Nostr notes by honeymire

HoneyMire credential leaderboard - today 1. system:shell - 1707 ...

2026-05-22T22:31:53Z

HoneyMire credential leaderboard - today

1. system:shell - 1707 tries
2. support:support - 313 tries
3. solana:solana - 194 tries
4. 0:0 - 168 tries
5. root:xc3511 - 165 tries

Factory defaults age badly.

#CyberSecurity #Honeypot #IoT

HoneyMire pulse / 24h 11981 attempts 746 unique sources Top port: ...

2026-05-22T21:01:50Z

HoneyMire pulse / 24h

11981 attempts
746 unique sources
Top port: 23
Most tried login: system:shell

Low effort. High volume. Very internet.

#ThreatIntel #Honeypot #CyberSecurity

New signal source observed HoneyMire saw activity from Zambia for ...

2026-05-22T19:31:50Z

New signal source observed

HoneyMire saw activity from Zambia for the first time in 30 days.

Target: TELNET / 23
Behavior: creds-probe
Confidence: 60%

One more ripple in the mire.

#ThreatIntel #Honeypot #CyberSecurity

New signal source observed HoneyMire saw activity from Mongolia ...

2026-05-22T03:16:50Z

New signal source observed

HoneyMire saw activity from Mongolia for the first time in 30 days.

Target: TELNET / 23
Behavior: creds-only
Confidence: 70%

One more ripple in the mire.

#ThreatIntel #Honeypot #CyberSecurity

Today, Luxembourg was the loudest HoneyMire sensor. 11344 ...

2026-05-22T01:46:50Z

Today, Luxembourg was the loudest HoneyMire sensor.

11344 attempts from 1002 unique sources.
Top behavior: scripted

Different country. Same bad passwords.

#ThreatIntel #Honeypot #BlueTeam

Bot signal A HoneyMire sensor saw 11344 attempts from The ...

2026-05-22T00:16:50Z

Bot signal

A HoneyMire sensor saw 11344 attempts from The Netherlands, targeting TELNET / 23.

Credential: system:shell
Pattern: scripted
Confidence: 60%

Small signal, useful noise.

#Honeypot #ThreatIntel #BlueTeam

HoneyMire credential leaderboard - today 1. system:shell - 1535 ...

2026-05-21T22:31:50Z

HoneyMire credential leaderboard - today

1. system:shell - 1535 tries
2. support:support - 302 tries
3. solana:solana - 193 tries
4. 0:0 - 189 tries
5. root:Zte521 - 160 tries

Factory defaults age badly.

#CyberSecurity #Honeypot #IoT

HoneyMire pulse / 24h 11343 attempts 1002 unique sources Top ...

2026-05-21T20:52:19Z

HoneyMire pulse / 24h

11343 attempts
1002 unique sources
Top port: 23
Most tried login: system:shell

Low effort. High volume. Very internet.

#ThreatIntel #Honeypot #CyberSecurity

New signal source observed HoneyMire saw activity from Cameroon ...

2026-05-21T19:22:10Z

New signal source observed

HoneyMire saw activity from Cameroon for the first time in 30 days.

Target: SSH / 22
Behavior: scripted
Confidence: 60%

One more ripple in the mire.

#ThreatIntel #Honeypot #CyberSecurity

New signal source observed HoneyMire saw activity from Nicaragua ...

2026-05-21T03:07:09Z

New signal source observed

HoneyMire saw activity from Nicaragua for the first time in 30 days.

Target: TELNET / 23
Behavior: creds-only
Confidence: 70%

One more ripple in the mire.

#ThreatIntel #Honeypot #CyberSecurity

Strange command spotted by HoneyMire A bot authenticated and ...

2026-05-21T01:37:09Z

Strange command spotted by HoneyMire

A bot authenticated and immediately tried:

"echo "===HOSTNAME==="; hostname 2/dev/null || echo EMPTY; echo "===UNAME==="; un"

Pattern:
scripted

Raw payload redacted. Signal preserved.

