The analysis of RDP honeypot data reveals a significant number of scans originating from specific IP addresses and ASNs, with Google LLC and DigitalOcean, LLC being the top ISPs involved.
Claims
The analysis of RDP honeypot data reveals a significant number of scans originating from specific IP addresses and ASNs, with Google LLC and DigitalOcean, LLC being the top ISPs involved.
Parent: Cybersecurity Threat IntelligenceEntity: RDP Honeypot Data AnalysisImpact: negativeDate: Apr 18, 2026 - Apr 23, 2026Target: The frequency and origin of RDP honeypot scans
The RDP honeypot data indicates that a large number of scans are associated with unknown clients, software, and keyboards, suggesting a high level of obfuscation in the attack vectors.
Parent: Cybersecurity Threat IntelligenceEntity: RDP Honeypot Data AnalysisImpact: negativeDate: Apr 18, 2026 - Apr 23, 2026Target: The obfuscation techniques used in RDP attacks
Source posts
2026-04-17 RDP #Honeypot IOCs - 183 scans
Thread with top 3 features in each category and links to the full dataset
#DFIR #InfoSec
Top IPs:
164.92.124.232 - 39
80.94.95.43 - 27
147.185.132.53 - 12
Top ASNs:
AS396982 - 48
AS14061 - 39
AS204428 - 33
Top Accounts:
hello - 54
Administr - 48
Test - 24
Top ISPs:
Google LLC - 48
DigitalOcean, LLC - 39
SS-Net - 33
Top Clients:
Unknown - 183
Top Software:
Unknown - 183
Top Keyboards:
Unknown - 183
Top IP Classification:
hosting - 102
Unknown - 78
mobile & hosting - 3
Pastebin links with full 24-hr RDP Honeypot IOC Lists:
Bad API request, invalid api_dev_key
#CyberSec #SOC #Blueteam #SecOps #Security
0 boosts · 0 favs · 0 replies · Apr 18, 2026
#honeypot#dfir#infosec#cybersec#soc#blueteam
2026-04-17 RDP #Honeypot IOCs - 122 scans
Thread with top 3 features in each category and links to the full dataset
#DFIR #InfoSec
Top IPs:
164.92.124.232 - 26
80.94.95.43 - 18
147.185.132.53 - 8
Top ASNs:
AS396982 - 32
AS14061 - 26
AS204428 - 22
Top Accounts:
hello - 36
Administr - 32
Test - 16
Top ISPs:
Google LLC - 32
DigitalOcean, LLC - 26
SS-Net - 22
Top Clients:
Unknown - 122
Top Software:
Unknown - 122
Top Keyboards:
Unknown - 122
Top IP Classification:
hosting - 68
Unknown - 52
mobile & hosting - 2
Pastebin links with full 24-hr RDP Honeypot IOC Lists:
Bad API request, invalid api_dev_key
#CyberSec #SOC #Blueteam #SecOps #Security
0 boosts · 0 favs · 0 replies · Apr 18, 2026
#honeypot#dfir#infosec#cybersec#soc#blueteam
2026-04-17 RDP #Honeypot IOCs - 61 scans
Thread with top 3 features in each category and links to the full dataset
#DFIR #InfoSec
Top IPs:
164.92.124.232 - 13
80.94.95.43 - 9
147.185.132.53 - 4
Top ASNs:
AS396982 - 16
AS14061 - 13
AS204428 - 11
Top Accounts:
hello - 18
Administr - 16
Test - 8
Top ISPs:
Google LLC - 16
DigitalOcean, LLC - 13
SS-Net - 11
Top Clients:
Unknown - 61
Top Software:
Unknown - 61
Top Keyboards:
Unknown - 61
Top IP Classification:
hosting - 34
Unknown - 26
mobile & hosting - 1
Pastebin links with full 24-hr RDP Honeypot IOC Lists:
Bad API request, invalid api_dev_key
