HoneyMire Hub

Attack #291996 telnet

Captured 2026-06-29 19:21:27Z by Ka on honeypot FR1 ⬜ docker-edge · firmware 0.1.0.

Source47.237.76.170:54634
Target port23
Authenticatedyes
Commands2
Duration11.0s

Session recording

Loading session…

Transcript

Server output and attacker input as captured, line-grain. Malware URLs are obscured until sign-in. 

Welcome to HiLinux (NVR Box)

hilinux-nvrbox# sh
hilinux-nvrbox# /bin/busybox UNSTABLE
UNSTABLE: applet not found
hilinux-nvrbox#

Credentials

Username: system

Password: shell

3 login attempt(s) before disconnect.

Geolocation hub-resolved

🇸🇬Singapore · North West · Singapore

Alibaba (US) Technology Co., Ltd. · AS45102 Alibaba (US) Technology Co., Ltd. · 1.35,103.82

Network: cdn · Alibaba · Content · peeringdb · medium confidence

Behavioral classification

🦠 80% confidence

Mirai-family IoT botnet — wget + chmod + exec; tries common router/IP-cam credentials.

Matched signals:

Command summary

sh
/bin/busybox UNSTABLE

Reported to threat intel

none

HoneyMire Hub · open feed: / · API: /api · docs: /docs · blocklists: /blocklists · about: /about · firmware: github.com/HoneyMire/HoneyMire