Loading threats
Shell output redirection using > to create or truncate a file in a writable directory (e.g., /mnt/.x, /tmp/.x, /dev/shm/.x). This pattern is commonly observed during payload staging, where a hidden file is initialized before being populated with downloaded or echoed content. It indicates filesystem write activity without invoking standard file creation utilities.
| IP Address | Risk | Events | Sessions | Country | ASN | Last Seen |
|---|---|---|---|---|---|---|
| 185.16.39.79 | 100% | 1,287,701 | 25,650 | 🇵🇱 PL | AS201814 | 2026-03-17 |
| 103.93.93.211 | 100% | 142,130 | 10,966 | 🇮🇩 ID | AS141140 | 2026-04-04 |
| 161.97.148.194 | 100% | 136,089 | 60,868 | 🇫🇷 FR | AS51167 | 2026-03-12 |
| 103.93.93.182 | 100% | 92,312 | 6,841 | 🇮🇩 ID | AS141140 | 2026-04-04 |
| 102.212.40.100 | 100% | 57,520 | 3,466 | 🇳🇬 NG | AS329244 | 2026-03-18 |
| 130.12.180.106 | 100% | 37,892 | 2,509 | 🇺🇸 US | AS202412 | 2026-03-01 |
| 103.13.138.22 | 100% | 31,726 | 3,100 | 🇮🇩 ID | AS150215 | 2026-04-13 |
| 223.123.38.36 | 100% | 27,147 | 1,978 | 🇵🇰 PK | AS138423 | 2026-04-17 |
| 223.123.38.33 | 100% | 25,311 | 1,732 | 🇵🇰 PK | AS138423 | 2026-04-13 |
| 223.123.43.1 | 100% | 24,446 | 1,583 | 🇵🇰 PK | AS138423 | 2026-04-13 |
| 223.123.43.69 | 100% | 24,235 | 1,730 | 🇵🇰 PK | AS138423 | 2026-04-18 |
| 223.123.43.5 | 100% | 23,886 | 2,032 | 🇵🇰 PK | AS138423 | 2026-04-15 |
| 223.123.43.7 | 100% | 23,745 | 1,648 | 🇵🇰 PK | AS138423 | 2026-04-10 |
| 223.123.38.34 | 100% | 22,866 | 1,947 | 🇵🇰 PK | AS138423 | 2026-04-18 |
| 223.123.38.35 | 100% | 22,352 | 1,778 | 🇵🇰 PK | AS138423 | 2026-04-17 |
| 223.123.38.32 | 100% | 22,046 | 2,024 | 🇵🇰 PK | AS138423 | 2026-04-18 |
| 223.123.43.0 | 100% | 21,732 | 1,714 | 🇵🇰 PK | AS138423 | 2026-04-14 |
| 223.123.43.71 | 100% | 20,246 | 1,546 | 🇵🇰 PK | AS138423 | 2026-04-13 |
| 158.94.208.69 | 100% | 19,800 | 19,673 | 🇩🇪 DE | AS202412 | 2026-02-22 |
| 223.123.43.6 | 100% | 19,263 | 1,650 | 🇵🇰 PK | AS138423 | 2026-04-16 |