Loading threats
Invocation of /bin/busybox cat /proc/mounts to enumerate currently mounted filesystems on a Linux system. This is commonly observed during automated post-compromise discovery where an actor inspects available mount points to identify writable locations, network filesystems, or temporary storage paths suitable for payload staging and execution.
| IP Address | Risk | Events | Sessions | Country | ASN | Last Seen |
|---|---|---|---|---|---|---|
| 77.45.86.115 | 96% | 37,226 | 1,552 | 🇵🇱 PL | AS35191 | 2026-03-03 |
| 123.248.63.133 | 94% | 15,091 | 753 | 🇰🇷 KR | AS9845 | 2026-04-08 |
| 112.46.214.107 | 91% | 12,125 | 557 | 🇨🇳 CN | AS9808 | 2026-04-06 |
| 1.177.63.13 | 89% | 11,494 | 192 | 🇰🇷 KR | AS17577 | 2026-02-22 |
| 112.46.214.80 | 90% | 9,548 | 314 | 🇨🇳 CN | AS9808 | 2026-03-25 |
| 112.46.213.137 | 90% | 9,465 | 231 | 🇨🇳 CN | AS9808 | 2026-03-07 |
| 112.46.213.166 | 96% | 8,988 | 176 | 🇨🇳 CN | AS9808 | 2026-03-03 |
| 112.46.214.117 | 90% | 8,965 | 273 | 🇨🇳 CN | AS9808 | 2026-04-09 |
| 112.46.212.193 | 91% | 8,886 | 365 | 🇨🇳 CN | AS9808 | 2026-04-06 |
| 112.46.212.137 | 90% | 8,878 | 212 | 🇨🇳 CN | AS9808 | 2026-04-07 |
| 112.46.213.193 | 98% | 8,867 | 358 | 🇨🇳 CN | AS9808 | 2026-03-26 |
| 112.46.212.166 | 96% | 8,325 | 166 | 🇨🇳 CN | AS9808 | 2026-03-03 |
| 112.46.214.16 | 89% | 8,167 | 270 | 🇨🇳 CN | AS9808 | 2026-04-08 |
| 112.46.214.20 | 91% | 8,051 | 354 | 🇨🇳 CN | AS9808 | 2026-04-07 |
| 112.46.214.77 | 88% | 7,838 | 224 | 🇨🇳 CN | AS9808 | 2026-03-31 |
| 176.65.148.193 | 100% | 7,700 | 2,055 | 🇳🇱 NL | AS51396 | 2026-03-26 |
| 1.177.63.24 | 91% | 7,679 | 479 | 🇰🇷 KR | AS17577 | 2026-03-16 |
| 112.46.214.53 | 90% | 7,479 | 381 | 🇨🇳 CN | AS9808 | 2026-04-03 |
| 1.177.63.17 | 90% | 7,413 | 276 | 🇰🇷 KR | AS17577 | 2026-03-13 |
| 112.46.214.74 | 98% | 7,372 | 311 | 🇨🇳 CN | AS9808 | 2026-04-09 |