Anyone running a #honeypot in their #homelab to monitor suspicious activity? Which solution do you use?
#honeypot
@energisch_ @XSterbeProzessX @tagesschau #NotLegalAdvice aber wenn es eigene Fotos sind dann dürfte ne #DMCA #TakedownNotice funktionieren.
- Trotzdem gibt's IMHO kein Grund warum die Polizei nicht #LöschenStattSperren umsetzt.
Selbst wenn diese nen #Honeypot will: Diese kann im Zweifelsfalle entsprechendes Material durch ne gleichgroße Datei beim Hoster ersetzen lassen bzw. sich #Logs geben lassen.
- Ich bin mir sicher dass alle legitimen Hoster das mitmachen, und sei's nur um ganz klar deren #Nulltoleranz zu #CSAM zu zeigen und damit Pädos als missbräuchliche Nutzer zu vergraulen!
2025-12-04 RDP #Honeypot IOCs - 2148 scans
Thread with top 3 features in each category and links to the full dataset
#DFIR #InfoSec
Top IPs:
129.212.181.213 - 1254
134.199.198.215 - 528
104.248.145.5 - 123
Top ASNs:
AS14061 - 1905
AS31898 - 102
AS396982 - 45
Top Accounts:
hello - 2034
Test - 21
Domain - 21
Top ISPs:
DigitalOcean, LLC - 1905
Oracle Corporation - 102
Google LLC - 45
Top Clients:
Unknown - 2148
Top Software:
Unknown - 2148
Top Keyboards:
Unknown - 2148
Top IP Classification:
hosting - 2103
Unknown - 45
Pastebin links with full 24-hr RDP Honeypot IOC Lists:
Bad API request, invalid api_dev_key
2025-12-04 RDP #Honeypot IOCs - 1432 scans
Thread with top 3 features in each category and links to the full dataset
#DFIR #InfoSec
Top IPs:
129.212.181.213 - 836
134.199.198.215 - 352
104.248.145.5 - 82
Top ASNs:
AS14061 - 1270
AS31898 - 68
AS396982 - 30
Top Accounts:
hello - 1356
Test - 14
Domain - 14
Top ISPs:
DigitalOcean, LLC - 1270
Oracle Corporation - 68
Google LLC - 30
Top Clients:
Unknown - 1432
Top Software:
Unknown - 1432
Top Keyboards:
Unknown - 1432
Top IP Classification:
hosting - 1402
Unknown - 30
Pastebin links with full 24-hr RDP Honeypot IOC Lists:
Bad API request, invalid api_dev_key
2025-12-04 RDP #Honeypot IOCs - 716 scans
Thread with top 3 features in each category and links to the full dataset
#DFIR #InfoSec
Top IPs:
129.212.181.213 - 418
134.199.198.215 - 176
104.248.145.5 - 41
Top ASNs:
AS14061 - 635
AS31898 - 34
AS396982 - 15
Top Accounts:
hello - 678
Test - 7
Domain - 7
Top ISPs:
DigitalOcean, LLC - 635
Oracle Corporation - 34
Google LLC - 15
Top Clients:
Unknown - 716
Top Software:
Unknown - 716
Top Keyboards:
Unknown - 716
Top IP Classification:
hosting - 701
Unknown - 15
Pastebin links with full 24-hr RDP Honeypot IOC Lists:
Bad API request, invalid api_dev_key
My lophiid hybrid honeypot dealt with the React RCE without ever being configured for it and send back the expected response to a scan.
Unknown requests are being triaged by AI. If they have malicious payload then they are send to an agent that deals with that kind of payload to simulate a realistic response.
