RDP Snitch<p>2025-04-04 RDP <a href="https://infosec.exchange/tags/Honeypot" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Honeypot</span></a> IOCs - 135477 scans<br>Thread with top 3 features in each category and links to the full dataset<br><a href="https://infosec.exchange/tags/DFIR" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>DFIR</span></a> <a href="https://infosec.exchange/tags/InfoSec" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>InfoSec</span></a></p><p>Top IPs:<br>138.199.24.6 - 63501<br>156.146.57.110 - 34326<br>156.146.57.52 - 8610</p><p>Top ASNs:<br>AS60068 - 72027<br>AS212238 - 51528<br>AS135161 - 8574</p><p>Top Accounts:<br>hello - 135348<br>Domain - 27<br>Test - 27</p><p>Top ISPs:<br>DataCamp Limited - 72027<br>Datacamp Limited - 51528<br>GMO-Z.COM PTE. LTD. - 8574</p><p>Top Clients:<br>Unknown - 135477</p><p>Top Software:<br>Unknown - 135477</p><p>Top Keyboards:<br>Unknown - 135477</p><p>Top IP Classification:<br>hosting & proxy - 126666<br>hosting - 8655<br>Unknown - 135</p><p>Pastebin links with full 24-hr RDP Honeypot IOC Lists:<br><a href="https://pastebin.com/35hD2TCD" rel="nofollow noopener noreferrer" translate="no" target="_blank"><span class="invisible">https://</span><span class="">pastebin.com/35hD2TCD</span><span class="invisible"></span></a></p><p><a href="https://infosec.exchange/tags/CyberSec" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>CyberSec</span></a> <a href="https://infosec.exchange/tags/SOC" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>SOC</span></a> <a href="https://infosec.exchange/tags/Blueteam" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Blueteam</span></a> <a href="https://infosec.exchange/tags/SecOps" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>SecOps</span></a> <a href="https://infosec.exchange/tags/Security" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Security</span></a></p>
Recent searches
No recent searches
Search options
Only available when logged in.
ioc.exchange is one of the many independent Mastodon servers you can use to participate in the fediverse.
INDICATORS OF COMPROMISE (IOC)
InfoSec Community within the Fediverse. Newbies, experts, gurus - Everyone is Welcome! Instance is supposed to be fast and secure.
Administered by:
Server stats:
1.6Kactive users
ioc.exchange: About · Status · Profiles directory · Privacy policy
Mastodon: About · Get the app · Keyboard shortcuts · View source code · v4.3.4
#blueteam
40 posts · 23 participants · 5 posts today
RDP Snitch<p>2025-04-04 RDP <a href="https://infosec.exchange/tags/Honeypot" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Honeypot</span></a> IOCs - 135474 scans<br>Thread with top 3 features in each category and links to the full dataset<br><a href="https://infosec.exchange/tags/DFIR" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>DFIR</span></a> <a href="https://infosec.exchange/tags/InfoSec" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>InfoSec</span></a></p><p>Top IPs:<br>138.199.24.6 - 63500<br>156.146.57.110 - 34324<br>156.146.57.52 - 8610</p><p>Top ASNs:<br>AS60068 - 72026<br>AS212238 - 51526<br>AS135161 - 8574</p><p>Top Accounts:<br>hello - 135345<br>Domain - 27<br>Test - 27</p><p>Top ISPs:<br>DataCamp Limited - 72026<br>Datacamp Limited - 51526<br>GMO-Z.COM PTE. LTD. - 8574</p><p>Top Clients:<br>Unknown - 135474</p><p>Top Software:<br>Unknown - 135474</p><p>Top Keyboards:<br>Unknown - 135474</p><p>Top IP Classification:<br>hosting & proxy - 126663<br>hosting - 8655<br>Unknown - 135</p><p>Pastebin links with full 24-hr RDP Honeypot IOC Lists:<br><a href="https://pastebin.com/LAfGQpCR" rel="nofollow noopener noreferrer" translate="no" target="_blank"><span class="invisible">https://</span><span class="">pastebin.com/LAfGQpCR</span><span class="invisible"></span></a></p><p><a href="https://infosec.exchange/tags/CyberSec" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>CyberSec</span></a> <a href="https://infosec.exchange/tags/SOC" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>SOC</span></a> <a href="https://infosec.exchange/tags/Blueteam" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Blueteam</span></a> <a href="https://infosec.exchange/tags/SecOps" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>SecOps</span></a> <a href="https://infosec.exchange/tags/Security" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Security</span></a></p>
RDP Snitch<p>2025-04-04 RDP <a href="https://infosec.exchange/tags/Honeypot" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Honeypot</span></a> IOCs - 135471 scans<br>Thread with top 3 features in each category and links to the full dataset<br><a href="https://infosec.exchange/tags/DFIR" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>DFIR</span></a> <a href="https://infosec.exchange/tags/InfoSec" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>InfoSec</span></a></p><p>Top IPs:<br>138.199.24.6 - 63499<br>156.146.57.110 - 34322<br>156.146.57.52 - 8610</p><p>Top ASNs:<br>AS60068 - 72025<br>AS212238 - 51524<br>AS135161 - 8574</p><p>Top Accounts:<br>hello - 135342<br>Domain - 27<br>Test - 27</p><p>Top ISPs:<br>DataCamp Limited - 72025<br>Datacamp Limited - 51524<br>GMO-Z.COM PTE. LTD. - 8574</p><p>Top Clients:<br>Unknown - 135471</p><p>Top Software:<br>Unknown - 135471</p><p>Top Keyboards:<br>Unknown - 135471</p><p>Top IP Classification:<br>hosting & proxy - 126660<br>hosting - 8655<br>Unknown - 135</p><p>Pastebin links with full 24-hr RDP Honeypot IOC Lists:<br><a href="https://pastebin.com/bBVcz9ks" rel="nofollow noopener noreferrer" translate="no" target="_blank"><span class="invisible">https://</span><span class="">pastebin.com/bBVcz9ks</span><span class="invisible"></span></a></p><p><a href="https://infosec.exchange/tags/CyberSec" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>CyberSec</span></a> <a href="https://infosec.exchange/tags/SOC" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>SOC</span></a> <a href="https://infosec.exchange/tags/Blueteam" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Blueteam</span></a> <a href="https://infosec.exchange/tags/SecOps" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>SecOps</span></a> <a href="https://infosec.exchange/tags/Security" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Security</span></a></p>
RDP Snitch<p>2025-04-03 RDP <a href="https://infosec.exchange/tags/Honeypot" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Honeypot</span></a> IOCs - 147057 scans<br>Thread with top 3 features in each category and links to the full dataset<br><a href="https://infosec.exchange/tags/DFIR" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>DFIR</span></a> <a href="https://infosec.exchange/tags/InfoSec" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>InfoSec</span></a></p><p>Top IPs:<br>138.199.24.6 - 64821<br>156.146.57.110 - 35271<br>102.129.145.197 - 9174</p><p>Top ASNs:<br>AS60068 - 73593<br>AS212238 - 52914<br>AS174 - 9174</p><p>Top Accounts:<br>hello - 146964<br>Domain - 15<br>Test - 15</p><p>Top ISPs:<br>DataCamp Limited - 73593<br>Datacamp Limited - 52914<br>Cogent Communications - 9174</p><p>Top Clients:<br>Unknown - 147057</p><p>Top Software:<br>Unknown - 147057</p><p>Top Keyboards:<br>Unknown - 147057</p><p>Top IP Classification:<br>hosting & proxy - 129057<br>proxy - 9198<br>hosting - 8784</p><p>Pastebin links with full 24-hr RDP Honeypot IOC Lists:<br><a href="https://pastebin.com/hxBTcFTk" rel="nofollow noopener noreferrer" translate="no" target="_blank"><span class="invisible">https://</span><span class="">pastebin.com/hxBTcFTk</span><span class="invisible"></span></a></p><p><a href="https://infosec.exchange/tags/CyberSec" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>CyberSec</span></a> <a href="https://infosec.exchange/tags/SOC" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>SOC</span></a> <a href="https://infosec.exchange/tags/Blueteam" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Blueteam</span></a> <a href="https://infosec.exchange/tags/SecOps" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>SecOps</span></a> <a href="https://infosec.exchange/tags/Security" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Security</span></a></p>
RDP Snitch<p>2025-04-03 RDP <a href="https://infosec.exchange/tags/Honeypot" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Honeypot</span></a> IOCs - 147056 scans<br>Thread with top 3 features in each category and links to the full dataset<br><a href="https://infosec.exchange/tags/DFIR" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>DFIR</span></a> <a href="https://infosec.exchange/tags/InfoSec" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>InfoSec</span></a></p><p>Top IPs:<br>138.199.24.6 - 64821<br>156.146.57.110 - 35270<br>102.129.145.197 - 9174</p><p>Top ASNs:<br>AS60068 - 73593<br>AS212238 - 52913<br>AS174 - 9174</p><p>Top Accounts:<br>hello - 146963<br>Domain - 15<br>Test - 15</p><p>Top ISPs:<br>DataCamp Limited - 73593<br>Datacamp Limited - 52913<br>Cogent Communications - 9174</p><p>Top Clients:<br>Unknown - 147056</p><p>Top Software:<br>Unknown - 147056</p><p>Top Keyboards:<br>Unknown - 147056</p><p>Top IP Classification:<br>hosting & proxy - 129056<br>proxy - 9198<br>hosting - 8784</p><p>Pastebin links with full 24-hr RDP Honeypot IOC Lists:<br><a href="https://pastebin.com/i01ZPrFt" rel="nofollow noopener noreferrer" translate="no" target="_blank"><span class="invisible">https://</span><span class="">pastebin.com/i01ZPrFt</span><span class="invisible"></span></a></p><p><a href="https://infosec.exchange/tags/CyberSec" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>CyberSec</span></a> <a href="https://infosec.exchange/tags/SOC" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>SOC</span></a> <a href="https://infosec.exchange/tags/Blueteam" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Blueteam</span></a> <a href="https://infosec.exchange/tags/SecOps" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>SecOps</span></a> <a href="https://infosec.exchange/tags/Security" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Security</span></a></p>
