ThreatFox IOC Database
You are viewing the ThreatFox database entry for ip:port 205.186.144.66:23.
Database Entry
| IOC ID: | 1837549 |
|---|---|
| IOC: | 205.186.144.66:23 |
| IOC Type : | ip:port |
| Threat Type : | botnet_cc |
| Malware: | Mirai |
| Malware alias: | Katana |
| Confidence Level : | Confidence level is high (100%) |
| Is compromised? : | False |
| ASN: | AS398101 GO-DADDY-COM-LLC |
| Country: |  US |
| First seen: | 2026-06-25 18:52:38 UTC |
| Last seen: | never |
| UUID: | 470290d6-70b8-11f1-97fa-42010aa4000a |
| Reporter |  Speculus |
| Reward |
10 credits from anonymous |
| Tags: | Mirai Variant UNSTABLE |
| Reference: | https://speculus.co/search?ip=205.186.144.66 |
Speculus
Timestamp : 2026-06-25T16:46:33ZSummary:
Automated Telnet brute-force and environment verification targeting embedded Linux architectures. Upon authentication, the host executed BusyBox to validate shell stability for secondary malware staging.
Hueristic Detection:
Target Vector: T1110.001 (Brute Force) / T1059.004 (Unix Shell)
IP Address: 205.186.144.66
Target Port: 23 (Telnet)
TTL: 127 (Maybe Windows)
Execution Footprint: /bin/busybox UNSTABLE