malware dropperbinary downloadbotnet binarypayload hostingexecutioncriticalxmrigratsvshelletherratdownloaddropperflasherrorboltsbase64 python
MITRE ATT&CK & Malware Families
ATT&CK TECHNIQUES
MALWARE FAMILIES
Bolts Base64 Python
Indicators of Compromise (14)
All CVE URL domain hostname
TYPEINDICATORDESCRIPTIONCREATED
CVE CVE-2025-55182 2026-01-17
URL http://176.117.107.154/bot 2026-01-17
URL http://193.159.99.95/rondo.aqu.sh 2026-01-17
URL http://193.34.213.150/nuts/bolts 2026-01-17
URL http://193.34.213.150/nuts/x86 2026-01-17
URL http://23.228.188.126/rondo.aqu.sh 2026-01-17
URL http://31.56.27.76/n2/x86;chmod 2026-01-17
URL http://41.231.37.153/rondo.aqu.sh 2026-01-17
URL http://89.144.31.18/nuts/x86 2026-01-17
URL http://gfxnick.emerald.usbx.me/bot 2026-01-17
domain hellknight.xyz 2026-01-17
domain notrooter.pl 2026-01-17
hostname api.hellknight.xyz 2026-01-17
hostname gfxnick.emerald.usbx.me 2026-01-17