RDP Snitch<p>2025-04-03 RDP <a href="https://infosec.exchange/tags/Honeypot" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Honeypot</span></a> IOCs - 147055 scans<br>Thread with top 3 features in each category and links to the full dataset<br><a href="https://infosec.exchange/tags/DFIR" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>DFIR</span></a> <a href="https://infosec.exchange/tags/InfoSec" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>InfoSec</span></a></p><p>Top IPs:<br>138.199.24.6 - 64821<br>156.146.57.110 - 35269<br>102.129.145.197 - 9174</p><p>Top ASNs:<br>AS60068 - 73593<br>AS212238 - 52912<br>AS174 - 9174</p><p>Top Accounts:<br>hello - 146962<br>Domain - 15<br>Test - 15</p><p>Top ISPs:<br>DataCamp Limited - 73593<br>Datacamp Limited - 52912<br>Cogent Communications - 9174</p><p>Top Clients:<br>Unknown - 147055</p><p>Top Software:<br>Unknown - 147055</p><p>Top Keyboards:<br>Unknown - 147055</p><p>Top IP Classification:<br>hosting & proxy - 129055<br>proxy - 9198<br>hosting - 8784</p><p>Pastebin links with full 24-hr RDP Honeypot IOC Lists:<br><a href="https://pastebin.com/gp5XAY6z" rel="nofollow noopener noreferrer" translate="no" target="_blank"><span class="invisible">https://</span><span class="">pastebin.com/gp5XAY6z</span><span class="invisible"></span></a></p><p><a href="https://infosec.exchange/tags/CyberSec" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>CyberSec</span></a> <a href="https://infosec.exchange/tags/SOC" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>SOC</span></a> <a href="https://infosec.exchange/tags/Blueteam" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Blueteam</span></a> <a href="https://infosec.exchange/tags/SecOps" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>SecOps</span></a> <a href="https://infosec.exchange/tags/Security" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Security</span></a></p>
Lenin alevski 🕵️💻<p>New Open-Source Tool Spotlight 🚨🚨🚨</p><p>SharPersist is a tool for creating persistence mechanisms on Windows, leveraging C#. It supports methods like registry runs, WMI event subscriptions, and scheduled tasks. Designed for red teams but publicly available. <a href="https://infosec.exchange/tags/CyberSecurity" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>CyberSecurity</span></a> <a href="https://infosec.exchange/tags/Windows" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Windows</span></a></p><p>🔗 Project link on <a href="https://infosec.exchange/tags/GitHub" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>GitHub</span></a> 👉 <a href="https://github.com/mandiant/SharPersist" rel="nofollow noopener noreferrer" translate="no" target="_blank"><span class="invisible">https://</span><span class="">github.com/mandiant/SharPersist</span><span class="invisible"></span></a></p><p><a href="https://infosec.exchange/tags/Infosec" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Infosec</span></a> <a href="https://infosec.exchange/tags/Cybersecurity" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Cybersecurity</span></a> <a href="https://infosec.exchange/tags/Software" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Software</span></a> <a href="https://infosec.exchange/tags/Technology" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Technology</span></a> <a href="https://infosec.exchange/tags/News" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>News</span></a> <a href="https://infosec.exchange/tags/CTF" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>CTF</span></a> <a href="https://infosec.exchange/tags/Cybersecuritycareer" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Cybersecuritycareer</span></a> <a href="https://infosec.exchange/tags/hacking" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>hacking</span></a> <a href="https://infosec.exchange/tags/redteam" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>redteam</span></a> <a href="https://infosec.exchange/tags/blueteam" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>blueteam</span></a> <a href="https://infosec.exchange/tags/purpleteam" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>purpleteam</span></a> <a href="https://infosec.exchange/tags/tips" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>tips</span></a> <a href="https://infosec.exchange/tags/opensource" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>opensource</span></a> <a href="https://infosec.exchange/tags/cloudsecurity" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>cloudsecurity</span></a></p><p>— ✨<br>🔐 P.S. Found this helpful? Tap Follow for more cybersecurity tips and insights! I share weekly content for professionals and people who want to get into cyber. Happy hacking 💻🏴☠️</p>
Robert [KJ5ELX] :donor:<p>This one is kind of new to me but it makes sense. I'm trying to reverse engineer a phishing campaign and the sample links I have both work fine when I visit them in a browser, but as soon as I try to visit them with the developer panel open they trip breakpoints multiple times, and appear to use that timing in order to redirect to innocuous sites. </p><p>Of course all the infrastructure including DNS is hidden behind cloudflare, which I've already seen causes problems with Burp Suite. </p><p><a href="https://infosec.exchange/tags/cloudflare" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>cloudflare</span></a> <a href="https://infosec.exchange/tags/blueteam" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>blueteam</span></a> <a href="https://infosec.exchange/tags/phishing" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>phishing</span></a></p>
