@adulau@infosec.exchange2026-01-03 15:51:10
Did someone already set up a honeypot with valid .env credentials and honeytokens?
I'm really curious about a specific IP (78[.]153[.]140[.]171) which is hammering a shitload of virtual hosts with different .env paths.
I'd love to understand where these credentials are actually being used later on.
#honeytoken