#ThreatIntel #Honeypot #Malware

New signal source observed HoneyMire saw activity from Macao for ...

2026-05-21T00:07:09Z

New signal source observed

HoneyMire saw activity from Macao for the first time in 30 days.

Target: SSH / 22
Behavior: scripted
Confidence: 60%

One more ripple in the mire.

#ThreatIntel #Honeypot #CyberSecurity

New signal source observed HoneyMire saw activity from Guatemala ...

2026-05-20T22:22:09Z

New signal source observed

HoneyMire saw activity from Guatemala for the first time in 30 days.

Target: TELNET / 23
Behavior: creds-only
Confidence: 70%

One more ripple in the mire.

#ThreatIntel #Honeypot #CyberSecurity

Strange command spotted by HoneyMire A bot authenticated and ...

2026-05-20T20:52:10Z

Strange command spotted by HoneyMire

A bot authenticated and immediately tried:

"c � 3��ń{f[�:`��p�+�rH7g�*��r��a�Ì�0��6]�0�]ϔ�V�Y"�${�?ةB�`��?�̰��l�Uo"3"

Pattern:
scripted

Raw payload redacted. Signal preserved.

#ThreatIntel #Honeypot #Malware

Today, Luxembourg was the loudest HoneyMire sensor. 12533 ...

2026-05-20T19:09:46Z

Today, Luxembourg was the loudest HoneyMire sensor.

12533 attempts from 847 unique sources.
Top behavior: scripted

Different country. Same bad passwords.

#ThreatIntel #Honeypot #BlueTeam

Bot signal A HoneyMire sensor saw 12533 attempts from The ...

2026-05-20T02:54:46Z

Bot signal

A HoneyMire sensor saw 12533 attempts from The Netherlands, targeting TELNET / 23.

Credential: system:shell
Pattern: scripted
Confidence: 60%

Small signal, useful noise.

#Honeypot #ThreatIntel #BlueTeam

HoneyMire credential leaderboard - today 1. system:shell - 3056 ...

2026-05-20T01:24:46Z

HoneyMire credential leaderboard - today

1. system:shell - 3056 tries
2. support:support - 341 tries
3. root:Zte521 - 179 tries
4. solana:solana - 171 tries
5. 0:0 - 164 tries

Factory defaults age badly.

#CyberSecurity #Honeypot #IoT

HoneyMire pulse / 24h 12533 attempts 847 unique sources Top port: ...

2026-05-19T23:54:46Z

HoneyMire pulse / 24h

12533 attempts
847 unique sources
Top port: 23
Most tried login: system:shell

Low effort. High volume. Very internet.

#ThreatIntel #Honeypot #CyberSecurity

New signal source observed HoneyMire saw activity from Cayman ...

2026-05-19T22:09:46Z

New signal source observed

HoneyMire saw activity from Cayman Islands for the first time in 30 days.

Target: TELNET / 23
Behavior: creds-only
Confidence: 70%

One more ripple in the mire.

#ThreatIntel #Honeypot #CyberSecurity

Strange command spotted by HoneyMire A bot authenticated and ...

2026-05-19T20:39:46Z

Strange command spotted by HoneyMire

A bot authenticated and immediately tried:

"start enable config terminal system linuxshell su shell sh /var/run/.x&&cd /var/"

Pattern:
mirai

Raw payload redacted. Signal preserved.

#ThreatIntel #Honeypot #Malware

New signal source observed HoneyMire saw activity from Montenegro ...

2026-05-19T18:57:26Z

New signal source observed

HoneyMire saw activity from Montenegro for the first time in 30 days.

Target: TELNET / 23
Behavior: creds-only
Confidence: 70%

One more ripple in the mire.

#ThreatIntel #Honeypot #CyberSecurity

New signal source observed HoneyMire saw activity from Puerto ...

2026-05-19T02:42:26Z

New signal source observed

HoneyMire saw activity from Puerto Rico for the first time in 30 days.

Target: TELNET / 23
Behavior: creds-only
Confidence: 70%

One more ripple in the mire.