RDP Snitch<p>2025-04-02 RDP <a href="https://infosec.exchange/tags/Honeypot" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Honeypot</span></a> IOCs - 146856 scans<br>Thread with top 3 features in each category and links to the full dataset<br><a href="https://infosec.exchange/tags/DFIR" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>DFIR</span></a> <a href="https://infosec.exchange/tags/InfoSec" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>InfoSec</span></a></p><p>Top IPs:<br>138.199.24.6 - 65886<br>156.146.57.110 - 35907<br>191.96.106.68 - 9612</p><p>Top ASNs:<br>AS60068 - 67977<br>AS212238 - 56910<br>AS174 - 9612</p><p>Top Accounts:<br>hello - 146682<br>Administr - 42<br>Domain - 42</p><p>Top ISPs:<br>DataCamp Limited - 67977<br>Datacamp Limited - 56910<br>Cogent Communications - 9612</p><p>Top Clients:<br>Unknown - 146856</p><p>Top Software:<br>Unknown - 146856</p><p>Top Keyboards:<br>Unknown - 146856</p><p>Top IP Classification:<br>hosting & proxy - 128235<br>proxy - 9663<br>hosting - 8880</p><p>Pastebin links with full 24-hr RDP Honeypot IOC Lists:<br><a href="https://pastebin.com/F9531VFX" rel="nofollow noopener noreferrer" translate="no" target="_blank"><span class="invisible">https://</span><span class="">pastebin.com/F9531VFX</span><span class="invisible"></span></a></p><p><a href="https://infosec.exchange/tags/CyberSec" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>CyberSec</span></a> <a href="https://infosec.exchange/tags/SOC" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>SOC</span></a> <a href="https://infosec.exchange/tags/Blueteam" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Blueteam</span></a> <a href="https://infosec.exchange/tags/SecOps" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>SecOps</span></a> <a href="https://infosec.exchange/tags/Security" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Security</span></a></p>
RDP Snitch<p>2025-04-02 RDP <a href="https://infosec.exchange/tags/Honeypot" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Honeypot</span></a> IOCs - 146855 scans<br>Thread with top 3 features in each category and links to the full dataset<br><a href="https://infosec.exchange/tags/DFIR" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>DFIR</span></a> <a href="https://infosec.exchange/tags/InfoSec" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>InfoSec</span></a></p><p>Top IPs:<br>138.199.24.6 - 65886<br>156.146.57.110 - 35907<br>191.96.106.68 - 9612</p><p>Top ASNs:<br>AS60068 - 67977<br>AS212238 - 56909<br>AS174 - 9612</p><p>Top Accounts:<br>hello - 146681<br>Administr - 42<br>Domain - 42</p><p>Top ISPs:<br>DataCamp Limited - 67977<br>Datacamp Limited - 56909<br>Cogent Communications - 9612</p><p>Top Clients:<br>Unknown - 146855</p><p>Top Software:<br>Unknown - 146855</p><p>Top Keyboards:<br>Unknown - 146855</p><p>Top IP Classification:<br>hosting & proxy - 128234<br>proxy - 9663<br>hosting - 8880</p><p>Pastebin links with full 24-hr RDP Honeypot IOC Lists:<br><a href="https://pastebin.com/7r0XLx6J" rel="nofollow noopener noreferrer" translate="no" target="_blank"><span class="invisible">https://</span><span class="">pastebin.com/7r0XLx6J</span><span class="invisible"></span></a></p><p><a href="https://infosec.exchange/tags/CyberSec" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>CyberSec</span></a> <a href="https://infosec.exchange/tags/SOC" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>SOC</span></a> <a href="https://infosec.exchange/tags/Blueteam" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Blueteam</span></a> <a href="https://infosec.exchange/tags/SecOps" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>SecOps</span></a> <a href="https://infosec.exchange/tags/Security" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Security</span></a></p>
RDP Snitch<p>2025-04-02 RDP <a href="https://infosec.exchange/tags/Honeypot" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Honeypot</span></a> IOCs - 146854 scans<br>Thread with top 3 features in each category and links to the full dataset<br><a href="https://infosec.exchange/tags/DFIR" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>DFIR</span></a> <a href="https://infosec.exchange/tags/InfoSec" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>InfoSec</span></a></p><p>Top IPs:<br>138.199.24.6 - 65886<br>156.146.57.110 - 35907<br>191.96.106.68 - 9612</p><p>Top ASNs:<br>AS60068 - 67977<br>AS212238 - 56908<br>AS174 - 9612</p><p>Top Accounts:<br>hello - 146680<br>Administr - 42<br>Domain - 42</p><p>Top ISPs:<br>DataCamp Limited - 67977<br>Datacamp Limited - 56908<br>Cogent Communications - 9612</p><p>Top Clients:<br>Unknown - 146854</p><p>Top Software:<br>Unknown - 146854</p><p>Top Keyboards:<br>Unknown - 146854</p><p>Top IP Classification:<br>hosting & proxy - 128233<br>proxy - 9663<br>hosting - 8880</p><p>Pastebin links with full 24-hr RDP Honeypot IOC Lists:<br><a href="https://pastebin.com/4zDUmpaL" rel="nofollow noopener noreferrer" translate="no" target="_blank"><span class="invisible">https://</span><span class="">pastebin.com/4zDUmpaL</span><span class="invisible"></span></a></p><p><a href="https://infosec.exchange/tags/CyberSec" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>CyberSec</span></a> <a href="https://infosec.exchange/tags/SOC" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>SOC</span></a> <a href="https://infosec.exchange/tags/Blueteam" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Blueteam</span></a> <a href="https://infosec.exchange/tags/SecOps" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>SecOps</span></a> <a href="https://infosec.exchange/tags/Security" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Security</span></a></p>
