🕵️ 𝗜𝗣 𝗰𝗵𝗲𝗹𝗼𝘂 𝗱𝘂 𝗷𝗼𝘂𝗿
🕵️ Fiche suspecte : "Le Path Traversal de PureVoltage"

📍 91.229.105.132 (🇺🇸 AS26548)
💥 CVE-2021-41773 & 42013 — Apache path traversal via double-encodage URL
🎯 Cible : /cgi-bin/%%32%65... → tente d'atteindre /bin/sh

En gros : il frappe à la porte Apache avec un déguisement de points en hexadécimal. Pas très discret. 🐝

#honeypot #infosec #threatintel

🍯 Détecté par le honeypot CyberVeille.ch
🗺️ https://cyberveille.ch/map/

Горшочек с мёдом против пчел! Honeypot аналитика

Пару недель назад на необъятных просторах новостной ленты всплыл вот этот ролик ( https://www.youtube.com/watch?v=T2mHPGbRPgA ), в котором рассматривается оценка событий на honeypot T-Pot. Мое внимание захватили: красивая инфографика, аналитические отчеты и глубина анализа данных, которые заботливо были продемонстрированы автором. В его исследовании отражена оценка киберпротивостояния во время недавнего конфликта в известном проливе и я испытал жгучее желание провести собственный анализ рынка масскана, но с важной оговоркой - страна-хостер обязательно должна быть Россия.

https://habr.com/ru/articles/1048382/

#honeypot #threat_intelligence

2026-06-16 RDP #Honeypot IOCs - 399 scans
Thread with top 3 features in each category and links to the full dataset
#DFIR #InfoSec

Top IPs:
209.145.52.33 - 306
74.207.241.159 - 12
198.235.24.242 - 9

Top ASNs:
AS40021 - 306
AS396982 - 36
AS63949 - 12

Top Accounts:
hello - 312
Test - 18
nhvrph7m - 12

Top ISPs:
Contabo Inc. - 306
Google LLC - 36
Akamai Technologies, Inc. - 12

Top Clients:
Unknown - 399

Top Software:
Unknown - 399

Top Keyboards:
Unknown - 399

Top IP Classification:
Unknown - 327
hosting - 57
proxy - 9

Pastebin links with full 24-hr RDP Honeypot IOC Lists:
Bad API request, invalid api_dev_key

#CyberSec #SOC #Blueteam #SecOps #Security

2026-06-16 RDP #Honeypot IOCs - 266 scans
Thread with top 3 features in each category and links to the full dataset
#DFIR #InfoSec

Top IPs:
209.145.52.33 - 204
74.207.241.159 - 8
198.235.24.242 - 6

Top ASNs:
AS40021 - 204
AS396982 - 24
AS63949 - 8

Top Accounts:
hello - 208
Test - 12
nhvrph7m - 8

Top ISPs:
Contabo Inc. - 204
Google LLC - 24
Akamai Technologies, Inc. - 8

Top Clients:
Unknown - 266

Top Software:
Unknown - 266

Top Keyboards:
Unknown - 266

Top IP Classification:
Unknown - 218
hosting - 38
proxy - 6

Pastebin links with full 24-hr RDP Honeypot IOC Lists:
Bad API request, invalid api_dev_key

#CyberSec #SOC #Blueteam #SecOps #Security

2026-06-16 RDP #Honeypot IOCs - 133 scans
Thread with top 3 features in each category and links to the full dataset
#DFIR #InfoSec

Top IPs:
209.145.52.33 - 102
74.207.241.159 - 4
198.235.24.242 - 3

Top ASNs:
AS40021 - 102
AS396982 - 12
AS63949 - 4

Top Accounts:
hello - 104
Test - 6
nhvrph7m - 4

Top ISPs:
Contabo Inc. - 102
Google LLC - 12
Akamai Technologies, Inc. - 4

Top Clients:
Unknown - 133

Top Software:
Unknown - 133

Top Keyboards:
Unknown - 133

Top IP Classification:
Unknown - 109
hosting - 19
proxy - 3

Pastebin links with full 24-hr RDP Honeypot IOC Lists:
Bad API request, invalid api_dev_key

