Looking up IP
Check an IP Address, Domain Name, Subnet, or ASN
20.175.201.85 has a threat confidence score of 86%. This IP address from Canada (AS8075, Microsoft Corporation) has been observed in 9 honeypot sessions targeting REDIS protocols. Detected attack patterns include redis cron persistence direct config abuse. First observed on March 10, 2026, most recently active March 12, 2026.
Detects direct Redis configuration abuse where an exposed instance is reconfigured to write malicious cron entries (including root-executed variants using curl or wget-style binaries), followed by SAVE/FLUSHALL to persist the cron file to disk. This behavior identifies automated cron-based persistence and recurring remote code execution without requiring prior reconnaissance commands.
Identifies execution of the Redis INFO command (case-insensitive), which retrieves server configuration, version, memory usage, and runtime statistics. This behavior reflects service interrogation and environment fingerprinting activity. While INFO can be used legitimately by administrators, it is also commonly observed during automated scanning and pre-exploitation reconnaissance of exposed Redis instances.