Loading threats
Detects a Redis CONFIG SET dir /etc/cron.d command, which changes the Redis working directory to the system cron directory. This is a well-known exploitation technique used after gaining write access to an exposed Redis instance. By redirecting the dump directory to /etc/cron.d, attackers can subsequently use SAVE or BGSAVE to write a malicious cron file to disk, achieving persistent command execution on the host.
| IP Address | Risk | Events | Sessions | Country | ASN | Last Seen |
|---|---|---|---|---|---|---|
| 113.214.18.234 | 100% | 1,616 | 1,077 | 🇨🇳 CN | AS24139 | 2026-04-27 |
| 119.45.248.246 | 79% | 451 | 61 | 🇨🇳 CN | AS45090 | 2026-04-25 |
| 109.244.159.27 | 66% | 351 | 47 | 🇨🇳 CN | AS45090 | 2026-04-16 |
| 175.24.232.83 | 67% | 344 | 48 | 🇨🇳 CN | AS45090 | 2026-04-22 |
| 222.79.104.148 | 99% | 285 | 283 | 🇨🇳 CN | AS133774 | 2026-03-30 |
| 27.185.57.13 | 61% | 201 | 53 | 🇨🇳 CN | AS4134 | 2026-04-26 |
| 14.103.236.250 | 58% | 185 | 32 | 🇨🇳 CN | AS4811 | 2026-03-21 |
| 119.45.236.191 | 57% | 174 | 27 | 🇨🇳 CN | AS45090 | 2026-04-23 |
| 27.185.41.158 | 55% | 138 | 30 | 🇨🇳 CN | AS4134 | 2026-04-21 |
| 47.111.173.137 | 49% | 98 | 9 | 🇨🇳 CN | AS37963 | 2026-02-26 |
| 96.9.79.178 | 99% | 90 | 90 | 🇰🇭 KH | AS131207 | 2026-03-31 |
| 36.37.130.171 | 99% | 82 | 82 | 🇰🇭 KH | AS38623 | 2026-03-31 |
| 39.105.30.35 | 40% | 42 | 17 | 🇨🇳 CN | AS37963 | 2026-03-31 |
| 124.220.206.118 | 49% | 24 | 2 | 🇨🇳 CN | AS45090 | 2026-03-07 |
| 47.94.94.217 | 41% | 23 | 2 | 🇨🇳 CN | AS37963 | 2026-02-22 |
| 118.25.236.184 | 34% | 3 | 3 | 🇨🇳 CN | AS45090 | 2026-03-06 |