#CyberSec #SOC #Blueteam #SecOps #Security

🕵️ 𝗜𝗣 𝗰𝗵𝗲𝗹𝗼𝘂 𝗱𝘂 𝗷𝗼𝘂𝗿
🕵️ **Le Randonneur CGI de Karachi**
📍 PK — AS154348 (Sky47 Limited)
🎯 CVE-2021-41773 : path traversal Apache via `/cgi-bin/.%2e/.%2e/…/bin/sh`
💥 1 tentative détectée

En 2024, tenter un exploit Apache de 2021, c'est comme sortir une disquette pour "hacker". Chapeau quand même pour le `.%2e` encodé 🎩

#honeypot #infosec #threatintel

🍯 Détecté par le honeypot CyberVeille.ch
🗺️ https://cyberveille.ch/map/

2026-06-15 RDP #Honeypot IOCs - 918 scans
Thread with top 3 features in each category and links to the full dataset
#DFIR #InfoSec

Top IPs:
134.199.228.58 - 597
113.187.23.22 - 201
193.169.194.14 - 21

Top ASNs:
AS14061 - 597
AS45899 - 201
AS396982 - 36

Top Accounts:
hello - 810
(empty) - 33
Test - 12

Top ISPs:
DigitalOcean, LLC - 597
VietNam Post and Telecom Corporation - 201
Google LLC - 36

Top Clients:
Unknown - 918

Top Software:
Unknown - 918

Top Keyboards:
Unknown - 918

Top IP Classification:
hosting - 642
Unknown - 270
proxy - 3

Pastebin links with full 24-hr RDP Honeypot IOC Lists:
Bad API request, invalid api_dev_key

#CyberSec #SOC #Blueteam #SecOps #Security

2026-06-15 RDP #Honeypot IOCs - 612 scans
Thread with top 3 features in each category and links to the full dataset
#DFIR #InfoSec

Top IPs:
134.199.228.58 - 398
113.187.23.22 - 134
193.169.194.14 - 14

Top ASNs:
AS14061 - 398
AS45899 - 134
AS396982 - 24

Top Accounts:
hello - 540
(empty) - 22
Test - 8

Top ISPs:
DigitalOcean, LLC - 398
VietNam Post and Telecom Corporation - 134
Google LLC - 24

Top Clients:
Unknown - 612

Top Software:
Unknown - 612

Top Keyboards:
Unknown - 612

Top IP Classification:
hosting - 428
Unknown - 180
proxy - 2

Pastebin links with full 24-hr RDP Honeypot IOC Lists:
Bad API request, invalid api_dev_key

#CyberSec #SOC #Blueteam #SecOps #Security

2026-06-15 RDP #Honeypot IOCs - 306 scans
Thread with top 3 features in each category and links to the full dataset
#DFIR #InfoSec

Top IPs:
134.199.228.58 - 199
113.187.23.22 - 67
193.169.194.14 - 7

Top ASNs:
AS14061 - 199
AS45899 - 67
AS396982 - 12

Top Accounts:
hello - 270
(empty) - 11
Test - 4

Top ISPs:
DigitalOcean, LLC - 199
VietNam Post and Telecom Corporation - 67
Google LLC - 12

Top Clients:
Unknown - 306

Top Software:
Unknown - 306

Top Keyboards:
Unknown - 306

Top IP Classification:
hosting - 214
Unknown - 90
proxy - 1

Pastebin links with full 24-hr RDP Honeypot IOC Lists:
Bad API request, invalid api_dev_key

#CyberSec #SOC #Blueteam #SecOps #Security

In this #blog post, I setup an #ssh #honeypot for 7 days. During this time I collected data about which users attackers try to break-in with and their country of origin.

https://invirtuate.com/blog/security/observations-of-login-activity-in-an-ssh-honeypot

#infosec #cybersecurity