Check an IP Address, Domain Name, Subnet, or ASN

38.244.163.19 was found in our database!

$ whois 38.244.163.19

country·🇩🇪 Germany

city·Frankfurt am Main

isp·Leaseweb Deutschland GmbH

asn·AS28753

network·Standard

$ sikker risk 38.244.163.19scoring →

confidence

90%Very High

first_seen·Feb 27, 2026

last_seen·21d ago

sessions·6

events·6

$ sikker protocols 38.244.163.19

REDIS

6 / 6

$ sikker summary 38.244.163.19

38.244.163.19 has a threat confidence score of 90%. This IP address from Germany (AS28753, Leaseweb Deutschland GmbH) has been observed in 6 honeypot sessions targeting REDIS protocols. Detected attack patterns include redis cron persistence multi variant payload. First observed on February 27, 2026, most recently active February 27, 2026.

$ sikker behaviors 38.244.163.19catalog →

very_highRedis Cron Persistence Multi Variant Payload3x

Detects Redis configuration abuse where an exposed instance is reconfigured to write cron entries that execute remote payloads via curl or wget/variant binaries (including root-executed variants), followed by SAVE to persist the malicious cron file to disk. Covers multiple backup job names and pipe-to-shell download techniques used for automated persistence and recurring remote code execution.

$ sikker primitives 38.244.163.19

redis_save15 redis_config_set_dbfilename_custom12 redis_flushall6 redis_config_set_dir_etc3 redis_config_set_dir_cron3 redis_command_introspection3 redis_config_set_dbfilename3 redis_set_cron_http_pipe_sh3 redis_set_cron_wget_pipe_sh3 redis_config_set_dir_crontabs3 redis_config_set_dir_etc_cron_d3 redis_config_set_dbfilename_root3 redis_set_cron_root_http_pipe_sh3 redis_set_cron_root_wget_pipe_sh3 redis_cron_set_backup4_wd1_pipe_sh3 redis_config_set_dbfilename_crontab3 redis_cron_set_backup3_curl_kworker_sh3 redis_cron_set_backup4_root_wd1_pipe_sh3 redis_cron_set_backup3_root_curl_pipe_sh3 redis_config_set_stop_writes_on_bgsave_error3

$ sikker related 38.244.163.19

🇩🇪·More threats fromGermany→AS·More threats fromLeaseweb Deutschland GmbH→REDI·More threats targetingREDIS→{ }·Browse allAttack Patterns→

Report IP WHOIS Lookup →

IP Address	Confidence	Events
84.16.230.137	55%	27
92.119.182.136	39%	4
31.59.10.53	23%	1
45.117.55.30	23%	1
46.165.194.56	16%	18

IP Address	Confidence	Events
5.83.144.23	75%	174
49.51.169.239	96%	1,556
43.131.57.101	96%	1,757
159.195.63.105	93%	69
217.154.233.215	100%	489