🕵️ 𝗜𝗣 𝗰𝗵𝗲𝗹𝗼𝘂 𝗱𝘂 𝗷𝗼𝘂𝗿
🕵️ Fiche : "Le Randonneur CGI du Kazakhstan"
📍 109.248.231.212 | AS203087 | 🇰🇿 KZ
💥 4 attaques : CVE-2017-9841, CVE-2021-41773/42013
🎯 Spécialité : path traversal en double encodage URL (%%32%65… soit "../" déguisé)
🐘 Bonus : cherche eval-stdin.php de PHPUnit
Slashe des chemins comme si `/../../../bin/sh` était un sentier balisé 🥾
#honeypot #infosec #threatintel
🍯 Détecté par le honeypot CyberVeille.ch
🗺️ https://cyberveille.ch/map/
2026-05-03 RDP #Honeypot IOCs - 324 scans
Thread with top 3 features in each category and links to the full dataset
#DFIR #InfoSec
Top IPs:
183.81.35.16 - 78
216.226.76.20 - 30
80.94.95.43 - 27
Top ASNs:
AS18403 - 78
AS204428 - 51
AS396982 - 36
Top Accounts:
hello - 123
Administr - 51
Test - 24
Top ISPs:
FPT Telecom Company - 78
SS-Net - 51
Google LLC - 36
Top Clients:
Unknown - 324
Top Software:
Unknown - 324
Top Keyboards:
Unknown - 324
Top IP Classification:
Unknown - 231
hosting - 90
hosting & proxy - 3
Pastebin links with full 24-hr RDP Honeypot IOC Lists:
Bad API request, invalid api_dev_key
2026-05-03 RDP #Honeypot IOCs - 216 scans
Thread with top 3 features in each category and links to the full dataset
#DFIR #InfoSec
Top IPs:
183.81.35.16 - 52
216.226.76.20 - 20
80.94.95.43 - 18
Top ASNs:
AS18403 - 52
AS204428 - 34
AS396982 - 24
Top Accounts:
hello - 82
Administr - 34
Test - 16
Top ISPs:
FPT Telecom Company - 52
SS-Net - 34
Google LLC - 24
Top Clients:
Unknown - 216
Top Software:
Unknown - 216
Top Keyboards:
Unknown - 216
Top IP Classification:
Unknown - 154
hosting - 60
hosting & proxy - 2
Pastebin links with full 24-hr RDP Honeypot IOC Lists:
Bad API request, invalid api_dev_key
2026-05-03 RDP #Honeypot IOCs - 108 scans
Thread with top 3 features in each category and links to the full dataset
#DFIR #InfoSec
Top IPs:
183.81.35.16 - 26
216.226.76.20 - 10
80.94.95.43 - 9
Top ASNs:
AS18403 - 26
AS204428 - 17
AS396982 - 12
Top Accounts:
hello - 41
Administr - 17
Test - 8
Top ISPs:
FPT Telecom Company - 26
SS-Net - 17
Google LLC - 12
Top Clients:
Unknown - 108
Top Software:
Unknown - 108
Top Keyboards:
Unknown - 108
Top IP Classification:
Unknown - 77
hosting - 30
hosting & proxy - 1
Pastebin links with full 24-hr RDP Honeypot IOC Lists:
Bad API request, invalid api_dev_key
🕵️ 𝗜𝗣 𝗰𝗵𝗲𝗹𝗼𝘂 𝗱𝘂 𝗷𝗼𝘂𝗿
🎯 Fiche : "Le Path Traversal Texan de Contabo"
🌐 66.94.112.214 (AS40021)
💥 CVE-2017-9841 + Apache 2021-41773/42013
🔍 Cible : PHPUnit eval-stdin & /cgi-bin/../../../bin/sh
🤖 UA: libredtail-http
Double-encodage de "." en %%32%65 : créatif, mais notre honeypot a lu la doc aussi 🍯
#honeypot #infosec #threatintel
🍯 Détecté par le honeypot CyberVeille.ch
🗺️ https://cyberveille.ch/map/
2026-05-02 RDP #Honeypot IOCs - 135 scans
Thread with top 3 features in each category and links to the full dataset
