Loading threats
Detects a Redis CONFIG SET dir /etc/cron.d command, which changes the Redis working directory to the system cron directory. This is a well-known exploitation technique used after gaining write access to an exposed Redis instance. By redirecting the dump directory to /etc/cron.d, attackers can subsequently use SAVE or BGSAVE to write a malicious cron file to disk, achieving persistent command execution on the host.
| IP Address | Risk | Events | Sessions | Country | ASN | Last Seen |
|---|---|---|---|---|---|---|
| 113.214.18.234 | 100% | 906 | 367 | 🇨🇳 CN | AS24139 | 2026-03-05 |
| 119.45.248.246 | 77% | 420 | 30 | 🇨🇳 CN | AS45090 | 2026-03-04 |
| 109.244.159.27 | 64% | 326 | 22 | 🇨🇳 CN | AS45090 | 2026-03-05 |
| 175.24.232.83 | 67% | 319 | 23 | 🇨🇳 CN | AS45090 | 2026-03-04 |
| 14.103.236.250 | 58% | 174 | 21 | 🇨🇳 CN | AS4811 | 2026-03-05 |
| 27.185.57.13 | 57% | 163 | 15 | 🇨🇳 CN | AS4134 | 2026-03-04 |
| 119.45.236.191 | 57% | 162 | 15 | 🇨🇳 CN | AS45090 | 2026-03-04 |
| 27.185.41.158 | 54% | 115 | 7 | 🇨🇳 CN | AS4134 | 2026-02-20 |
| 47.111.173.137 | 49% | 98 | 9 | 🇨🇳 CN | AS37963 | 2026-02-26 |
| 39.105.30.35 | 43% | 33 | 8 | 🇨🇳 CN | AS37963 | 2026-02-17 |
| 124.220.206.118 | 62% | 23 | 1 | 🇨🇳 CN | AS45090 | 2026-02-21 |
| 47.94.94.217 | 41% | 23 | 2 | 🇨🇳 CN | AS37963 | 2026-02-22 |
| 118.25.236.184 | 34% | 1 | 1 | 🇨🇳 CN | AS45090 | 2026-02-25 |