2026-05-31 RDP #Honeypot IOCs - 744 scans
Thread with top 3 features in each category and links to the full dataset
#DFIR #InfoSec
Top IPs:
152.42.212.128 - 342
150.241.205.170 - 141
80.94.95.221 - 117
Top ASNs:
AS14061 - 363
AS151338 - 141
AS204428 - 117
Top Accounts:
hello - 543
Administr - 120
(empty) - 36
Top ISPs:
DigitalOcean, LLC - 363
Polonetwork Limited - 141
SS-Net - 117
Top Clients:
Unknown - 744
Top Software:
Unknown - 744
Top Keyboards:
Unknown - 744
Top IP Classification:
hosting - 393
Unknown - 348
hosting & proxy - 3
Pastebin links with full 24-hr RDP Honeypot IOC Lists:
Bad API request, invalid api_dev_key
2026-05-31 RDP #Honeypot IOCs - 496 scans
Thread with top 3 features in each category and links to the full dataset
#DFIR #InfoSec
Top IPs:
152.42.212.128 - 228
150.241.205.170 - 94
80.94.95.221 - 78
Top ASNs:
AS14061 - 242
AS151338 - 94
AS204428 - 78
Top Accounts:
hello - 362
Administr - 80
(empty) - 24
Top ISPs:
DigitalOcean, LLC - 242
Polonetwork Limited - 94
SS-Net - 78
Top Clients:
Unknown - 496
Top Software:
Unknown - 496
Top Keyboards:
Unknown - 496
Top IP Classification:
hosting - 262
Unknown - 232
hosting & proxy - 2
Pastebin links with full 24-hr RDP Honeypot IOC Lists:
Bad API request, invalid api_dev_key
2026-05-31 RDP #Honeypot IOCs - 248 scans
Thread with top 3 features in each category and links to the full dataset
#DFIR #InfoSec
Top IPs:
152.42.212.128 - 114
150.241.205.170 - 47
80.94.95.221 - 39
Top ASNs:
AS14061 - 121
AS151338 - 47
AS204428 - 39
Top Accounts:
hello - 181
Administr - 40
(empty) - 12
Top ISPs:
DigitalOcean, LLC - 121
Polonetwork Limited - 47
SS-Net - 39
Top Clients:
Unknown - 248
Top Software:
Unknown - 248
Top Keyboards:
Unknown - 248
Top IP Classification:
hosting - 131
Unknown - 116
hosting & proxy - 1
Pastebin links with full 24-hr RDP Honeypot IOC Lists:
Bad API request, invalid api_dev_key
Нажал «Принять» — и забыл. А мы уже внутри
В рамках проведения внутреннего аудита информационной безопасности (Red Team) перед нами стояла задача найти новые вектора атаки на инфраструктуру компанию. Мы знали, что все оконечные устройства оснащены EDR с поведенческим анализом. На периметре не было уязвимых сервисов или других точек входа. Решили сосредоточить свои усилия в рамках данного тестирования на сотрудниках компании, реализовать фишинговую компанию. Почтовый сервер — Microsoft Office 365. Наличие EDR на оконечные устройства сразу исключило классические методы с вредоносными вложениями - исполняемые файлы, макросы или эксплойты для Office были бы либо заблокированы, либо мгновенно обнаружены. Поэтому мы выбрали тактику: атаку не на уязвимости клиентского ПО, а на сам процесс авторизации OAuth 2.0 в Office 365, с целью получения содержимого почтовых ящиков без единого вредоносного файла.
