Telnet Shell Output Redirect File Create

Shell output redirection using > to create or truncate a file in a writable directory (e.g., /mnt/.x, /tmp/.x, /dev/shm/.x). This pattern is commonly observed during payload staging, where a hidden file is initialized before being populated with downloaded or echoed content. It indicates filesystem write activity without invoking standard file creation utilities.

Observed IPs

6,175

Avg Confidence

94%

Protocol

TELNET

Top IPs by event count

IP Address	Risk	Events	Sessions	Country	ASN	Last Seen
185.16.39.79	100%	1,287,649	25,598	🇵🇱 PL	AS201814	2026-03-02
204.76.203.6	100%	683,509	16,530	🇳🇱 NL	AS51396	2026-02-06
103.93.93.211	100%	136,804	5,648	🇮🇩 ID	AS141140	2026-03-02
103.93.93.182	100%	89,410	3,939	🇮🇩 ID	AS141140	2026-03-03
102.212.40.100	100%	57,512	3,458	🇳🇬 NG	AS329244	2026-03-02
130.12.180.106	100%	37,892	2,509	🇺🇸 US	AS202412	2026-03-01
103.13.138.22	100%	29,851	1,225	🇮🇩 ID	AS150215	2026-03-03
223.123.38.36	100%	26,234	1,065	🇵🇰 PK	AS138423	2026-03-02
223.123.43.1	100%	23,822	959	🇵🇰 PK	AS138423	2026-03-02
223.123.38.33	100%	23,777	904	🇵🇰 PK	AS138423	2026-03-02
223.123.43.69	100%	23,516	1,011	🇵🇰 PK	AS138423	2026-03-02
223.123.43.7	100%	22,992	895	🇵🇰 PK	AS138423	2026-03-02
223.123.43.5	100%	22,905	1,051	🇵🇰 PK	AS138423	2026-03-02
223.123.38.34	100%	21,856	937	🇵🇰 PK	AS138423	2026-02-28
223.123.38.35	100%	21,545	971	🇵🇰 PK	AS138423	2026-03-02
223.123.38.32	100%	21,111	1,133	🇵🇰 PK	AS138423	2026-03-02
223.123.43.0	100%	21,000	982	🇵🇰 PK	AS138423	2026-03-02
158.94.208.69	100%	19,800	19,673	🇩🇪 DE	AS202412	2026-02-22
223.123.43.71	100%	19,630	930	🇵🇰 PK	AS138423	2026-03-02
223.123.43.6	100%	18,385	778	🇵🇰 PK	AS138423	2026-03-02

Loading threats