#CyberSec #SOC #Blueteam #SecOps #Security
1 boosts · 0 favs · 0 replies · Apr 18, 2026
#honeypot#dfir#infosec#cybersec#soc#blueteam
2026-04-18 RDP #Honeypot IOCs - 117 scans
Thread with top 3 features in each category and links to the full dataset
#DFIR #InfoSec
Top IPs:
164.92.124.232 - 18
198.235.24.209 - 9
198.235.24.156 - 9
Top ASNs:
AS396982 - 36
AS14061 - 18
AS48721 - 15
Top Accounts:
Administr - 36
hello - 21
Test - 18
Top ISPs:
Google LLC - 36
DigitalOcean, LLC - 18
Flyservers S.A. - 15
Top Clients:
Unknown - 117
Top Software:
Unknown - 117
Top Keyboards:
Unknown - 117
Top IP Classification:
hosting - 57
Unknown - 57
mobile - 3
Pastebin links with full 24-hr RDP Honeypot IOC Lists:
Bad API request, invalid api_dev_key
#CyberSec #SOC #Blueteam #SecOps #Security
0 boosts · 0 favs · 0 replies · Apr 19, 2026
#honeypot#dfir#infosec#cybersec#soc#blueteam
2026-04-18 RDP #Honeypot IOCs - 78 scans
Thread with top 3 features in each category and links to the full dataset
#DFIR #InfoSec
Top IPs:
164.92.124.232 - 12
198.235.24.209 - 6
198.235.24.156 - 6
Top ASNs:
AS396982 - 24
AS14061 - 12
AS48721 - 10
Top Accounts:
Administr - 24
hello - 14
Test - 12
Top ISPs:
Google LLC - 24
DigitalOcean, LLC - 12
Flyservers S.A. - 10
Top Clients:
Unknown - 78
Top Software:
Unknown - 78
Top Keyboards:
Unknown - 78
Top IP Classification:
hosting - 38
Unknown - 38
mobile - 2
Pastebin links with full 24-hr RDP Honeypot IOC Lists:
Bad API request, invalid api_dev_key
#CyberSec #SOC #Blueteam #SecOps #Security
0 boosts · 0 favs · 0 replies · Apr 19, 2026
#honeypot#dfir#infosec#cybersec#soc#blueteam
2026-04-18 RDP #Honeypot IOCs - 39 scans
Thread with top 3 features in each category and links to the full dataset
#DFIR #InfoSec
Top IPs:
164.92.124.232 - 6
198.235.24.209 - 3
198.235.24.156 - 3
Top ASNs:
AS396982 - 12
AS14061 - 6
AS48721 - 5
Top Accounts:
Administr - 12
hello - 7
Test - 6
Top ISPs:
Google LLC - 12
DigitalOcean, LLC - 6
Flyservers S.A. - 5
Top Clients:
Unknown - 39
Top Software:
Unknown - 39
Top Keyboards:
Unknown - 39
Top IP Classification:
hosting - 19
Unknown - 19
mobile - 1
Pastebin links with full 24-hr RDP Honeypot IOC Lists:
Bad API request, invalid api_dev_key
#CyberSec #SOC #Blueteam #SecOps #Security
0 boosts · 0 favs · 0 replies · Apr 19, 2026
#honeypot#dfir#infosec#cybersec#soc#blueteam
2026-04-19 RDP #Honeypot IOCs - 506 scans
Thread with top 3 features in each category and links to the full dataset
#DFIR #InfoSec
Top IPs:
45.77.150.186 - 466
80.94.95.221 - 11
159.223.110.137 - 4
Top ASNs:
AS20473 - 466
AS396982 - 12
AS204428 - 11
Top Accounts:
hello - 471
Administr - 14
2rlvvaa2 - 4
Top ISPs:
The Constant Company - 466
Google LLC - 12
SS-Net - 11
Top Clients:
Unknown - 506
Top Software:
Unknown - 506
Top Keyboards:
Unknown - 506
Top IP Classification:
hosting - 487
Unknown - 17
hosting & proxy - 2
Pastebin links with full 24-hr RDP Honeypot IOC Lists:
Bad API request, invalid api_dev_key
#CyberSec #SOC #Blueteam #SecOps #Security
