Mastodawn

2026-05-31 RDP #Honeypot IOCs - 744 scans
Thread with top 3 features in each category and links to the full dataset
#DFIR #InfoSec

Top IPs:
152.42.212.128 - 342
150.241.205.170 - 141
80.94.95.221 - 117

Top ASNs:
AS14061 - 363
AS151338 - 141
AS204428 - 117

Top Accounts:
hello - 543
Administr - 120
(empty) - 36

Top ISPs:
DigitalOcean, LLC - 363
Polonetwork Limited - 141
SS-Net - 117

Top Clients:
Unknown - 744

Top Software:
Unknown - 744

Top Keyboards:
Unknown - 744

Top IP Classification:
hosting - 393
Unknown - 348
hosting & proxy - 3

Pastebin links with full 24-hr RDP Honeypot IOC Lists:
Bad API request, invalid api_dev_key

#CyberSec #SOC #Blueteam #SecOps #Security

RDP Snitch 2h ago

2026-05-31 RDP #Honeypot IOCs - 496 scans
Thread with top 3 features in each category and links to the full dataset
#DFIR #InfoSec

Top IPs:
152.42.212.128 - 228
150.241.205.170 - 94
80.94.95.221 - 78

Top ASNs:
AS14061 - 242
AS151338 - 94
AS204428 - 78

Top Accounts:
hello - 362
Administr - 80
(empty) - 24

Top ISPs:
DigitalOcean, LLC - 242
Polonetwork Limited - 94
SS-Net - 78

Top Clients:
Unknown - 496

Top Software:
Unknown - 496

Top Keyboards:
Unknown - 496

Top IP Classification:
hosting - 262
Unknown - 232
hosting & proxy - 2

Pastebin links with full 24-hr RDP Honeypot IOC Lists:
Bad API request, invalid api_dev_key

#CyberSec #SOC #Blueteam #SecOps #Security

RDP Snitch 2h ago

2026-05-31 RDP #Honeypot IOCs - 248 scans
Thread with top 3 features in each category and links to the full dataset
#DFIR #InfoSec

Top IPs:
152.42.212.128 - 114
150.241.205.170 - 47
80.94.95.221 - 39

Top ASNs:
AS14061 - 121
AS151338 - 47
AS204428 - 39

Top Accounts:
hello - 181
Administr - 40
(empty) - 12

Top ISPs:
DigitalOcean, LLC - 121
Polonetwork Limited - 47
SS-Net - 39

Top Clients:
Unknown - 248

Top Software:
Unknown - 248

Top Keyboards:
Unknown - 248

Top IP Classification:
hosting - 131
Unknown - 116
hosting & proxy - 1

Pastebin links with full 24-hr RDP Honeypot IOC Lists:
Bad API request, invalid api_dev_key

#CyberSec #SOC #Blueteam #SecOps #Security

Phillmoore 19h ago

Week 22 - 2026 #DFIR
https://thisweekin4n6.com/2026/05/31/week-22-2026/

Week 22 – 2026

If your organisation is interested in sponsoring an upcoming post then reach out via the contact form!No sponsor this week Forensic Analysis Brian Carrier at Cyber Triage DFIR+AI Primer: How to Com…

This Week In 4n6

RDP Snitch 1d ago

2026-05-30 RDP #Honeypot IOCs - 879 scans
Thread with top 3 features in each category and links to the full dataset
#DFIR #InfoSec

Top IPs:
150.241.205.170 - 693
80.94.95.221 - 60
193.169.194.14 - 30

Top ASNs:
AS151338 - 693
AS204428 - 60
AS396982 - 39

Top Accounts:
hello - 708
Administr - 63
(empty) - 39

Top ISPs:
Polonetwork Limited - 693
SS-Net - 60
Google LLC - 39

Top Clients:
Unknown - 879

Top Software:
Unknown - 879

Top Keyboards:
Unknown - 879

Top IP Classification:
Unknown - 813
hosting - 51
hosting & proxy - 15

Pastebin links with full 24-hr RDP Honeypot IOC Lists:
Bad API request, invalid api_dev_key

#CyberSec #SOC #Blueteam #SecOps #Security

RDP Snitch 1d ago

2026-05-30 RDP #Honeypot IOCs - 586 scans
Thread with top 3 features in each category and links to the full dataset
#DFIR #InfoSec

Top IPs:
150.241.205.170 - 462
80.94.95.221 - 40
193.169.194.14 - 20

Top ASNs:
AS151338 - 462
AS204428 - 40
AS396982 - 26

Top Accounts:
hello - 472
Administr - 42
(empty) - 26

Top ISPs:
Polonetwork Limited - 462
SS-Net - 40
Google LLC - 26

Top Clients:
Unknown - 586

Top Software:
Unknown - 586

Top Keyboards:
Unknown - 586

Top IP Classification:
Unknown - 542
hosting - 34
hosting & proxy - 10

Pastebin links with full 24-hr RDP Honeypot IOC Lists:
Bad API request, invalid api_dev_key

#CyberSec #SOC #Blueteam #SecOps #Security

RDP Snitch 1d ago

2026-05-30 RDP #Honeypot IOCs - 293 scans
Thread with top 3 features in each category and links to the full dataset
#DFIR #InfoSec

Top IPs:
150.241.205.170 - 231
80.94.95.221 - 20
193.169.194.14 - 10

Top ASNs:
AS151338 - 231
AS204428 - 20
AS396982 - 13

Top Accounts:
hello - 236
Administr - 21
(empty) - 13

Top ISPs:
Polonetwork Limited - 231
SS-Net - 20
Google LLC - 13

Top Clients:
Unknown - 293

Top Software:
Unknown - 293

Top Keyboards:
Unknown - 293

Top IP Classification:
Unknown - 271
hosting - 17
hosting & proxy - 5

Pastebin links with full 24-hr RDP Honeypot IOC Lists:
Bad API request, invalid api_dev_key

#CyberSec #SOC #Blueteam #SecOps #Security

DarkJstr 1d ago

Spotted a TikTok video promoting free Fortnite skins linking to fortgg[.]cc. Ended up being a full AiTM phishing kit impersonating Epic Games login.

The kit uses a custom DNSPod CAPTCHA gate to block scanners then serves a pixel perfect Epic Games credential harvester. Under the hood it hooks fetch and XHR to proxy requests to Epic in real time bypassing all 2FA methods including authenticator app, SMS, backup codes and Epic app.

After credential harvest victims are redirected to a fake "Star Locker" page to keep them busy while the operator processes the stolen session token server side.

Source code comments are in Russian. Hosted on 91.227.114.14 AS210006 bullet proof infrastructure. Related domains on same IP include Valorant themed kits suggesting a single operator targeting multiple gaming platforms.

IOCs in image.

#CTI #ThreatIntel #Phishing #AiTM #EpicGames #Fortnite #OSINT #DFIR #infosec #malware