8.142.178.14 — Hangzhou Alibaba Advertising Co.,Ltd., CN — Very High (96%)

Check an IP Address, Domain Name, Subnet, or ASN

8.142.178.14 was found in our database!

Confidence Level

96%

Very High?

Geolocation

🇨🇳

ChinaBeijing

ISPHangzhou Alibaba Advertising Co.,Ltd.

ASNAS37963

Activity Timeline

First seenJan 21, 2026, 07:40 PM

Last seen8h ago

29Sessions

135Events

Protocol Breakdown

REDIS

23 / 127

SSH

6 / 8

8.142.178.14 has a very high threat confidence level of 96%, originating from Beijing, China, on the Hangzhou Alibaba Advertising Co.,Ltd. network (37963). It has been observed across 29 sessions targeting REDIS, SSH, with detected attack patterns including redis config cron persistence via save, ssh authorized keys persistence established, First observed on January 21, 2026, most recently active March 5, 2026.

Behaviors

Classified behavioral patterns observed

Redis Config Cron Persistence Via Save

very_high3x

Identifies Redis configuration abuse where an attacker modifies dir and dbfilename to write a malicious cron job to system cron directories, disables write protections, saves the database to disk, and achieves persistence via scheduled command execution (often using wget/curl pipe-to-sh patterns).

Ssh Authorized Keys Persistence Established

very_high1x

Removal of filesystem attribute protections from the user’s .ssh directory followed by deletion and recreation of the directory and insertion of a new public key into authorized_keys. This pattern reflects deliberate modification of SSH trust configuration to establish persistent key-based access.

Redis Info Command Invocation

info1x

Identifies execution of the Redis INFO command (case-insensitive), which retrieves server configuration, version, memory usage, and runtime statistics. This behavior reflects service interrogation and environment fingerprinting activity. While INFO can be used legitimately by administrators, it is also commonly observed during automated scanning and pre-exploitation reconnaissance of exposed Redis instances.

Primitives

Individual actions observed

Redis Save15 Redis Config Set Dbfilename Custom12 Redis Flushall6 Redis Set System Cron Payload6 Redis Set Cron Backdoor Payload6 Redis Config Set Dir Etc3 Redis Config Set Dir Cron3 Redis Command Introspection3 Redis Config Set Dbfilename3 Redis Set Cron Http Pipe Sh3 Redis Set Cron Wget Pipe Sh3 Redis Config Set Dir Crontabs3 Redis Config Set Dir Etc Cron D3 Redis Config Set Dbfilename Root3 Redis Set Cron Root Http Pipe Sh3 Redis Set Cron Root Wget Pipe Sh3 Redis Config Set Dbfilename Crontab3 Redis Cron Set Backup4 Root Wd1 Pipe Sh3 Redis Cron Set Backup3 Root Curl Pipe Sh3 Redis Config Set Stop Writes On Bgsave Error3

Related Threats

Explore related threat intelligence

🇨🇳More threats fromChina ASMore threats fromHangzhou Alibaba Advertising Co.,Ltd.REDISMore threats targetingREDIS SSHMore threats targetingSSH { }Browse allAttack Patterns

WHOIS Lookup

IP Address	Confidence	Events
47.109.53.53	81%	17,099
47.109.207.100	81%	18,991
101.132.88.121	78%	7,395
8.138.17.46	84%	19,505
60.205.231.100	85%	48,180

IP Address	Confidence	Events
61.184.173.26	82%	7,261
47.109.207.100	81%	18,992
14.116.219.149	85%	1,401
47.109.53.53	81%	17,099
112.46.214.57	85%	4,007