Check an IP Address, Domain Name, Subnet, or ASN

202.10.41.230 was found in our database!

$ whois 202.10.41.230

country·🇮🇩 Indonesia

isp·CV. Rumahweb Indonesia

asn·AS58487

network·Standard

$ sikker risk 202.10.41.230scoring →

confidence

91%Very High

first_seen·Mar 14, 2026

last_seen·29d ago

sessions·8

events·8

$ sikker protocols 202.10.41.230

REDIS

8 / 8

$ sikker summary 202.10.41.230

202.10.41.230 has a threat confidence score of 91%. This IP address from Indonesia (AS58487, CV. Rumahweb Indonesia) has been observed in 8 honeypot sessions targeting REDIS protocols. Detected attack patterns include redis cron persistence direct config abuse. First observed on March 14, 2026, most recently active March 16, 2026.

$ sikker behaviors 202.10.41.230catalog →

very_highRedis Cron Persistence Direct Config Abuse3x

Detects direct Redis configuration abuse where an exposed instance is reconfigured to write malicious cron entries (including root-executed variants using curl or wget-style binaries), followed by SAVE/FLUSHALL to persist the cron file to disk. This behavior identifies automated cron-based persistence and recurring remote code execution without requiring prior reconnaissance commands.

infoRedis Info Command Invocation3x

Identifies execution of the Redis INFO command (case-insensitive), which retrieves server configuration, version, memory usage, and runtime statistics. This behavior reflects service interrogation and environment fingerprinting activity. While INFO can be used legitimately by administrators, it is also commonly observed during automated scanning and pre-exploitation reconnaissance of exposed Redis instances.

$ sikker primitives 202.10.41.230

redis_save20 redis_config_set_dbfilename_custom16 redis_flushall8 redis_info_lowercase4 redis_config_set_dir_etc4 redis_config_set_dir_cron4 redis_config_set_dbfilename4 redis_set_cron_http_pipe_sh4 redis_set_cron_wget_pipe_sh4 redis_config_set_dir_crontabs4 redis_config_set_dir_etc_cron_d4 redis_config_set_dbfilename_root4 redis_set_cron_root_http_pipe_sh4 redis_set_cron_root_wget_pipe_sh4 redis_cron_set_backup4_wd1_pipe_sh4 redis_config_set_dbfilename_crontab4 redis_cron_set_backup3_curl_kworker_sh4 redis_cron_set_backup4_root_wd1_pipe_sh4 redis_cron_set_backup3_root_curl_pipe_sh4 redis_config_set_stop_writes_on_bgsave_error4

$ sikker related 202.10.41.230

🇮🇩·More threats fromIndonesia→AS·More threats fromCV. Rumahweb Indonesia→REDI·More threats targetingREDIS→{ }·Browse allAttack Patterns→

Report IP WHOIS Lookup →

IP Address	Confidence	Events
203.194.113.228	30%	2
202.10.38.181	75%	3
203.194.113.123	82%	6
202.10.46.145	87%	9
103.253.214.196	75%	3

IP Address	Confidence	Events
103.160.212.109	96%	1,467
103.165.126.245	16%	33
157.20.254.47	100%	116
43.173.30.16	96%	3,902
103.95.102.252	18%	35