Lenin alevski 🕵️💻<p>New Open-Source Tool Spotlight 🚨🚨🚨</p><p>Seatbelt is a post-exploitation tool designed for Windows environments. It collects detailed system information to help identify potential privilege escalation paths or misconfigurations. It's lightweight, written in C#, and can be run on live systems without requiring installation. </p><p>Used responsibly, tools like this can help secure your environment by simulating attacker tactics. <a href="https://infosec.exchange/tags/CyberSecurity" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>CyberSecurity</span></a> <a href="https://infosec.exchange/tags/InfoSec" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>InfoSec</span></a></p><p>🔗 Project link on <a href="https://infosec.exchange/tags/GitHub" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>GitHub</span></a> 👉 <a href="https://github.com/GhostPack/Seatbelt" rel="nofollow noopener noreferrer" translate="no" target="_blank"><span class="invisible">https://</span><span class="">github.com/GhostPack/Seatbelt</span><span class="invisible"></span></a></p><p><a href="https://infosec.exchange/tags/Infosec" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Infosec</span></a> <a href="https://infosec.exchange/tags/Cybersecurity" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Cybersecurity</span></a> <a href="https://infosec.exchange/tags/Software" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Software</span></a> <a href="https://infosec.exchange/tags/Technology" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Technology</span></a> <a href="https://infosec.exchange/tags/News" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>News</span></a> <a href="https://infosec.exchange/tags/CTF" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>CTF</span></a> <a href="https://infosec.exchange/tags/Cybersecuritycareer" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Cybersecuritycareer</span></a> <a href="https://infosec.exchange/tags/hacking" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>hacking</span></a> <a href="https://infosec.exchange/tags/redteam" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>redteam</span></a> <a href="https://infosec.exchange/tags/blueteam" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>blueteam</span></a> <a href="https://infosec.exchange/tags/purpleteam" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>purpleteam</span></a> <a href="https://infosec.exchange/tags/tips" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>tips</span></a> <a href="https://infosec.exchange/tags/opensource" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>opensource</span></a> <a href="https://infosec.exchange/tags/cloudsecurity" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>cloudsecurity</span></a></p><p>— ✨<br>🔐 P.S. Found this helpful? Tap Follow for more cybersecurity tips and insights! I share weekly content for professionals and people who want to get into cyber. Happy hacking 💻🏴☠️</p>
RDP Snitch<p>2025-04-01 RDP <a href="https://infosec.exchange/tags/Honeypot" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Honeypot</span></a> IOCs - 143568 scans<br>Thread with top 3 features in each category and links to the full dataset<br><a href="https://infosec.exchange/tags/DFIR" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>DFIR</span></a> <a href="https://infosec.exchange/tags/InfoSec" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>InfoSec</span></a></p><p>Top IPs:<br>138.199.24.6 - 67059<br>156.146.57.110 - 36498<br>156.146.57.120 - 9156</p><p>Top ASNs:<br>AS60068 - 67059<br>AS212238 - 63963<br>AS135161 - 9135</p><p>Top Accounts:<br>hello - 143472<br>Test - 24<br>Administr - 21</p><p>Top ISPs:<br>DataCamp Limited - 67059<br>Datacamp Limited - 63963<br>GMO-Z.COM PTE. LTD. - 9135</p><p>Top Clients:<br>Unknown - 143568</p><p>Top Software:<br>Unknown - 143568</p><p>Top Keyboards:<br>Unknown - 143568</p><p>Top IP Classification:<br>hosting & proxy - 134259<br>hosting - 9234<br>proxy - 51</p><p>Pastebin links with full 24-hr RDP Honeypot IOC Lists:<br><a href="https://pastebin.com/L1kj0TNt" rel="nofollow noopener noreferrer" translate="no" target="_blank"><span class="invisible">https://</span><span class="">pastebin.com/L1kj0TNt</span><span class="invisible"></span></a></p><p><a href="https://infosec.exchange/tags/CyberSec" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>CyberSec</span></a> <a href="https://infosec.exchange/tags/SOC" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>SOC</span></a> <a href="https://infosec.exchange/tags/Blueteam" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Blueteam</span></a> <a href="https://infosec.exchange/tags/SecOps" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>SecOps</span></a> <a href="https://infosec.exchange/tags/Security" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Security</span></a></p>