#ThreatIntel #Honeypot #CyberSecurity

New signal source observed HoneyMire saw activity from Croatia ...

2026-05-19T00:57:26Z

New signal source observed

HoneyMire saw activity from Croatia for the first time in 30 days.

Target: TELNET / 23
Behavior: mirai
Confidence: 80%

One more ripple in the mire.

#ThreatIntel #Honeypot #CyberSecurity

Today, Luxembourg was the loudest HoneyMire sensor. 11467 ...

2026-05-18T23:27:26Z

Today, Luxembourg was the loudest HoneyMire sensor.

11467 attempts from 1063 unique sources.
Top behavior: scripted

Different country. Same bad passwords.

#ThreatIntel #Honeypot #BlueTeam

Bot signal A HoneyMire sensor saw 11467 attempts from The ...

2026-05-18T21:57:27Z

Bot signal

A HoneyMire sensor saw 11467 attempts from The Netherlands, targeting TELNET / 23.

Credential: system:shell
Pattern: scripted
Confidence: 60%

Small signal, useful noise.

#Honeypot #ThreatIntel #BlueTeam

HoneyMire credential leaderboard - today 1. system:shell - 1427 ...

2026-05-18T20:27:26Z

HoneyMire credential leaderboard - today

1. system:shell - 1427 tries
2. support:support - 301 tries
3. admin:1234 - 205 tries
4. 0:0 - 185 tries
5. solana:solana - 182 tries

Factory defaults age badly.

#CyberSecurity #Honeypot #IoT

HoneyMire pulse / 24h 11467 attempts 1063 unique sources Top ...

2026-05-18T18:55:23Z

HoneyMire pulse / 24h

11467 attempts
1063 unique sources
Top port: 23
Most tried login: system:shell

Low effort. High volume. Very internet.

#ThreatIntel #Honeypot #CyberSecurity

New signal source observed HoneyMire saw activity from Slovakia ...

2026-05-18T02:40:22Z

New signal source observed

HoneyMire saw activity from Slovakia for the first time in 30 days.

Target: SSH / 22
Behavior: scripted
Confidence: 60%

One more ripple in the mire.

#ThreatIntel #Honeypot #CyberSecurity

Today, Luxembourg was the loudest HoneyMire sensor. 11260 ...

2026-05-18T00:55:22Z

Today, Luxembourg was the loudest HoneyMire sensor.

11260 attempts from 1062 unique sources.
Top behavior: scripted

Different country. Same bad passwords.

#ThreatIntel #Honeypot #BlueTeam

Bot signal A HoneyMire sensor saw 10953 attempts from The ...

2026-05-17T23:25:23Z

Bot signal

A HoneyMire sensor saw 10953 attempts from The Netherlands, targeting TELNET / 23.

Credential: system:shell
Pattern: scripted
Confidence: 60%

Small signal, useful noise.

#Honeypot #ThreatIntel #BlueTeam

HoneyMire credential leaderboard - today 1. system:shell - 1055 ...

2026-05-17T21:55:22Z

HoneyMire credential leaderboard - today

1. system:shell - 1055 tries
2. support:support - 303 tries
3. admin:1234 - 195 tries
4. 0:0 - 187 tries
5. solana:solana - 167 tries

Factory defaults age badly.

#CyberSecurity #Honeypot #IoT

HoneyMire pulse / 24h 10953 attempts 1145 unique sources Top ...

2026-05-17T20:25:22Z

HoneyMire pulse / 24h

10953 attempts
1145 unique sources
Top port: 23
Most tried login: system:shell

Low effort. High volume. Very internet.

#ThreatIntel #Honeypot #CyberSecurity

Strange command spotted by HoneyMire A bot authenticated and ...

2026-05-17T18:44:12Z

Strange command spotted by HoneyMire

A bot authenticated and immediately tried:

"export PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:$PATH u"

Pattern:
scripted

Raw payload redacted. Signal preserved.

#ThreatIntel #Honeypot #Malware