ThreatFox IOC Database
You are viewing the ThreatFox database entry for ip:port 103.166.200.226:23.
Database Entry
| IOC ID: | 1837550 |
|---|---|
| IOC: | 103.166.200.226:23 |
| IOC Type : | ip:port |
| Threat Type : | botnet_cc |
| Malware: | Mirai |
| Malware alias: | Katana |
| Confidence Level : | Confidence level is high (100%) |
| Is compromised? : | False |
| ASN: | AS38758 HYPERNET-AS-ID |
| Country: |  ID |
| First seen: | 2026-06-25 18:52:38 UTC |
| Last seen: | never |
| UUID: | 940dff0a-70b9-11f1-97fa-42010aa4000a |
| Reporter |  Speculus |
| Reward |
10 credits from anonymous |
| Tags: | Mirai Variant UNSTABLE |
| Reference: | https://speculus.co/search?ip=103.166.200.226 |
Speculus
Timestamp : 2026-06-25T17:06:15ZSummary:
Automated Telnet brute-force and environment verification targeting embedded Linux architectures. Upon authentication, the host executed BusyBox to validate shell stability for secondary malware staging.
Hueristic Detection:
Target Vector: T1110.001 (Brute Force) / T1059.004 (Unix Shell)
IP Address: 103.166.200.226
Target Port: 23 (Telnet)
TTL: 127 (Maybe Windows)
Execution Footprint: /bin/busybox UNSTABLE