RDP Snitch<p>2025-04-01 RDP <a href="https://infosec.exchange/tags/Honeypot" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Honeypot</span></a> IOCs - 143560 scans<br>Thread with top 3 features in each category and links to the full dataset<br><a href="https://infosec.exchange/tags/DFIR" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>DFIR</span></a> <a href="https://infosec.exchange/tags/InfoSec" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>InfoSec</span></a></p><p>Top IPs:<br>138.199.24.6 - 67055<br>156.146.57.110 - 36496<br>156.146.57.120 - 9156</p><p>Top ASNs:<br>AS60068 - 67055<br>AS212238 - 63960<br>AS135161 - 9135</p><p>Top Accounts:<br>hello - 143464<br>Test - 24<br>Administr - 21</p><p>Top ISPs:<br>DataCamp Limited - 67055<br>Datacamp Limited - 63960<br>GMO-Z.COM PTE. LTD. - 9135</p><p>Top Clients:<br>Unknown - 143560</p><p>Top Software:<br>Unknown - 143560</p><p>Top Keyboards:<br>Unknown - 143560</p><p>Top IP Classification:<br>hosting & proxy - 134251<br>hosting - 9234<br>proxy - 51</p><p>Pastebin links with full 24-hr RDP Honeypot IOC Lists:<br><a href="https://pastebin.com/Miae9FU9" rel="nofollow noopener noreferrer" translate="no" target="_blank"><span class="invisible">https://</span><span class="">pastebin.com/Miae9FU9</span><span class="invisible"></span></a></p><p><a href="https://infosec.exchange/tags/CyberSec" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>CyberSec</span></a> <a href="https://infosec.exchange/tags/SOC" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>SOC</span></a> <a href="https://infosec.exchange/tags/Blueteam" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Blueteam</span></a> <a href="https://infosec.exchange/tags/SecOps" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>SecOps</span></a> <a href="https://infosec.exchange/tags/Security" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Security</span></a></p>
RDP Snitch<p>2025-04-01 RDP <a href="https://infosec.exchange/tags/Honeypot" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Honeypot</span></a> IOCs - 143552 scans<br>Thread with top 3 features in each category and links to the full dataset<br><a href="https://infosec.exchange/tags/DFIR" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>DFIR</span></a> <a href="https://infosec.exchange/tags/InfoSec" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>InfoSec</span></a></p><p>Top IPs:<br>138.199.24.6 - 67051<br>156.146.57.110 - 36494<br>156.146.57.120 - 9156</p><p>Top ASNs:<br>AS60068 - 67051<br>AS212238 - 63957<br>AS135161 - 9135</p><p>Top Accounts:<br>hello - 143456<br>Test - 24<br>Administr - 21</p><p>Top ISPs:<br>DataCamp Limited - 67051<br>Datacamp Limited - 63957<br>GMO-Z.COM PTE. LTD. - 9135</p><p>Top Clients:<br>Unknown - 143552</p><p>Top Software:<br>Unknown - 143552</p><p>Top Keyboards:<br>Unknown - 143552</p><p>Top IP Classification:<br>hosting & proxy - 134243<br>hosting - 9234<br>proxy - 51</p><p>Pastebin links with full 24-hr RDP Honeypot IOC Lists:<br><a href="https://pastebin.com/kzMJjAnC" rel="nofollow noopener noreferrer" translate="no" target="_blank"><span class="invisible">https://</span><span class="">pastebin.com/kzMJjAnC</span><span class="invisible"></span></a></p><p><a href="https://infosec.exchange/tags/CyberSec" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>CyberSec</span></a> <a href="https://infosec.exchange/tags/SOC" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>SOC</span></a> <a href="https://infosec.exchange/tags/Blueteam" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Blueteam</span></a> <a href="https://infosec.exchange/tags/SecOps" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>SecOps</span></a> <a href="https://infosec.exchange/tags/Security" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Security</span></a></p>
Lenin alevski 🕵️💻<p>How is a clean, legitimate program helping hackers steal data from Ukraine? 🕵️🇺🇦</p><p>Researchers at Cisco Talos have uncovered an ongoing spear-phishing campaign by the Russia-linked group Gamaredon, also known as Armageddon or ACTINIUM. Active since November 2024, the attacks specifically target Ukrainian users with lures tied to military activity, such as troop-related documents.</p><p>The group distributes phishing emails that include ZIP archives or links to them. Inside those ZIPs are malicious shortcut (LNK) files made to look like Office documents. Once opened, these LNKs execute obfuscated PowerShell scripts that download a second-stage payload—Remcos RAT—using geo-fenced servers located in Russia and Germany. These servers often only respond to IP addresses originating from Ukraine, returning HTTP 403 errors to others.</p><p>Delivery of the Remcos malware follows a DLL sideloading technique. A notable example includes the use of "TivoDiag.exe," a legitimate executable bundled with a malicious DLL named "mindclient.dll." When the clean executable runs, it inadvertently loads and executes the malicious DLL, which decrypts and launches the Remcos backdoor hidden in the same ZIP file. This method helps bypass basic antivirus detection.</p><p>Remcos gives remote attackers full control over infected machines. Its use, combined with selective geo-targeting and deceptive file naming, points to a focused cyber-espionage effort against Ukrainian entities.</p><p>Talos provided indicators of compromise and detection rules to help defenders spot this activity. While Gamaredon has long relied on custom tools, their adoption of commercially available backdoors like Remcos reflects a shift toward more flexible, quickly deployable payloads suited for fast-moving espionage operations.