Check an IP Address, Domain Name, Subnet, or ASN

123.56.146.124 was found in our database!

$ whois 123.56.146.124

country·🇨🇳 China

city·Beijing

isp·Hangzhou Alibaba Advertising Co.,Ltd.

asn·AS37963

network·Standard

$ sikker risk 123.56.146.124scoring →

confidence

94%Very High

first_seen·Feb 5, 2026

last_seen·1h ago

sessions·23

events·53

$ sikker protocols 123.56.146.124

REDIS

22 / 52

SSH

1 / 1

$ sikker summary 123.56.146.124

123.56.146.124 has a threat confidence score of 94%. This IP address from China (AS37963, Hangzhou Alibaba Advertising Co.,Ltd.) has been observed in 23 honeypot sessions targeting REDIS, SSH protocols. Detected attack patterns include redis cron persistence multi variant payload. First observed on February 5, 2026, most recently active March 21, 2026.

$ sikker behaviors 123.56.146.124catalog →

very_highRedis Cron Persistence Multi Variant Payload5x

Detects Redis configuration abuse where an exposed instance is reconfigured to write cron entries that execute remote payloads via curl or wget/variant binaries (including root-executed variants), followed by SAVE to persist the malicious cron file to disk. Covers multiple backup job names and pipe-to-shell download techniques used for automated persistence and recurring remote code execution.

infoRedis Info Command Invocation5x

Identifies execution of the Redis INFO command (case-insensitive), which retrieves server configuration, version, memory usage, and runtime statistics. This behavior reflects service interrogation and environment fingerprinting activity. While INFO can be used legitimately by administrators, it is also commonly observed during automated scanning and pre-exploitation reconnaissance of exposed Redis instances.

$ sikker primitives 123.56.146.124

redis_save26 redis_config_set_dbfilename_custom23 redis_flushall10 redis_info_lowercase10 redis_config_set_dir_cron6 redis_config_set_dir_etc5 redis_command_introspection5 redis_config_set_dbfilename5 redis_set_cron_http_pipe_sh5 redis_set_cron_wget_pipe_sh5 redis_config_set_dir_crontabs5 redis_config_set_dir_etc_cron_d5 redis_config_set_dbfilename_root5 redis_set_cron_root_http_pipe_sh5 redis_set_cron_root_wget_pipe_sh5 redis_cron_set_backup4_wd1_pipe_sh5 redis_config_set_dbfilename_crontab5 redis_cron_set_backup3_curl_kworker_sh5 redis_cron_set_backup4_root_wd1_pipe_sh5 redis_cron_set_backup3_root_curl_pipe_sh5

$ sikker related 123.56.146.124

🇨🇳·More threats fromChina→AS·More threats fromHangzhou Alibaba Advertising Co.,Ltd.→REDI·More threats targetingREDIS→SSH·More threats targetingSSH→{ }·Browse allAttack Patterns→

Report IP WHOIS Lookup →

IP Address	Confidence	Events
47.100.249.70	79%	13,376
39.105.212.205	38%	239
139.196.233.120	84%	31,586
118.178.142.3	72%	100
116.62.70.37	55%	100

IP Address	Confidence	Events
36.113.65.198	47%	8
139.199.80.137	86%	98,903
175.178.128.197	96%	1,455
120.46.208.218	97%	396
112.67.216.151	97%	522