Loading threats
Detects a Redis SET command that writes a cron-formatted schedule (*/2 * * * *) into a key (e.g., backup1) containing a base64-encoded payload piped through base64 -d | bash | bash. This pattern is strongly associated with Redis exploitation where attackers abuse write access to plant cron jobs that repeatedly download and execute remote shell scripts. The decoded payload typically performs cd followed by remote script retrieval (e.g., via HTTP) and execution, establishing persistence and enabling botnet enrollment or cryptominer deployment.
| IP Address | Risk | Events | Sessions | Country | ASN | Last Seen |
|---|---|---|---|---|---|---|
| 183.56.243.176 | 93% | 5,643 | 558 | 🇨🇳 CN | AS135089 | 2026-03-20 |
| 220.181.1.163 | 100% | 2,613 | 641 | 🇨🇳 CN | AS23724 | 2026-03-20 |
| 221.130.29.85 | 90% | 1,912 | 821 | 🇨🇳 CN | AS56046 | 2026-03-20 |
| 14.116.219.149 | 90% | 1,516 | 493 | 🇨🇳 CN | AS58466 | 2026-03-18 |
| 113.214.18.234 | 100% | 1,084 | 545 | 🇨🇳 CN | AS24139 | 2026-03-20 |
| 39.105.202.192 | 86% | 919 | 374 | 🇨🇳 CN | AS37963 |
| 2026-03-18 |
| 8.142.178.141 | 90% | 750 | 390 | 🇨🇳 CN | AS37963 | 2026-03-20 |
| 81.70.2.239 | 78% | 673 | 160 | 🇨🇳 CN | AS45090 | 2026-03-20 |
| 47.244.168.170 | 95% | 655 | 221 | 🇭🇰 HK | AS45102 | 2026-03-02 |
| 183.56.219.190 | 81% | 651 | 155 | 🇨🇳 CN | AS135089 | 2026-03-18 |
| 140.238.153.39 | 81% | 594 | 245 | 🇨🇦 CA | AS31898 | 2026-03-20 |
| 125.74.55.217 | 75% | 544 | 151 | 🇨🇳 CN | AS141998 | 2026-03-20 |
| 47.96.228.248 | 82% | 544 | 315 | 🇨🇳 CN | AS37963 | 2026-03-21 |
| 125.88.205.65 | 77% | 456 | 121 | 🇨🇳 CN | AS58466 | 2026-03-20 |
| 14.18.118.84 | 73% | 453 | 135 | 🇨🇳 CN | AS58466 | 2026-03-19 |
| 150.158.97.56 | 76% | 338 | 142 | 🇨🇳 CN | AS45090 | 2026-03-20 |
| 36.139.84.140 | 72% | 177 | 79 | 🇨🇳 CN | AS56046 | 2026-03-20 |
| 220.250.52.75 | 60% | 172 | 96 | 🇨🇳 CN | AS4837 | 2026-03-20 |
| 222.79.104.148 | 99% | 157 | 155 | 🇨🇳 CN | AS133774 | 2026-03-21 |
| 120.53.106.134 | 55% | 53 | 19 | 🇨🇳 CN | AS45090 | 2026-03-16 |