</p><p><a href="https://infosec.exchange/tags/Infosec" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Infosec</span></a> <a href="https://infosec.exchange/tags/Cybersecurity" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Cybersecurity</span></a> <a href="https://infosec.exchange/tags/Software" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Software</span></a> <a href="https://infosec.exchange/tags/Technology" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Technology</span></a> <a href="https://infosec.exchange/tags/News" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>News</span></a> <a href="https://infosec.exchange/tags/CTF" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>CTF</span></a> <a href="https://infosec.exchange/tags/Cybersecuritycareer" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Cybersecuritycareer</span></a> <a href="https://infosec.exchange/tags/hacking" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>hacking</span></a> <a href="https://infosec.exchange/tags/redteam" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>redteam</span></a> <a href="https://infosec.exchange/tags/blueteam" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>blueteam</span></a> <a href="https://infosec.exchange/tags/purpleteam" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>purpleteam</span></a> <a href="https://infosec.exchange/tags/tips" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>tips</span></a> <a href="https://infosec.exchange/tags/opensource" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>opensource</span></a> <a href="https://infosec.exchange/tags/cloudsecurity" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>cloudsecurity</span></a></p><p>— ✨<br>🔐 P.S. Found this helpful? Tap Follow for more cybersecurity tips and insights! I share weekly content for professionals and people who want to get into cyber. Happy hacking 💻🏴☠️</p>
Lenin alevski 🕵️💻<p>New Open-Source Tool Spotlight 🚨🚨🚨</p><p>Loki is an open-source malware scanner designed for threat detection. It uses YARA rules, IOC pattern matching, and file system anomaly detection to identify malicious files and artifacts. Ideal for quick triage, not full AV replacement. <a href="https://infosec.exchange/tags/malware" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>malware</span></a> <a href="https://infosec.exchange/tags/cybersecurity" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>cybersecurity</span></a></p><p>🔗 Project link on <a href="https://infosec.exchange/tags/GitHub" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>GitHub</span></a> 👉 <a href="https://github.com/Neo23x0/Loki" rel="nofollow noopener noreferrer" translate="no" target="_blank"><span class="invisible">https://</span><span class="">github.com/Neo23x0/Loki</span><span class="invisible"></span></a></p><p><a href="https://infosec.exchange/tags/Infosec" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Infosec</span></a> <a href="https://infosec.exchange/tags/Cybersecurity" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Cybersecurity</span></a> <a href="https://infosec.exchange/tags/Software" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Software</span></a> <a href="https://infosec.exchange/tags/Technology" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Technology</span></a> <a href="https://infosec.exchange/tags/News" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>News</span></a> <a href="https://infosec.exchange/tags/CTF" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>CTF</span></a> <a href="https://infosec.exchange/tags/Cybersecuritycareer" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Cybersecuritycareer</span></a> <a href="https://infosec.exchange/tags/hacking" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>hacking</span></a> <a href="https://infosec.exchange/tags/redteam" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>redteam</span></a> <a href="https://infosec.exchange/tags/blueteam" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>blueteam</span></a> <a href="https://infosec.exchange/tags/purpleteam" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>purpleteam</span></a> <a href="https://infosec.exchange/tags/tips" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>tips</span></a> <a href="https://infosec.exchange/tags/opensource" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>opensource</span></a> <a href="https://infosec.exchange/tags/cloudsecurity" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>cloudsecurity</span></a></p><p>— ✨<br>🔐 P.S. Found this helpful? Tap Follow for more cybersecurity tips and insights! I share weekly content for professionals and people who want to get into cyber. Happy hacking 💻🏴☠️</p>
