Loading threats
Invocation of /bin/busybox cat /proc/mounts to enumerate currently mounted filesystems on a Linux system. This is commonly observed during automated post-compromise discovery where an actor inspects available mount points to identify writable locations, network filesystems, or temporary storage paths suitable for payload staging and execution.
| IP Address | Risk | Events | Sessions | Country | ASN | Last Seen |
|---|---|---|---|---|---|---|
| 77.45.86.115 | 96% | 37,226 | 1,552 | 🇵🇱 PL | AS35191 | 2026-03-03 |
| 123.248.63.133 | 94% | 15,159 | 821 | 🇰🇷 KR | AS9845 | 2026-04-14 |
| 112.46.214.107 | 93% | 12,164 | 596 | 🇨🇳 CN | AS9808 | 2026-04-16 |
| 1.177.63.13 | 89% | 11,494 | 192 | 🇰🇷 KR | AS17577 | 2026-02-22 |
| 112.46.214.80 | 90% | 9,618 | 384 | 🇨🇳 CN | AS9808 | 2026-04-16 |
| 112.46.213.137 | 89% | 9,479 | 245 | 🇨🇳 CN | AS9808 | 2026-04-10 |
| 112.46.213.166 | 96% | 8,988 | 176 | 🇨🇳 CN | AS9808 | 2026-03-03 |
| 112.46.214.117 | 91% | 8,971 | 279 | 🇨🇳 CN | AS9808 | 2026-04-13 |
| 112.46.212.193 | 91% | 8,924 | 403 | 🇨🇳 CN | AS9808 | 2026-04-16 |
| 112.46.213.193 | 98% | 8,912 | 403 | 🇨🇳 CN | AS9808 | 2026-04-16 |
| 112.46.212.137 | 90% | 8,889 | 223 | 🇨🇳 CN | AS9808 | 2026-04-10 |
| 112.46.212.166 | 96% | 8,325 | 166 | 🇨🇳 CN | AS9808 | 2026-03-03 |
| 112.46.214.16 | 90% | 8,209 | 312 | 🇨🇳 CN | AS9808 | 2026-04-11 |
| 112.46.214.20 | 91% | 8,051 | 354 | 🇨🇳 CN | AS9808 | 2026-04-07 |
| 112.46.214.77 | 88% | 7,838 | 224 | 🇨🇳 CN | AS9808 | 2026-03-31 |
| 176.65.148.193 | 100% | 7,700 | 2,055 | 🇳🇱 NL | AS51396 | 2026-03-26 |
| 1.177.63.24 | 90% | 7,681 | 481 | 🇰🇷 KR | AS17577 | 2026-04-13 |
| 112.46.214.53 | 91% | 7,480 | 382 | 🇨🇳 CN | AS9808 | 2026-04-14 |
| 1.177.63.17 | 90% | 7,413 | 276 | 🇰🇷 KR | AS17577 | 2026-03-13 |
| 112.46.214.74 | 98% | 7,372 | 311 | 🇨🇳 CN | AS9808 | 2026-04-09 |