1 boosts · 0 favs · 0 replies · Apr 20, 2026
#honeypot#dfir#infosec#cybersec#soc#blueteam
2026-04-19 RDP #Honeypot IOCs - 1518 scans
Thread with top 3 features in each category and links to the full dataset
#DFIR #InfoSec
Top IPs:
45.77.150.186 - 1398
80.94.95.221 - 33
159.223.110.137 - 12
Top ASNs:
AS20473 - 1398
AS396982 - 36
AS204428 - 33
Top Accounts:
hello - 1413
Administr - 42
2rlvvaa2 - 12
Top ISPs:
The Constant Company - 1398
Google LLC - 36
SS-Net - 33
Top Clients:
Unknown - 1518
Top Software:
Unknown - 1518
Top Keyboards:
Unknown - 1518
Top IP Classification:
hosting - 1461
Unknown - 51
hosting & proxy - 6
Pastebin links with full 24-hr RDP Honeypot IOC Lists:
Bad API request, invalid api_dev_key
#CyberSec #SOC #Blueteam #SecOps #Security
2 boosts · 0 favs · 0 replies · Apr 20, 2026
#honeypot#dfir#infosec#cybersec#soc#blueteam
2026-04-20 RDP #Honeypot IOCs - 171 scans
Thread with top 3 features in each category and links to the full dataset
#DFIR #InfoSec
Top IPs:
222.92.245.35 - 138
198.235.24.93 - 3
213.55.79.194 - 3
Top ASNs:
AS4134 - 138
AS396982 - 12
AS216473 - 3
Top Accounts:
test - 138
Test - 11
hello - 4
Top ISPs:
Chinanet - 138
Google LLC - 12
Flyservers S.A. - 4
Top Clients:
Unknown - 171
Top Software:
Unknown - 171
Top Keyboards:
Unknown - 171
Top IP Classification:
Unknown - 156
hosting - 14
mobile & hosting - 1
Pastebin links with full 24-hr RDP Honeypot IOC Lists:
Bad API request, invalid api_dev_key
#CyberSec #SOC #Blueteam #SecOps #Security
1 boosts · 0 favs · 0 replies · Apr 21, 2026
#honeypot#dfir#infosec#cybersec#soc#blueteam
2026-04-20 RDP #Honeypot IOCs - 342 scans
Thread with top 3 features in each category and links to the full dataset
#DFIR #InfoSec
Top IPs:
222.92.245.35 - 276
198.235.24.93 - 6
213.55.79.194 - 6
Top ASNs:
AS4134 - 276
AS396982 - 24
AS216473 - 6
Top Accounts:
test - 276
Test - 22
hello - 8
Top ISPs:
Chinanet - 276
Google LLC - 24
Flyservers S.A. - 8
Top Clients:
Unknown - 342
Top Software:
Unknown - 342
Top Keyboards:
Unknown - 342
Top IP Classification:
Unknown - 312
hosting - 28
mobile & hosting - 2
Pastebin links with full 24-hr RDP Honeypot IOC Lists:
Bad API request, invalid api_dev_key
#CyberSec #SOC #Blueteam #SecOps #Security
2 boosts · 0 favs · 0 replies · Apr 21, 2026
#honeypot#dfir#infosec#cybersec#soc#blueteam
2026-04-20 RDP #Honeypot IOCs - 513 scans
Thread with top 3 features in each category and links to the full dataset
#DFIR #InfoSec
Top IPs:
222.92.245.35 - 414
198.235.24.93 - 9
213.55.79.194 - 9
Top ASNs:
AS4134 - 414
AS396982 - 36
AS216473 - 9
Top Accounts:
test - 414
Test - 33
hello - 12
Top ISPs:
Chinanet - 414
Google LLC - 36
Flyservers S.A. - 12
Top Clients:
Unknown - 513
Top Software:
Unknown - 513
Top Keyboards:
Unknown - 513
Top IP Classification:
Unknown - 468
hosting - 42
mobile & hosting - 3
Pastebin links with full 24-hr RDP Honeypot IOC Lists:
Bad API request, invalid api_dev_key
#CyberSec #SOC #Blueteam #SecOps #Security
1 boosts · 0 favs · 0 replies · Apr 21, 2026