CrowdSec<p>Get started with the CrowdSec WAF: <a href="https://doc.crowdsec.net/docs/next/appsec/intro" rel="nofollow noopener noreferrer" translate="no" target="_blank"><span class="invisible">https://</span><span class="ellipsis">doc.crowdsec.net/docs/next/app</span><span class="invisible">sec/intro</span></a></p><p>Virtual Patching WAF collection: <a href="https://app.crowdsec.net/hub/author/crowdsecurity/collections/appsec-virtual-patching" rel="nofollow noopener noreferrer" translate="no" target="_blank"><span class="invisible">https://</span><span class="ellipsis">app.crowdsec.net/hub/author/cr</span><span class="invisible">owdsecurity/collections/appsec-virtual-patching</span></a> [3/3]</p><p><a href="https://infosec.exchange/tags/CrowdSec" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>CrowdSec</span></a> <a href="https://infosec.exchange/tags/CTI" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>CTI</span></a> <a href="https://infosec.exchange/tags/CyberThreatIntelligence" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>CyberThreatIntelligence</span></a> <a href="https://infosec.exchange/tags/CVE202427292" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>CVE202427292</span></a> <a href="https://infosec.exchange/tags/Docassemble" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Docassemble</span></a> <a href="https://infosec.exchange/tags/ExploitAlert" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>ExploitAlert</span></a> <a href="https://infosec.exchange/tags/PathTraversal" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>PathTraversal</span></a> <a href="https://infosec.exchange/tags/OpenSourceSecurity" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>OpenSourceSecurity</span></a> <a href="https://infosec.exchange/tags/Infosec" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Infosec</span></a> <a href="https://infosec.exchange/tags/BlueTeam" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>BlueTeam</span></a> <a href="https://infosec.exchange/tags/ThreatIntel" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>ThreatIntel</span></a></p>
RDP Snitch<p>2025-03-31 RDP <a href="https://infosec.exchange/tags/Honeypot" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Honeypot</span></a> IOCs - 145515 scans<br>Thread with top 3 features in each category and links to the full dataset<br><a href="https://infosec.exchange/tags/DFIR" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>DFIR</span></a> <a href="https://infosec.exchange/tags/InfoSec" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>InfoSec</span></a></p><p>Top IPs:<br>138.199.24.6 - 67896<br>156.146.57.110 - 37164<br>156.146.57.174 - 9279</p><p>Top ASNs:<br>AS60068 - 67896<br>AS212238 - 64902<br>AS135161 - 9240</p><p>Top Accounts:<br>hello - 145392<br>Test - 42<br>Domain - 24</p><p>Top ISPs:<br>DataCamp Limited - 67896<br>Datacamp Limited - 64902<br>GMO-Z.COM PTE. LTD. - 9240</p><p>Top Clients:<br>Unknown - 145515</p><p>Top Software:<br>Unknown - 145515</p><p>Top Keyboards:<br>Unknown - 145515</p><p>Top IP Classification:<br>hosting & proxy - 136107<br>hosting - 9339<br>Unknown - 42</p><p>Pastebin links with full 24-hr RDP Honeypot IOC Lists:<br><a href="https://pastebin.com/6zYKKqcU" rel="nofollow noopener noreferrer" translate="no" target="_blank"><span class="invisible">https://</span><span class="">pastebin.com/6zYKKqcU</span><span class="invisible"></span></a></p><p><a href="https://infosec.exchange/tags/CyberSec" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>CyberSec</span></a> <a href="https://infosec.exchange/tags/SOC" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>SOC</span></a> <a href="https://infosec.exchange/tags/Blueteam" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Blueteam</span></a> <a href="https://infosec.exchange/tags/SecOps" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>SecOps</span></a> <a href="https://infosec.exchange/tags/Security" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Security</span></a></p>
RDP Snitch<p>2025-03-31 RDP <a href="https://infosec.exchange/tags/Honeypot" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Honeypot</span></a> IOCs - 145513 scans<br>Thread with top 3 features in each category and links to the full dataset<br><a href="https://infosec.exchange/tags/DFIR" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>DFIR</span></a> <a href="https://infosec.exchange/tags/InfoSec" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>InfoSec</span></a></p><p>Top IPs:<br>138.199.24.6 - 67895<br>156.146.57.110 - 37163<br>156.146.57.174 - 9279</p><p>Top ASNs:<br>AS60068 - 67895<br>AS212238 - 64901<br>AS135161 - 9240</p><p>Top Accounts:<br>hello - 145390<br>Test - 42<br>Domain - 24</p><p>Top ISPs:<br>DataCamp Limited - 67895<br>Datacamp Limited - 64901<br>GMO-Z.COM PTE. LTD. - 9240</p><p>Top Clients:<br>Unknown - 145513</p><p>Top Software:<br>Unknown - 145513</p><p>Top Keyboards:<br>Unknown - 145513</p><p>Top IP Classification:<br>hosting & proxy - 136105<br>hosting - 9339<br>Unknown - 42</p><p>Pastebin links with full 24-hr RDP Honeypot IOC Lists:<br><a href="https://pastebin.com/3APRC9wP" rel="nofollow noopener noreferrer" translate="no" target="_blank"><span class="invisible">https://</span><span class="">pastebin.com/3APRC9wP</span><span class="invisible"></span></a></p><p><a href="https://infosec.exchange/tags/CyberSec" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>CyberSec</span></a> <a href="https://infosec.exchange/tags/SOC" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>SOC</span></a> <a href="https://infosec.exchange/tags/Blueteam" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Blueteam</span></a> <a href="https://infosec.exchange/tags/SecOps" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>SecOps</span></a> <a href="https://infosec.exchange/tags/Security" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Security</span></a></p>
ExploreLive feeds
Mastodon is the best way to keep up with what's happening.
Follow anyone across the fediverse and see it all in chronological order. No algorithms, ads, or clickbait in sight.
Create accountLoginDrag & drop to upload