#DFIR #InfoSec
Top IPs:
103.149.252.223 - 30
162.216.150.103 - 12
198.235.24.71 - 9
Top ASNs:
AS396982 - 48
AS135918 - 30
AS48090 - 9
Top Accounts:
hello - 42
(empty) - 21
Test - 12
Top ISPs:
Google LLC - 48
AI-SOL - 30
Techoff SRV Limited - 9
Top Clients:
Unknown - 135
Top Software:
Unknown - 135
Top Keyboards:
Unknown - 135
Top IP Classification:
Unknown - 63
hosting - 57
proxy - 12
Pastebin links with full 24-hr RDP Honeypot IOC Lists:
Bad API request, invalid api_dev_key
2026-05-02 RDP #Honeypot IOCs - 90 scans
Thread with top 3 features in each category and links to the full dataset
#DFIR #InfoSec
Top IPs:
103.149.252.223 - 20
162.216.150.103 - 8
198.235.24.71 - 6
Top ASNs:
AS396982 - 32
AS135918 - 20
AS48090 - 6
Top Accounts:
hello - 28
(empty) - 14
Test - 8
Top ISPs:
Google LLC - 32
AI-SOL - 20
Techoff SRV Limited - 6
Top Clients:
Unknown - 90
Top Software:
Unknown - 90
Top Keyboards:
Unknown - 90
Top IP Classification:
Unknown - 42
hosting - 38
proxy - 8
Pastebin links with full 24-hr RDP Honeypot IOC Lists:
Bad API request, invalid api_dev_key
2026-05-02 RDP #Honeypot IOCs - 45 scans
Thread with top 3 features in each category and links to the full dataset
#DFIR #InfoSec
Top IPs:
103.149.252.223 - 10
162.216.150.103 - 4
198.235.24.71 - 3
Top ASNs:
AS396982 - 16
AS135918 - 10
AS48090 - 3
Top Accounts:
hello - 14
(empty) - 7
Test - 4
Top ISPs:
Google LLC - 16
AI-SOL - 10
Techoff SRV Limited - 3
Top Clients:
Unknown - 45
Top Software:
Unknown - 45
Top Keyboards:
Unknown - 45
Top IP Classification:
Unknown - 21
hosting - 19
proxy - 4
Pastebin links with full 24-hr RDP Honeypot IOC Lists:
Bad API request, invalid api_dev_key
🕵️ 𝗜𝗣 𝗰𝗵𝗲𝗹𝗼𝘂 𝗱𝘂 𝗷𝗼𝘂𝗿
🕵️ Fiche : "Le Path Traversal de São Paulo"
📍 45.187.193.10 🇧🇷 (AS269477)
💥 4 attaques : CVE-2021-41773/42013 (Apache path traversal), CVE-2017-9841 (PHPUnit RCE)
🎯 Cible /cgi-bin/ avec du double-encodage URL… subtil comme un éléphant en %%32%65%%32%65
Niveau créativité : 2/10, CVEs de 2017 incluses 😴
#honeypot #infosec #threatintel
🍯 Détecté par le honeypot CyberVeille.ch
🗺️ https://cyberveille.ch/map/
2026-05-01 RDP #Honeypot IOCs - 261 scans
Thread with top 3 features in each category and links to the full dataset
#DFIR #InfoSec
Top IPs:
103.149.252.223 - 54
80.94.95.221 - 54
45.142.193.145 - 21
Top ASNs:
AS204428 - 69
AS135918 - 54
AS396982 - 36
Top Accounts:
Administr - 87
hello - 81
Test - 39
Top ISPs:
SS-Net - 69
AI-SOL - 54
Google LLC - 36
Top Clients:
Unknown - 261
Top Software:
Unknown - 261
Top Keyboards:
Unknown - 261
Top IP Classification:
Unknown - 207
hosting - 42
mobile & hosting - 6
Pastebin links with full 24-hr RDP Honeypot IOC Lists:
Bad API request, invalid api_dev_key
Bobe'bot on security
RDP Snitch