ThreatFox IOC Database
You are viewing the ThreatFox database entry for ip:port 112.46.215.14:23.
Database Entry
| IOC ID: | 1837542 |
|---|---|
| IOC: | 112.46.215.14:23 |
| IOC Type : | ip:port |
| Threat Type : | botnet_cc |
| Malware: | Mirai |
| Malware alias: | Katana |
| Confidence Level : | Confidence level is high (100%) |
| Is compromised? : | False |
| ASN: | AS9808 CHINAMOBILE-CN |
| Country: |  CN |
| First seen: | 2026-06-25 18:52:43 UTC |
| Last seen: | 2026-06-25 17:09:20 UTC |
| UUID: | ec2eaa46-70b6-11f1-97fa-42010aa4000a |
| Reporter |  Speculus |
| Reward |
10 credits from anonymous |
| Tags: | 2J6iclGG Mirai Variant |
| Reference: | https://speculus.co/search?ip=112.46.215.14 |
Speculus
Timestamp: 2026-06-25T16:51:13Z.Summary:
Active IoT botnet brute-force and exploitation node targeting embedded Linux devices.
The host successfully authenticated over Telnet (Port 23) and immediately attempted to call /bin/busybox with an arbitrary execution verification token. Behavior aligns with active Mirai/Mozi recruitment campaigns.
Telemetry Attributes:
- Vector: Telnet Brute-Force Command Injection
- Executable Target: /bin/busybox 2J6iclGG
- TTL Fingerprint: 127