Loading threats
Detects direct Redis configuration abuse where an exposed instance is reconfigured to write malicious cron entries (including root-executed variants using curl or wget-style binaries), followed by SAVE/FLUSHALL to persist the cron file to disk. This behavior identifies automated cron-based persistence and recurring remote code execution without requiring prior reconnaissance commands.
| IP Address | Risk | Events | Sessions | Country | ASN | Last Seen |
|---|---|---|---|---|---|---|
| 97.74.92.144 | 100% | 1,781 | 843 | 🇺🇸 US | AS26496 | 2026-04-16 |
| 157.230.101.158 | 100% | 1,491 | 733 | 🇺🇸 US | AS14061 | 2026-04-16 |
| 74.50.81.220 | 100% | 1,285 | 214 | 🇺🇸 US | AS19318 | 2026-03-31 |
| 143.198.113.180 | 83% | 879 | 79 | 🇺🇸 US | AS14061 | 2026-02-21 |
| 31.210.36.192 | 92% | 645 | 53 | 🇹🇷 TR | AS212219 | 2026-02-24 |
| 157.245.229.234 | 100% | 347 | 347 | 🇺🇸 US | AS14061 | 2026-04-16 |
| 20.235.199.173 | 96% | 317 | 114 | 🇮🇳 IN | AS8075 | 2026-04-16 |
| 20.175.205.56 | 100% | 269 | 269 | 🇨🇦 CA | AS8075 | 2026-04-15 |
| 20.175.198.133 | 100% | 269 | 267 | 🇨🇦 CA | AS8075 | 2026-04-17 |
| 161.35.120.3 | 100% | 244 | 244 | 🇺🇸 US | AS14061 | 2026-03-21 |
| 20.116.232.29 | 99% | 235 | 233 | 🇨🇦 CA | AS8075 | 2026-04-15 |
| 49.7.204.85 | 100% | 227 | 227 | 🇨🇳 CN | AS23724 | 2026-04-16 |
| 51.77.47.129 | 95% | 204 | 202 | 🇵🇱 PL | AS16276 | 2026-04-17 |
| 52.146.64.68 | 96% | 190 | 49 | 🇺🇸 US | AS8075 | 2026-03-08 |
| 36.133.118.248 | 100% | 174 | 172 | 🇨🇳 CN | AS9808 | 2026-04-16 |
| 130.107.177.247 | 98% | 145 | 145 | 🇨🇦 CA | AS8075 | 2026-02-27 |
| 20.215.88.213 | 100% | 141 | 141 | 🇵🇱 PL | AS8075 | 2026-04-16 |
| 82.180.144.91 | 100% | 138 | 138 | 🇮🇳 IN | AS141995 | 2026-04-16 |
| 45.130.148.86 | 87% | 134 | 37 | 🇺🇿 UZ | AS35682 | 2026-03-16 |
| 20.235.199.122 | 97% | 129 | 129 | 🇮🇳 IN | AS8075 | 2026-04-07 |