The payload was:
{"id":"vm#runInThisContext","bound":["Math.PI * 2"]}
And the response was:
6.283185307179586
I think this has a lot of potential
2025-12-03 RDP #Honeypot IOCs - 1854 scans
Thread with top 3 features in each category and links to the full dataset
#DFIR #InfoSec
Top IPs:
159.65.21.128 - 1590
140.245.29.254 - 30
8.219.193.49 - 24
Top ASNs:
AS14061 - 1617
AS211659 - 99
AS31898 - 30
Top Accounts:
hello - 1680
Administr - 108
Test - 21
Top ISPs:
DigitalOcean, LLC - 1617
Stimul LLC - 99
Oracle Corporation - 30
Top Clients:
Unknown - 1854
Top Software:
Unknown - 1854
Top Keyboards:
Unknown - 1854
Top IP Classification:
hosting - 1695
Unknown - 141
hosting & proxy - 15
Pastebin links with full 24-hr RDP Honeypot IOC Lists:
Bad API request, invalid api_dev_key
2025-12-03 RDP #Honeypot IOCs - 1236 scans
Thread with top 3 features in each category and links to the full dataset
#DFIR #InfoSec
Top IPs:
159.65.21.128 - 1060
140.245.29.254 - 20
8.219.193.49 - 16
Top ASNs:
AS14061 - 1078
AS211659 - 66
AS31898 - 20
Top Accounts:
hello - 1120
Administr - 72
Test - 14
Top ISPs:
DigitalOcean, LLC - 1078
Stimul LLC - 66
Oracle Corporation - 20
Top Clients:
Unknown - 1236
Top Software:
Unknown - 1236
Top Keyboards:
Unknown - 1236
Top IP Classification:
hosting - 1130
Unknown - 94
hosting & proxy - 10
Pastebin links with full 24-hr RDP Honeypot IOC Lists:
Bad API request, invalid api_dev_key
2025-12-03 RDP #Honeypot IOCs - 618 scans
Thread with top 3 features in each category and links to the full dataset
#DFIR #InfoSec
Top IPs:
159.65.21.128 - 530
140.245.29.254 - 10
8.219.193.49 - 8
Top ASNs:
AS14061 - 539
AS211659 - 33
AS31898 - 10
Top Accounts:
hello - 560
Administr - 36
Test - 7
Top ISPs:
DigitalOcean, LLC - 539
Stimul LLC - 33
Oracle Corporation - 10
Top Clients:
Unknown - 618
Top Software:
Unknown - 618
Top Keyboards:
Unknown - 618
Top IP Classification:
hosting - 565
Unknown - 47
hosting & proxy - 5
Pastebin links with full 24-hr RDP Honeypot IOC Lists:
Bad API request, invalid api_dev_key
2025-12-02 RDP #Honeypot IOCs - 5010 scans
Thread with top 3 features in each category and links to the full dataset
#DFIR #InfoSec
Top IPs:
159.65.21.128 - 3339
129.212.181.213 - 831
134.199.198.215 - 528
Top ASNs:
AS14061 - 4716
AS211659 - 147
AS396982 - 36
Top Accounts:
hello - 4749
Administr - 150
Test - 36
Top ISPs:
DigitalOcean, LLC - 4716
Stimul LLC - 147
Google LLC - 36
Top Clients:
Unknown - 5010
Top Software:
Unknown - 5010
Top Keyboards:
Unknown - 5010
Top IP Classification:
hosting - 4794
Unknown - 210
hosting & proxy - 6
Pastebin links with full 24-hr RDP Honeypot IOC Lists:
Bad API request, invalid api_dev_key
2025-12-02 RDP #Honeypot IOCs - 3340 scans
Thread with top 3 features in each category and links to the full dataset
#DFIR #InfoSec
Top IPs:
159.65.21.128 - 2226
129.212.181.213 - 554
134.199.198.215 - 352
Top ASNs:
AS14061 - 3144
AS211659 - 98
AS396982 - 24
Top Accounts:
hello - 3166
Administr - 100
Test - 24
Top ISPs:
DigitalOcean, LLC - 3144
Stimul LLC - 98
Google LLC - 24
Top Clients:
Unknown - 3340
Top Software:
Unknown - 3340
Top Keyboards:
Unknown - 3340
Top IP Classification:
hosting - 3196
Unknown - 140
hosting & proxy - 4
Pastebin links with full 24-hr RDP Honeypot IOC Lists:
Bad API request, invalid api_dev_key
2025-12-02 RDP #Honeypot IOCs - 1670 scans
Thread with top 3 features in each category and links to the full dataset
#DFIR #InfoSec
Top IPs:
159.65.21.128 - 1113
129.212.181.213 - 277
134.199.198.215 - 176
Top ASNs:
AS14061 - 1572
AS211659 - 49
AS396982 - 12
Top Accounts:
hello - 1583
Administr - 50
Test - 12
Top ISPs:
DigitalOcean, LLC - 1572
Stimul LLC - 49
Google LLC - 12
Top Clients:
Unknown - 1670
Top Software:
Unknown - 1670
Top Keyboards:
Unknown - 1670
Top IP Classification:
hosting - 1598
Unknown - 70
hosting & proxy - 2
Pastebin links with full 24-hr RDP Honeypot IOC Lists:
Bad API request, invalid api_dev_key
2025-12-01 RDP #Honeypot IOCs - 1980 scans
Thread with top 3 features in each category and links to the full dataset
#DFIR #InfoSec
Top IPs:
134.199.198.215 - 1824
103.126.161.152 - 27
80.64.19.158 - 18
Top ASNs:
AS14061 - 1833
AS396982 - 36