#honeypot#dfir#infosec#cybersec#soc#blueteam
2026-04-21 RDP #Honeypot IOCs - 133 scans
Thread with top 3 features in each category and links to the full dataset
#DFIR #InfoSec
Top IPs:
222.92.245.35 - 82
203.55.131.4 - 10
159.223.106.189 - 9
Top ASNs:
AS4134 - 82
AS396982 - 12
AS32475 - 10
Top Accounts:
test - 82
hello - 14
Administr - 10
Top ISPs:
Chinanet - 82
Google LLC - 12
Internap Holding LLC - 10
Top Clients:
Unknown - 133
Top Software:
Unknown - 133
Top Keyboards:
Unknown - 133
Top IP Classification:
Unknown - 97
hosting - 25
hosting & proxy - 11
Pastebin links with full 24-hr RDP Honeypot IOC Lists:
Bad API request, invalid api_dev_key
#CyberSec #SOC #Blueteam #SecOps #Security
1 boosts · 0 favs · 0 replies · Apr 22, 2026
#honeypot#dfir#infosec#cybersec#soc#blueteam
2026-04-21 RDP #Honeypot IOCs - 266 scans
Thread with top 3 features in each category and links to the full dataset
#DFIR #InfoSec
Top IPs:
222.92.245.35 - 164
203.55.131.4 - 20
159.223.106.189 - 18
Top ASNs:
AS4134 - 164
AS396982 - 24
AS32475 - 20
Top Accounts:
test - 164
hello - 28
Administr - 20
Top ISPs:
Chinanet - 164
Google LLC - 24
Internap Holding LLC - 20
Top Clients:
Unknown - 266
Top Software:
Unknown - 266
Top Keyboards:
Unknown - 266
Top IP Classification:
Unknown - 194
hosting - 50
hosting & proxy - 22
Pastebin links with full 24-hr RDP Honeypot IOC Lists:
Bad API request, invalid api_dev_key
#CyberSec #SOC #Blueteam #SecOps #Security
1 boosts · 0 favs · 0 replies · Apr 22, 2026
#honeypot#dfir#infosec#cybersec#soc#blueteam
2026-04-21 RDP #Honeypot IOCs - 399 scans
Thread with top 3 features in each category and links to the full dataset
#DFIR #InfoSec
Top IPs:
222.92.245.35 - 246
203.55.131.4 - 30
159.223.106.189 - 27
Top ASNs:
AS4134 - 246
AS396982 - 36
AS32475 - 30
Top Accounts:
test - 246
hello - 42
Administr - 30
Top ISPs:
Chinanet - 246
Google LLC - 36
Internap Holding LLC - 30
Top Clients:
Unknown - 399
Top Software:
Unknown - 399
Top Keyboards:
Unknown - 399
Top IP Classification:
Unknown - 291
hosting - 75
hosting & proxy - 33
Pastebin links with full 24-hr RDP Honeypot IOC Lists:
Bad API request, invalid api_dev_key
#CyberSec #SOC #Blueteam #SecOps #Security
1 boosts · 0 favs · 0 replies · Apr 22, 2026
#honeypot#dfir#infosec#cybersec#soc#blueteam
2026-04-22 RDP #Honeypot IOCs - 47 scans
Thread with top 3 features in each category and links to the full dataset
#DFIR #InfoSec
Top IPs:
103.149.252.223 - 8
111.170.152.113 - 5
194.165.16.166 - 4
Top ASNs:
AS396982 - 12
AS135918 - 8
AS63949 - 5
Top Accounts:
hello - 14
Test - 8
p6vn72vb - 4
Top ISPs:
Google LLC - 12
AI-SOL - 8
Flyservers S.A. - 6
Top Clients:
Unknown - 47
Top Software:
Unknown - 47
Top Keyboards:
Unknown - 47
Top IP Classification:
Unknown - 25
hosting - 20
hosting & proxy - 2
Pastebin links with full 24-hr RDP Honeypot IOC Lists:
Bad API request, invalid api_dev_key
#CyberSec #SOC #Blueteam #SecOps #Security
1 boosts · 0 favs · 0 replies · Apr 23, 2026
#honeypot#dfir#infosec#cybersec#soc#blueteam