114.113.235.163 — China Unicom Beijing Province Network, CN — Very High (81%)

Check an IP Address, Domain Name, Subnet, or ASN

114.113.235.163 was found in our database!

Confidence Level

81%

Very High?

Geolocation

🇨🇳

China

ISPChina Unicom Beijing Province Network

ASNAS4808

Activity Timeline

First seenMar 3, 2026, 02:34 AM

Last seen2h ago

10Sessions

10Events

Protocol Breakdown

REDIS

10 / 10

114.113.235.163 has a very high threat confidence level of 81%, originating from China, on the China Unicom Beijing Province Network network (4808). It has been observed across 10 sessions targeting REDIS, with detected attack patterns including redis cron persistence multi variant payload, First observed on March 3, 2026, most recently active March 5, 2026.

Behaviors

Classified behavioral patterns observed

Redis Cron Persistence Multi Variant Payload

very_high1x

Detects Redis configuration abuse where an exposed instance is reconfigured to write cron entries that execute remote payloads via curl or wget/variant binaries (including root-executed variants), followed by SAVE to persist the malicious cron file to disk. Covers multiple backup job names and pipe-to-shell download techniques used for automated persistence and recurring remote code execution.

Redis Info Command Invocation

info3x

Identifies execution of the Redis INFO command (case-insensitive), which retrieves server configuration, version, memory usage, and runtime statistics. This behavior reflects service interrogation and environment fingerprinting activity. While INFO can be used legitimately by administrators, it is also commonly observed during automated scanning and pre-exploitation reconnaissance of exposed Redis instances.

Primitives

Individual actions observed

Redis Save5 Redis Info Lowercase4 Redis Config Set Dbfilename Custom4 Redis Flushall2 Redis Config Set Dir Etc1 Redis Config Set Dir Cron1 Redis Command Introspection1 Redis Config Set Dbfilename1 Redis Set Cron Http Pipe Sh1 Redis Set Cron Wget Pipe Sh1 Redis Config Set Dir Crontabs1 Redis Config Set Dir Etc Cron D1 Redis Config Set Dbfilename Root1 Redis Set Cron Root Http Pipe Sh1 Redis Set Cron Root Wget Pipe Sh1 Redis Cron Set Backup4 Wd1 Pipe Sh1 Redis Config Set Dbfilename Crontab1 Redis Cron Set Backup3 Curl Kworker Sh1 Redis Cron Set Backup4 Root Wd1 Pipe Sh1 Redis Cron Set Backup3 Root Curl Pipe Sh1

Related Threats

Explore related threat intelligence

🇨🇳More threats fromChina ASMore threats fromChina Unicom Beijing Province Network REDISMore threats targetingREDIS { }Browse allAttack Patterns

WHOIS Lookup

IP Address	Confidence	Events
111.207.112.5	100%	440
117.50.73.90	100%	556
123.117.152.245	95%	657
117.50.245.253	100%	6,693
222.128.15.127	55%	440

IP Address	Confidence	Events
101.132.88.121	78%	7,602
139.199.80.137	86%	82,809
39.99.214.254	86%	52,250
8.162.14.145	85%	9,161
106.13.181.42	100%	799