Loading threats
Shell command rm -rf targeting one or more dot-prefixed relative paths (e.g., .ffaaxx, .d). This pattern indicates forced recursive removal of hidden artifacts within the current working directory and is commonly observed as cleanup activity following staged payload execution in automated Telnet-based compromise chains.
| IP Address | Risk | Events | Sessions | Country | ASN | Last Seen |
|---|---|---|---|---|---|---|
| 223.123.38.36 | 100% | 27,132 | 1,963 | 🇵🇰 PK | AS138423 | 2026-04-15 |
| 103.184.56.249 | 97% | 25,666 | 196 | 🇮🇩 ID | AS149667 | 2026-02-25 |
| 103.156.221.253 | 97% | 25,219 | 195 | 🇮🇩 ID | AS149667 | 2026-02-26 |
| 103.184.56.241 | 92% | 22,538 | 178 | 🇮🇩 ID | AS149667 | 2026-04-02 |
| 158.94.208.69 | 100% | 19,800 | 19,673 | 🇩🇪 DE | AS202412 | 2026-02-22 |
| 114.33.12.13 | 99% | 9,289 | 453 | 🇹🇼 TW | AS3462 | 2026-04-16 |
| 195.178.110.241 | 100% | 6,183 | 5,592 | 🇧🇬 BG | AS48090 | 2026-02-20 |
| 116.41.81.52 | 94% | 2,973 | 124 | 🇰🇷 KR | AS17858 | 2026-04-17 |
| 85.130.237.235 | 96% | 2,626 | 55 | 🇮🇱 IL | AS6810 | 2026-04-10 |
| 103.156.221.242 | 85% | 1,704 | 39 | 🇮🇩 ID | AS149667 | 2026-04-05 |
| 103.184.56.220 | 87% | 1,595 | 45 | 🇮🇩 ID | AS149667 | 2026-04-10 |
| 82.42.209.185 | 82% | 1,079 | 19 | 🇬🇧 GB | AS5089 | 2026-04-04 |
| 111.220.67.53 | 87% | 1,028 | 16 | 🇦🇺 AU | AS9443 | 2026-03-05 |
| 109.196.219.116 | 81% | 962 | 16 | 🇷🇺 RU | AS50439 | 2026-04-02 |
| 195.154.182.97 | 85% | 958 | 12 | 🇫🇷 FR | AS12876 | 2026-03-05 |
| 71.105.248.81 | 87% | 924 | 18 | 🇺🇸 US | AS701 | 2026-03-26 |
| 104.7.193.137 | 90% | 920 | 6 | 🇺🇸 US | AS7018 | 2026-02-21 |
| 108.173.69.139 | 88% | 872 | 16 | 🇨🇦 CA | AS852 | 2026-03-08 |
| 95.172.180.29 | 88% | 866 | 18 | 🇵🇹 PT | AS15457 | 2026-03-25 |
| 49.158.200.168 | 87% | 856 | 16 | 🇹🇼 TW | AS24163 | 2026-03-04 |