Loading threats
Detects a Redis CONFIG SET dbfilename <name> command where the RDB snapshot filename is changed to a custom value (e.g., zzh). This behavior is commonly observed during Redis exploitation chains, where an attacker first modifies the working directory (e.g., to /etc/cron.d, /root/.ssh/, or /var/spool/cron/) and then changes the dump filename so that a subsequent SAVE or BGSAVE writes attacker-controlled content to a sensitive path. On its own, changing dbfilename indicates preparatory filesystem manipulation. In sequence with CONFIG SET dir and SAVE, it strongly signals an attempt to achieve persistence or privilege escalation via cron job injection or SSH authorized_keys overwrite.
| IP Address | Risk | Events | Sessions | Country | ASN | Last Seen |
|---|---|---|---|---|---|---|
| 46.19.137.194 | 97% | 28,896 | 15,402 | 🇨🇭 CH | AS51852 | 2026-03-28 |
| 183.56.243.176 | 94% | 5,789 | 704 | 🇨🇳 CN | AS135089 | 2026-04-08 |
| 36.112.94.94 | 84% | 4,158 | 2,244 | 🇨🇳 CN | AS4847 | 2026-02-26 |
| 101.206.108.14 | 100% | 2,965 | 1,157 | 🇨🇳 CN | AS4837 | 2026-04-08 |
| 220.181.1.163 | 100% | 2,801 | 829 | 🇨🇳 CN | AS23724 | 2026-04-09 |
| 221.130.29.85 |
| 91% |
| 2,186 |
| 1,095 |
| 🇨🇳 CN |
| AS56046 |
| 2026-04-08 |
| 9.169.195.91 | 79% | 2,076 | 213 | 🇺🇸 US | AS8075 | 2026-02-18 |
| 14.116.219.149 | 91% | 1,711 | 688 | 🇨🇳 CN | AS58466 | 2026-04-08 |
| 97.74.92.144 | 100% | 1,664 | 726 | 🇺🇸 US | AS26496 | 2026-04-08 |
| 113.214.18.234 | 100% | 1,588 | 1,049 | 🇨🇳 CN | AS24139 | 2026-04-08 |
| 157.230.101.158 | 100% | 1,432 | 674 | 🇩🇪 DE | AS14061 | 2026-04-08 |
| 182.40.103.253 | 100% | 1,313 | 360 | 🇨🇳 CN | AS136195 | 2026-04-08 |
| 74.50.81.220 | 100% | 1,285 | 214 | 🇺🇸 US | AS19318 | 2026-03-31 |
| 138.68.169.168 | 100% | 1,047 | 214 | 🇬🇧 GB | AS14061 | 2026-03-09 |
| 121.30.192.44 | 73% | 1,020 | 400 | 🇨🇳 CN | AS4837 | 2026-04-05 |
| 39.105.202.192 | 86% | 1,016 | 471 | 🇨🇳 CN | AS37963 | 2026-04-07 |
| 139.198.30.179 | 84% | 972 | 232 | 🇨🇳 CN | AS59078 | 2026-04-08 |
| 117.72.186.146 | 78% | 906 | 217 | 🇨🇳 CN | AS141679 | 2026-04-07 |
| 84.247.137.164 | 100% | 881 | 107 | 🇫🇷 FR | AS51167 | 2026-02-23 |
| 143.198.113.180 | 83% | 879 | 79 | 🇺🇸 US | AS14061 | 2026-02-21 |