Loading threats
Execution of /bin/busybox wget, leveraging the BusyBox multi-call binary to download remote content. This pattern is commonly observed on embedded Linux systems and IoT devices where BusyBox provides lightweight networking utilities. Its use typically indicates payload retrieval or secondary stage download activity following initial shell access.
| IP Address | Risk | Events | Sessions | Country | ASN | Last Seen |
|---|---|---|---|---|---|---|
| 103.93.93.211 | 100% | 136,804 | 5,648 | 🇮🇩 ID | AS141140 | 2026-03-02 |
| 103.93.93.182 | 100% | 89,410 | 3,939 | 🇮🇩 ID | AS141140 | 2026-03-03 |
| 102.212.40.100 | 100% | 57,512 | 3,458 | 🇳🇬 NG | AS329244 | 2026-03-02 |
| 130.12.180.106 | 100% | 37,892 | 2,509 | 🇺🇸 US | AS202412 | 2026-03-01 |
| 103.13.138.22 | 100% | 29,851 | 1,225 | 🇮🇩 ID | AS150215 | 2026-03-03 |
| 223.123.38.36 | 100% | 26,234 | 1,065 | 🇵🇰 PK | AS138423 | 2026-03-02 |
| 223.123.43.1 | 100% | 23,822 | 959 | 🇵🇰 PK | AS138423 | 2026-03-02 |
| 223.123.38.33 | 100% | 23,777 | 904 | 🇵🇰 PK | AS138423 | 2026-03-02 |
| 223.123.43.69 | 100% | 23,516 | 1,011 | 🇵🇰 PK | AS138423 | 2026-03-02 |
| 223.123.43.7 | 100% | 22,992 | 895 | 🇵🇰 PK | AS138423 | 2026-03-02 |
| 223.123.43.5 | 100% | 22,905 | 1,051 | 🇵🇰 PK | AS138423 | 2026-03-02 |
| 223.123.38.34 | 100% | 21,856 | 937 | 🇵🇰 PK | AS138423 | 2026-02-28 |
| 223.123.38.35 | 100% | 21,545 | 971 | 🇵🇰 PK | AS138423 | 2026-03-02 |
| 223.123.38.32 | 100% | 21,111 | 1,133 | 🇵🇰 PK | AS138423 | 2026-03-02 |
| 223.123.43.0 | 100% | 21,000 | 982 | 🇵🇰 PK | AS138423 | 2026-03-02 |
| 158.94.208.69 | 100% | 19,800 | 19,673 | 🇩🇪 DE | AS202412 | 2026-02-22 |
| 223.123.43.71 | 100% | 19,630 | 930 | 🇵🇰 PK | AS138423 | 2026-03-02 |
| 223.123.43.6 | 100% | 18,385 | 778 | 🇵🇰 PK | AS138423 | 2026-03-02 |
| 223.123.43.3 | 100% | 17,857 | 1,003 | 🇵🇰 PK | AS138423 | 2026-03-02 |
| 223.123.43.70 | 100% | 16,525 | 804 | 🇵🇰 PK | AS138423 | 2026-03-02 |