114.80.35.241 — China Telecom Group, CN — Very High (99%)

Check an IP Address, Domain Name, Subnet, or ASN

114.80.35.241 was found in our database!

Confidence Level

99%

Very High?

Geolocation

🇨🇳

ChinaShanghai

ISPChina Telecom Group

ASNAS4811

Activity Timeline

First seenJan 21, 2026, 02:20 AM

Last seen1h ago

186Sessions

529Events

Protocol Breakdown

REDIS

186 / 529

114.80.35.241 has a very high threat confidence level of 99%, originating from Shanghai, China, on the China Telecom Group network (4811). It has been observed across 186 sessions targeting REDIS, with detected attack patterns including redis config cron persistence via save, First observed on January 21, 2026, most recently active March 5, 2026.

Behaviors

Classified behavioral patterns observed

Redis Config Cron Persistence Via Save

very_high19x

Identifies Redis configuration abuse where an attacker modifies dir and dbfilename to write a malicious cron job to system cron directories, disables write protections, saves the database to disk, and achieves persistence via scheduled command execution (often using wget/curl pipe-to-sh patterns).

Redis Info Command Invocation

info9x

Identifies execution of the Redis INFO command (case-insensitive), which retrieves server configuration, version, memory usage, and runtime statistics. This behavior reflects service interrogation and environment fingerprinting activity. While INFO can be used legitimately by administrators, it is also commonly observed during automated scanning and pre-exploitation reconnaissance of exposed Redis instances.

Primitives

Individual actions observed

Redis Save110 Redis Config Set Dbfilename Custom92 Redis Flushall44 Redis Set System Cron Payload44 Redis Set Cron Backdoor Payload44 Redis Set Cron Http Pipe Sh23 Redis Set Cron Wget Pipe Sh23 Redis Set Cron Root Http Pipe Sh23 Redis Set Cron Root Wget Pipe Sh23 Redis Cron Set Backup4 Root Wd1 Pipe Sh23 Redis Cron Set Backup3 Root Curl Pipe Sh23 Redis Config Set Dir Etc22 Redis Config Set Dir Cron22 Redis Command Introspection22 Redis Config Set Dbfilename22 Redis Config Set Dir Crontabs22 Redis Config Set Dir Etc Cron D22 Redis Config Set Dbfilename Root22 Redis Config Set Dbfilename Crontab22 Redis Config Set Stop Writes On Bgsave Error22

Related Threats

Explore related threat intelligence

🇨🇳More threats fromChina ASMore threats fromChina Telecom Group REDISMore threats targetingREDIS { }Browse allAttack Patterns

WHOIS Lookup

IP Address	Confidence	Events
218.78.59.30	98%	51
14.103.41.98	100%	545
14.103.117.86	100%	654
101.89.217.152	92%	56
14.103.115.213	100%	512

IP Address	Confidence	Events
61.184.173.26	82%	7,261
47.109.207.100	81%	18,992
14.116.219.149	85%	1,401
47.109.53.53	81%	17,099
112.46.214.57	85%	4,007