HoneyMire Hub

Attack #292157 telnet

Captured 2026-06-29 19:56:11Z by Ka on honeypot LU2 - SERVERS ⬜ docker-edge · firmware 0.1.0.

Source92.204.138.191:50728
Target port23
Authenticatedyes
Commands1
Duration32.4s

Session recording

Loading session…

Transcript

Server output and attacker input as captured, line-grain. Malware URLs are obscured until sign-in. 

[MikroTik] > sh
[MikroTik] >

Credentials

Username: system

Password: shell

3 login attempt(s) before disconnect.

Geolocation hub-resolved

🇺🇸United States · Virginia · Warrenton

GoDaddy.com, LLC · AS398101 GoDaddy.com, LLC · 38.71,-77.80

Network: unknown · GoDaddy.com, LLC · geoip · low confidence

Behavioral classification

🤖 55% confidence

Automated tool, unknown family — uniform timing but no matched signature.

Command summary

sh

Reported to threat intel

none

HoneyMire Hub · open feed: / · API: /api · docs: /docs · blocklists: /blocklists · about: /about · firmware: github.com/HoneyMire/HoneyMire