HoneyMire Hub

Attack #291668 telnet

Captured 2026-06-29 18:14:37Z by Ka on honeypot LU2 - SERVERS ⬜ docker-edge · firmware 0.1.0.

Source92.204.138.191:57348
Target port23
Authenticatedyes
Commands1
Duration32.3s

Session recording

Loading session…

Transcript

Server output and attacker input as captured, line-grain. Malware URLs are obscured until sign-in. 

Welcome to HiLinux (NVR Box)

hilinux-nvrbox# sh
hilinux-nvrbox#

Credentials

Username: system

Password: shell

3 login attempt(s) before disconnect.

Geolocation hub-resolved

🇺🇸United States · Virginia · Warrenton

GoDaddy.com, LLC · AS398101 GoDaddy.com, LLC · 38.71,-77.80

Network: unknown · GoDaddy.com, LLC · geoip · low confidence

Behavioral classification

🤖 55% confidence

Automated tool, unknown family — uniform timing but no matched signature.

Command summary

sh

Reported to threat intel

none

HoneyMire Hub · open feed: / · API: /api · docs: /docs · blocklists: /blocklists · about: /about · firmware: github.com/HoneyMire/HoneyMire