AS135959 - 27
Top Accounts:
hello - 1881
Test - 33
Administr - 15
Top ISPs:
DigitalOcean, LLC - 1833
Google LLC - 36
Onebim Vietnam Limited Company - 27
Top Clients:
Unknown - 1980
Top Software:
Unknown - 1980
Top Keyboards:
Unknown - 1980
Top IP Classification:
hosting - 1881
Unknown - 93
hosting & proxy - 3
Pastebin links with full 24-hr RDP Honeypot IOC Lists:
Bad API request, invalid api_dev_key
2025-12-01 RDP #Honeypot IOCs - 1320 scans
Thread with top 3 features in each category and links to the full dataset
#DFIR #InfoSec
Top IPs:
134.199.198.215 - 1216
103.126.161.152 - 18
80.64.19.158 - 12
Top ASNs:
AS14061 - 1222
AS396982 - 24
AS135959 - 18
Top Accounts:
hello - 1254
Test - 22
Administr - 10
Top ISPs:
DigitalOcean, LLC - 1222
Google LLC - 24
Onebim Vietnam Limited Company - 18
Top Clients:
Unknown - 1320
Top Software:
Unknown - 1320
Top Keyboards:
Unknown - 1320
Top IP Classification:
hosting - 1254
Unknown - 62
hosting & proxy - 2
Pastebin links with full 24-hr RDP Honeypot IOC Lists:
Bad API request, invalid api_dev_key
2025-12-01 RDP #Honeypot IOCs - 660 scans
Thread with top 3 features in each category and links to the full dataset
#DFIR #InfoSec
Top IPs:
134.199.198.215 - 608
103.126.161.152 - 9
80.64.19.158 - 6
Top ASNs:
AS14061 - 611
AS396982 - 12
AS135959 - 9
Top Accounts:
hello - 627
Test - 11
Administr - 5
Top ISPs:
DigitalOcean, LLC - 611
Google LLC - 12
Onebim Vietnam Limited Company - 9
Top Clients:
Unknown - 660
Top Software:
Unknown - 660
Top Keyboards:
Unknown - 660
Top IP Classification:
hosting - 627
Unknown - 31
hosting & proxy - 1
Pastebin links with full 24-hr RDP Honeypot IOC Lists:
Bad API request, invalid api_dev_key
Since a week my honeypots are seeing an increase in attacks targeting CVE-2023-7304 (Ruijie RG-UAC nmc_sync.php Command Injection)
2025-11-30 RDP #Honeypot IOCs - 1077 scans
Thread with top 3 features in each category and links to the full dataset
#DFIR #InfoSec
Top IPs:
134.199.198.215 - 939
152.233.3.146 - 15
80.64.19.158 - 12
Top ASNs:
AS14061 - 939
AS396982 - 36
AS212238 - 15
Top Accounts:
hello - 972
Test - 24
Domain - 18
Top ISPs:
DigitalOcean, LLC - 939
Google LLC - 36
Datacamp Limited - 15
Top Clients:
Unknown - 1077
Top Software:
Unknown - 1077
Top Keyboards:
Unknown - 1077
Top IP Classification:
hosting - 981
Unknown - 78
hosting & proxy - 18
Pastebin links with full 24-hr RDP Honeypot IOC Lists:
Bad API request, invalid api_dev_key
2025-11-30 RDP #Honeypot IOCs - 718 scans
Thread with top 3 features in each category and links to the full dataset
#DFIR #InfoSec
Top IPs:
134.199.198.215 - 626
152.233.3.146 - 10
80.64.19.158 - 8
Top ASNs:
AS14061 - 626
AS396982 - 24
AS212238 - 10
Top Accounts:
hello - 648
Test - 16
Domain - 12
Top ISPs:
DigitalOcean, LLC - 626
Google LLC - 24
Datacamp Limited - 10
Top Clients:
Unknown - 718
Top Software:
Unknown - 718
Top Keyboards:
Unknown - 718
Top IP Classification:
hosting - 654
Unknown - 52
hosting & proxy - 12
Pastebin links with full 24-hr RDP Honeypot IOC Lists:
Bad API request, invalid api_dev_key
2025-11-30 RDP #Honeypot IOCs - 359 scans
Thread with top 3 features in each category and links to the full dataset
#DFIR #InfoSec
Top IPs:
134.199.198.215 - 313
152.233.3.146 - 5
80.64.19.158 - 4
Top ASNs:
AS14061 - 313
AS396982 - 12
AS212238 - 5
Top Accounts:
hello - 324
Test - 8
Domain - 6
Top ISPs:
DigitalOcean, LLC - 313
Google LLC - 12
Datacamp Limited - 5
Top Clients:
Unknown - 359
Top Software:
Unknown - 359
Top Keyboards:
Unknown - 359
Top IP Classification:
hosting - 327
Unknown - 26
hosting & proxy - 6
Pastebin links with full 24-hr RDP Honeypot IOC Lists:
Bad API request, invalid api_dev_key
Canadian MP DESTROYS Trump in TAKEDOWN over UKRAINE
#MeidasTouch
Nov 29, 2025
MeidasTouch host Ben Meiselas reports on former Canadian Member of Parliament and leader of Meidas Canada Charlie Angus delivering an epic takedown of Donald Trump for betraying Ukraine for Russia.
#Krasnov #Trump #Ukraine #KGB #Putin #Kremlin #Kompromat #Honeypot #Traitor
https://www.youtube.com/watch?v=5ejrJ4FuBOo
Client Info
Server: https://mastodon.social
Version: 2025.07
Repository: https://github.com/cyevgeniy/lmst