HoneyMire Hub

Attack #291647 telnet

Captured 2026-06-29 18:09:47Z by Ka on honeypot LU2 - SERVERS ⬜ docker-edge · firmware 0.1.0.

Source222.97.112.179:51942
Target port23
Authenticatedyes
Commands1
Duration33.9s

Session recording

Loading session…

Transcript

Server output and attacker input as captured, line-grain. Malware URLs are obscured until sign-in. 

Welcome to HiLinux (NVR Box)

hilinux-nvrbox# &k`g&k|zpkfq)ES[M
-sh: zpkfq)ES[M: not found
hilinux-nvrbox#

Credentials

Username: zalee

Password: za

3 login attempt(s) before disconnect.

Geolocation hub-resolved

🇰🇷South Korea · Gyeongsangnam-do · Gimhae

Korea Telecom · AS4766 Korea Telecom · 35.19,128.82

Network: residential · KT Corporation (Korea Telecom) · Cable/DSL/ISP · peeringdb · medium confidence

Behavioral classification

🤖 55% confidence

Automated tool, unknown family — uniform timing but no matched signature.

Command summary

&k`g&k|zpkfq)ES[M

Reported to threat intel

none

HoneyMire Hub · open feed: / · API: /api · docs: /docs · blocklists: /blocklists · about: /about · firmware: github.com/HoneyMire/HoneyMire