20.207.69.26 — Microsoft Corporation, IN — Very High (92%)

Check an IP Address, Domain Name, Subnet, or ASN

20.207.69.26 was found in our database!

Confidence Level

92%

Very High?

Geolocation

🇮🇳

IndiaPune

ISPMicrosoft Corporation

ASNAS8075

Activity Timeline

First seenMar 5, 2026, 08:05 AM

Last seen1h ago

21Sessions

21Events

Protocol Breakdown

REDIS

21 / 21

20.207.69.26 has a very high threat confidence level of 92%, originating from Pune, India, on the Microsoft Corporation network (8075). It has been observed across 21 sessions targeting REDIS, with detected attack patterns including redis cron persistence direct config abuse, First observed on March 5, 2026, most recently active March 5, 2026.

Behaviors

Classified behavioral patterns observed

Redis Cron Persistence Direct Config Abuse

very_high1x

Detects direct Redis configuration abuse where an exposed instance is reconfigured to write malicious cron entries (including root-executed variants using curl or wget-style binaries), followed by SAVE/FLUSHALL to persist the cron file to disk. This behavior identifies automated cron-based persistence and recurring remote code execution without requiring prior reconnaissance commands.

Redis Info Command Invocation

info9x

Identifies execution of the Redis INFO command (case-insensitive), which retrieves server configuration, version, memory usage, and runtime statistics. This behavior reflects service interrogation and environment fingerprinting activity. While INFO can be used legitimately by administrators, it is also commonly observed during automated scanning and pre-exploitation reconnaissance of exposed Redis instances.

Primitives

Individual actions observed

Redis Save50 Redis Config Set Dbfilename Custom40 Redis Flushall20 Redis Info Lowercase10 Redis Config Set Dir Etc10 Redis Config Set Dir Cron10 Redis Config Set Dbfilename10 Redis Set Cron Http Pipe Sh10 Redis Set Cron Wget Pipe Sh10 Redis Config Set Dir Crontabs10 Redis Config Set Dir Etc Cron D10 Redis Config Set Dbfilename Root10 Redis Set Cron Root Http Pipe Sh10 Redis Set Cron Root Wget Pipe Sh10 Redis Cron Set Backup4 Wd1 Pipe Sh10 Redis Config Set Dbfilename Crontab10 Redis Cron Set Backup3 Curl Kworker Sh10 Redis Cron Set Backup4 Root Wd1 Pipe Sh10 Redis Cron Set Backup3 Root Curl Pipe Sh10 Redis Config Set Stop Writes On Bgsave Error10

Related Threats

Explore related threat intelligence

🇮🇳More threats fromIndia ASMore threats fromMicrosoft Corporation REDISMore threats targetingREDIS { }Browse allAttack Patterns

WHOIS Lookup

IP Address	Confidence	Events
20.65.192.150	64%	99
135.119.112.180	83%	115
20.65.193.55	76%	147
20.84.145.84	59%	93
20.168.121.101	74%	155

IP Address	Confidence	Events
45.120.248.207	86%	16,889
103.82.159.144	13%	2
122.163.77.227	30%	2
103.99.197.131	22%	19
125.23.56.202	26%	48