2026-05-30 RDP #Honeypot IOCs - 879 scans
Thread with top 3 features in each category and links to the full dataset
#DFIR #InfoSec
Top IPs:
150.241.205.170 - 693
80.94.95.221 - 60
193.169.194.14 - 30
Top ASNs:
AS151338 - 693
AS204428 - 60
AS396982 - 39
Top Accounts:
hello - 708
Administr - 63
(empty) - 39
Top ISPs:
Polonetwork Limited - 693
SS-Net - 60
Google LLC - 39
Top Clients:
Unknown - 879
Top Software:
Unknown - 879
Top Keyboards:
Unknown - 879
Top IP Classification:
Unknown - 813
hosting - 51
hosting & proxy - 15
Pastebin links with full 24-hr RDP Honeypot IOC Lists:
Bad API request, invalid api_dev_key
2026-05-30 RDP #Honeypot IOCs - 586 scans
Thread with top 3 features in each category and links to the full dataset
#DFIR #InfoSec
Top IPs:
150.241.205.170 - 462
80.94.95.221 - 40
193.169.194.14 - 20
Top ASNs:
AS151338 - 462
AS204428 - 40
AS396982 - 26
Top Accounts:
hello - 472
Administr - 42
(empty) - 26
Top ISPs:
Polonetwork Limited - 462
SS-Net - 40
Google LLC - 26
Top Clients:
Unknown - 586
Top Software:
Unknown - 586
Top Keyboards:
Unknown - 586
Top IP Classification:
Unknown - 542
hosting - 34
hosting & proxy - 10
Pastebin links with full 24-hr RDP Honeypot IOC Lists:
Bad API request, invalid api_dev_key
2026-05-30 RDP #Honeypot IOCs - 293 scans
Thread with top 3 features in each category and links to the full dataset
#DFIR #InfoSec
Top IPs:
150.241.205.170 - 231
80.94.95.221 - 20
193.169.194.14 - 10
Top ASNs:
AS151338 - 231
AS204428 - 20
AS396982 - 13
Top Accounts:
hello - 236
Administr - 21
(empty) - 13
Top ISPs:
Polonetwork Limited - 231
SS-Net - 20
Google LLC - 13
Top Clients:
Unknown - 293
Top Software:
Unknown - 293
Top Keyboards:
Unknown - 293
Top IP Classification:
Unknown - 271
hosting - 17
hosting & proxy - 5
Pastebin links with full 24-hr RDP Honeypot IOC Lists:
Bad API request, invalid api_dev_key
2026-05-29 RDP #Honeypot IOCs - 6783 scans
Thread with top 3 features in each category and links to the full dataset
#DFIR #InfoSec
Top IPs:
150.241.205.170 - 3906
162.243.160.98 - 2760
193.169.194.14 - 18
Top ASNs:
AS151338 - 3906
AS14061 - 2778
AS396982 - 36
Top Accounts:
hello - 6669
(empty) - 24
j15h6jg7 - 12
Top ISPs:
Polonetwork Limited - 3906
DigitalOcean, LLC - 2778
Google LLC - 36
Top Clients:
Unknown - 6783
Top Software:
Unknown - 6783
Top Keyboards:
Unknown - 6783
Top IP Classification:
Unknown - 3948
hosting - 2820
hosting & proxy - 9
Pastebin links with full 24-hr RDP Honeypot IOC Lists:
Bad API request, invalid api_dev_key
2026-05-29 RDP #Honeypot IOCs - 4522 scans
Thread with top 3 features in each category and links to the full dataset
#DFIR #InfoSec
Top IPs:
150.241.205.170 - 2604
162.243.160.98 - 1840
193.169.194.14 - 12
Top ASNs:
AS151338 - 2604
AS14061 - 1852
AS396982 - 24
Top Accounts:
hello - 4446
(empty) - 16
j15h6jg7 - 8
Top ISPs:
Polonetwork Limited - 2604
DigitalOcean, LLC - 1852
Google LLC - 24
Top Clients:
Unknown - 4522
Top Software:
Unknown - 4522
Top Keyboards:
Unknown - 4522
Top IP Classification:
Unknown - 2632
hosting - 1880
hosting & proxy - 6
Pastebin links with full 24-hr RDP Honeypot IOC Lists:
Bad API request, invalid api_dev_key
Walk News
RDP Snitch
Habr