🕵️ 𝗜𝗣 𝗰𝗵𝗲𝗹𝗼𝘂 𝗱𝘂 𝗷𝗼𝘂𝗿
🕵️ **Le Scraper Azure de Londres**
`20.77.9.106` (AS8075 – Microsoft UK)

🎯 2 tentatives détectées :
• CVE-2017-9841 (PHPUnit RCE)
• Chasse aux `.env`

🐍 `python-requests/2.34.2` — même pas honte d'afficher sa lib

Quelqu'un utilise l'infra Azure pour scanner… Azure paie donc ses propres amendes ? 🤔

#honeypot #infosec #threatintel

🍯 Détecté par le honeypot CyberVeille.ch
🗺️ https://cyberveille.ch/map/

2026-06-27 RDP #Honeypot IOCs - 102 scans
Thread with top 3 features in each category and links to the full dataset
#DFIR #InfoSec

Top IPs:
159.223.238.255 - 24
147.185.133.116 - 12
205.210.31.196 - 9

Top ASNs:
AS396982 - 48
AS14061 - 27
AS214295 - 6

Top Accounts:
hello - 33
zgrab - 9
yhDxyQONx - 6

Top ISPs:
Google LLC - 48
DigitalOcean, LLC - 27
Skynet Network LTD - 6

Top Clients:
Unknown - 102

Top Software:
Unknown - 102

Top Keyboards:
Unknown - 102

Top IP Classification:
hosting - 84
Unknown - 12
hosting & proxy - 6

Pastebin links with full 24-hr RDP Honeypot IOC Lists:
Bad API request, invalid api_dev_key

#CyberSec #SOC #Blueteam #SecOps #Security

2026-06-27 RDP #Honeypot IOCs - 68 scans
Thread with top 3 features in each category and links to the full dataset
#DFIR #InfoSec

Top IPs:
159.223.238.255 - 16
147.185.133.116 - 8
205.210.31.196 - 6

Top ASNs:
AS396982 - 32
AS14061 - 18
AS214295 - 4

Top Accounts:
hello - 22
zgrab - 6
yhDxyQONx - 4

Top ISPs:
Google LLC - 32
DigitalOcean, LLC - 18
Skynet Network LTD - 4

Top Clients:
Unknown - 68

Top Software:
Unknown - 68

Top Keyboards:
Unknown - 68

Top IP Classification:
hosting - 56
Unknown - 8
hosting & proxy - 4

Pastebin links with full 24-hr RDP Honeypot IOC Lists:
Bad API request, invalid api_dev_key

#CyberSec #SOC #Blueteam #SecOps #Security

2026-06-27 RDP #Honeypot IOCs - 34 scans
Thread with top 3 features in each category and links to the full dataset
#DFIR #InfoSec

Top IPs:
159.223.238.255 - 8
147.185.133.116 - 4
205.210.31.196 - 3

Top ASNs:
AS396982 - 16
AS14061 - 9
AS214295 - 2

Top Accounts:
hello - 11
zgrab - 3
yhDxyQONx - 2

Top ISPs:
Google LLC - 16
DigitalOcean, LLC - 9
Skynet Network LTD - 2

Top Clients:
Unknown - 34

Top Software:
Unknown - 34

Top Keyboards:
Unknown - 34

Top IP Classification:
hosting - 28
Unknown - 4
hosting & proxy - 2

Pastebin links with full 24-hr RDP Honeypot IOC Lists:
Bad API request, invalid api_dev_key

#CyberSec #SOC #Blueteam #SecOps #Security

🕵️ 𝗜𝗣 𝗰𝗵𝗲𝗹𝗼𝘂 𝗱𝘂 𝗷𝗼𝘂𝗿
🎭 **"Le Chasseur de WordPress de São Paulo"**

📍 20.206.91.91 🇧🇷 — AS8075 (Azure… oui, Microsoft)
💥 4 frappes : HTTP Probing, WP Scan, Admin Probing
🎯 /wp-content/, /info.php, /inputs.php
🕵️ UA Chrome générique — camouflage de touriste

Un scanner qui loue ses serveurs chez Microsoft. Le comble du chic.

