Loading threats
Shell output redirection using > to create or truncate a file in a writable directory (e.g., /mnt/.x, /tmp/.x, /dev/shm/.x). This pattern is commonly observed during payload staging, where a hidden file is initialized before being populated with downloaded or echoed content. It indicates filesystem write activity without invoking standard file creation utilities.
| IP Address | Risk | Events | Sessions | Country | ASN | Last Seen |
|---|---|---|---|---|---|---|
| 185.16.39.79 | 100% | 1,287,701 | 25,650 | 🇵🇱 PL | AS201814 | 2026-03-17 |
| 103.93.93.211 | 100% | 142,130 | 10,966 | 🇮🇩 ID | AS141140 | 2026-04-04 |
| 161.97.148.194 | 100% | 136,089 | 60,868 | 🇫🇷 FR | AS51167 | 2026-03-12 |
| 103.93.93.182 | 100% | 92,312 | 6,841 | 🇮🇩 ID | AS141140 | 2026-04-04 |
| 102.212.40.100 | 100% | 57,520 | 3,466 | 🇳🇬 NG | AS329244 | 2026-03-18 |
| 130.12.180.106 | 100% | 37,892 | 2,509 | 🇺🇸 US | AS202412 | 2026-03-01 |
| 103.13.138.22 | 100% | 31,726 | 3,100 | 🇮🇩 ID | AS150215 | 2026-04-13 |
| 223.123.38.36 | 100% | 27,157 | 1,988 | 🇵🇰 PK | AS138423 | 2026-04-21 |
| 223.123.38.33 | 100% | 25,362 | 1,783 | 🇵🇰 PK | AS138423 | 2026-04-20 |
| 223.123.43.1 | 100% | 24,497 | 1,634 | 🇵🇰 PK | AS138423 | 2026-04-21 |
| 223.123.43.69 | 100% | 24,309 | 1,804 | 🇵🇰 PK | AS138423 | 2026-04-21 |
| 223.123.43.5 | 100% | 23,915 | 2,061 | 🇵🇰 PK | AS138423 | 2026-04-18 |
| 223.123.43.7 | 100% | 23,782 | 1,685 | 🇵🇰 PK | AS138423 | 2026-04-21 |
| 223.123.38.34 | 100% | 22,867 | 1,948 | 🇵🇰 PK | AS138423 | 2026-04-20 |
| 223.123.38.35 | 100% | 22,352 | 1,778 | 🇵🇰 PK | AS138423 | 2026-04-17 |
| 223.123.38.32 | 100% | 22,076 | 2,054 | 🇵🇰 PK | AS138423 | 2026-04-20 |
| 223.123.43.0 | 100% | 21,782 | 1,764 | 🇵🇰 PK | AS138423 | 2026-04-21 |
| 223.123.43.71 | 100% | 20,271 | 1,571 | 🇵🇰 PK | AS138423 | 2026-04-19 |
| 158.94.208.69 | 100% | 19,800 | 19,673 | 🇩🇪 DE | AS202412 | 2026-02-22 |
| 223.123.43.6 | 100% | 19,286 | 1,673 | 🇵🇰 PK | AS138423 | 2026-04-21 |