Loading threats
Attempts to grant execute permissions to a hidden binary located at /.16. The command first tries to escalate privileges by piping a password to sudo -S to run chmod +x /.16, and falls back to executing the same permission change without sudo if privilege escalation fails. This pattern is commonly observed in automated attack scripts preparing a downloaded payload for execution while attempting opportunistic privilege escalation.
| IP Address | Risk | Events | Sessions | Country | ASN | Last Seen |
|---|---|---|---|---|---|---|
| 62.171.133.1 | 94% | 5,459 | 5,285 | 🇩🇪 DE | AS51167 | 2026-03-09 |
| 161.35.90.112 | 91% | 2,811 | 372 | 🇳🇱 NL | AS14061 | 2026-02-08 |
| 104.248.87.23 | 75% | 1,569 | 399 | 🇳🇱 NL | AS14061 | 2026-03-01 |
| 146.190.20.104 | 76% | 1,448 | 209 | 🇳🇱 NL | AS14061 | 2026-02-26 |
| 188.166.41.118 | 90% | 1,400 | 182 | 🇳🇱 NL | AS14061 | 2026-02-08 |
| 159.65.147.12 | 81% | 160 | 144 | 🇮🇳 IN | AS14061 |
| 2026-02-26 |
| 46.101.181.190 | 75% | 52 | 52 | 🇩🇪 DE | AS14061 | 2026-02-27 |