Check an IP Address, Domain Name, Subnet, or ASN

20.235.199.122 was found in our database!

$ whois 20.235.199.122

country·🇮🇳 India

city·Pune

isp·Microsoft Corporation

asn·AS8075

network·Standard

$ sikker risk 20.235.199.122scoring →

confidence

97%Very High

first_seen·Feb 21, 2026

last_seen·1h ago

sessions·82

events·82

$ sikker protocols 20.235.199.122

REDIS

82 / 82

$ sikker summary 20.235.199.122

20.235.199.122 has a threat confidence score of 97%. This IP address from India (AS8075, Microsoft Corporation) has been observed in 82 honeypot sessions targeting REDIS protocols. Detected attack patterns include redis cron persistence direct config abuse. First observed on February 21, 2026, most recently active March 20, 2026.

$ sikker behaviors 20.235.199.122catalog →

very_highRedis Cron Persistence Direct Config Abuse7x

Detects direct Redis configuration abuse where an exposed instance is reconfigured to write malicious cron entries (including root-executed variants using curl or wget-style binaries), followed by SAVE/FLUSHALL to persist the cron file to disk. This behavior identifies automated cron-based persistence and recurring remote code execution without requiring prior reconnaissance commands.

infoRedis Info Command Invocation23x

Identifies execution of the Redis INFO command (case-insensitive), which retrieves server configuration, version, memory usage, and runtime statistics. This behavior reflects service interrogation and environment fingerprinting activity. While INFO can be used legitimately by administrators, it is also commonly observed during automated scanning and pre-exploitation reconnaissance of exposed Redis instances.

$ sikker primitives 20.235.199.122

redis_save124 redis_config_set_dbfilename_custom99 redis_flushall50 redis_info_lowercase35 redis_config_set_dir_etc25 redis_config_set_dir_cron25 redis_config_set_dbfilename25 redis_set_cron_http_pipe_sh25 redis_set_cron_wget_pipe_sh25 redis_config_set_dir_crontabs25 redis_config_set_dir_etc_cron_d25 redis_config_set_dbfilename_root25 redis_set_cron_root_http_pipe_sh25 redis_set_cron_root_wget_pipe_sh25 redis_cron_set_backup4_wd1_pipe_sh25 redis_cron_set_backup3_curl_kworker_sh25 redis_cron_set_backup4_root_wd1_pipe_sh25 redis_cron_set_backup3_root_curl_pipe_sh25 redis_config_set_stop_writes_on_bgsave_error25 redis_config_set_dbfilename_crontab24

$ sikker related 20.235.199.122

🇮🇳·More threats fromIndia→AS·More threats fromMicrosoft Corporation→REDI·More threats targetingREDIS→{ }·Browse allAttack Patterns→

Report IP WHOIS Lookup →

IP Address	Confidence	Events
20.102.112.104	81%	454
40.76.116.105	81%	170
52.140.102.59	95%	843
20.219.16.35	95%	794
40.124.173.206	89%	150

IP Address	Confidence	Events
36.255.3.203	100%	904
52.66.69.41	95%	702
117.205.175.61	23%	1
128.185.201.98	54%	531
122.252.244.125	82%	2