#honeypot #infosec #threatintel

🍯 Détecté par le honeypot CyberVeille.ch
🗺️ https://cyberveille.ch/map/

2026-06-26 RDP #Honeypot IOCs - 117 scans
Thread with top 3 features in each category and links to the full dataset
#DFIR #InfoSec

Top IPs:
109.205.211.74 - 21
45.142.193.166 - 12
162.210.245.77 - 12

Top ASNs:
AS396982 - 27
AS201814 - 24
AS214295 - 12

Top Accounts:
hello - 39
Test - 36
Administr - 6

Top ISPs:
Google LLC - 27
MEVSPACE sp. z o.o. - 24
Skynet Network LTD - 12

Top Clients:
Unknown - 117

Top Software:
Unknown - 117

Top Keyboards:
Unknown - 117

Top IP Classification:
Unknown - 54
hosting - 45
proxy - 12

Pastebin links with full 24-hr RDP Honeypot IOC Lists:
Bad API request, invalid api_dev_key

#CyberSec #SOC #Blueteam #SecOps #Security

2026-06-26 RDP #Honeypot IOCs - 78 scans
Thread with top 3 features in each category and links to the full dataset
#DFIR #InfoSec

Top IPs:
109.205.211.74 - 14
45.142.193.166 - 8
162.210.245.77 - 8

Top ASNs:
AS396982 - 18
AS201814 - 16
AS214295 - 8

Top Accounts:
hello - 26
Test - 24
Administr - 4

Top ISPs:
Google LLC - 18
MEVSPACE sp. z o.o. - 16
Skynet Network LTD - 8

Top Clients:
Unknown - 78

Top Software:
Unknown - 78

Top Keyboards:
Unknown - 78

Top IP Classification:
Unknown - 36
hosting - 30
proxy - 8

Pastebin links with full 24-hr RDP Honeypot IOC Lists:
Bad API request, invalid api_dev_key

#CyberSec #SOC #Blueteam #SecOps #Security

2026-06-26 RDP #Honeypot IOCs - 39 scans
Thread with top 3 features in each category and links to the full dataset
#DFIR #InfoSec

Top IPs:
109.205.211.74 - 7
45.142.193.166 - 4
162.210.245.77 - 4

Top ASNs:
AS396982 - 9
AS201814 - 8
AS214295 - 4

Top Accounts:
hello - 13
Test - 12
Administr - 2

Top ISPs:
Google LLC - 9
MEVSPACE sp. z o.o. - 8
Skynet Network LTD - 4

Top Clients:
Unknown - 39

Top Software:
Unknown - 39

Top Keyboards:
Unknown - 39

Top IP Classification:
Unknown - 18
hosting - 15
proxy - 4

Pastebin links with full 24-hr RDP Honeypot IOC Lists:
Bad API request, invalid api_dev_key

#CyberSec #SOC #Blueteam #SecOps #Security

🕵️ 𝗜𝗣 𝗰𝗵𝗲𝗹𝗼𝘂 𝗱𝘂 𝗷𝗼𝘂𝗿
🕵️ Fiche : "Le Randonneur Path Traversal de Moscou"

📍 193.233.74.227 🇷🇺 | AS0 (fantôme organisationnel)
☠️ CVE-2021-41773 — Apache path traversal via /cgi-bin/../../../bin/sh
🎯 1 tentative détectée

Cherche à exécuter /bin/sh avec des %2e bien encodés. Subtil comme un char T-72 dans un couloir.

#honeypot #infosec #threatintel

🍯 Détecté par le honeypot CyberVeille.ch
🗺️ https://cyberveille.ch/map/

2026-06-25 RDP #Honeypot IOCs - 108 scans
Thread with top 3 features in each category and links to the full dataset
#DFIR #InfoSec

Top IPs:
45.142.193.166 - 12
206.81.11.111 - 12
205.210.31.93 - 9

Top ASNs:
AS396982 - 36
AS214295 - 12
AS14061 - 12

Top Accounts:
Test - 15
(empty) - 12
puurb1vc - 12

Top ISPs:
Google LLC - 36
Skynet Network LTD - 12
DigitalOcean, LLC - 12

Top Clients:
Unknown - 108

Top Software:
Unknown - 108

Top Keyboards:
Unknown - 108

Top IP Classification:
hosting - 60
Unknown - 42
proxy - 3

Pastebin links with full 24-hr RDP Honeypot IOC Lists:
Bad API request, invalid api_dev_key

#CyberSec #SOC #Blueteam #SecOps #Security