Loading threats
Detects a Redis SET command that writes an @hourly cron job invoking python -c with urllib2.urlopen() to fetch a remote shell script over HTTP, save it to a hidden dot-file, chmod it executable, and execute it. This reflects automated Redis exploitation used for persistent botnet or malware deployment via scheduled task abuse.
| IP Address | Risk | Events | Sessions | Country | ASN | Last Seen |
|---|---|---|---|---|---|---|
| 183.56.243.176 | 93% | 5,643 | 558 | 🇨🇳 CN | AS135089 | 2026-03-20 |
| 220.181.1.163 | 100% | 2,613 | 641 | 🇨🇳 CN | AS23724 | 2026-03-20 |
| 221.130.29.85 | 90% | 1,912 | 821 | 🇨🇳 CN | AS56046 | 2026-03-20 |
| 14.116.219.149 | 90% | 1,516 | 493 | 🇨🇳 CN | AS58466 | 2026-03-18 |
| 113.214.18.234 | 100% | 1,084 | 545 | 🇨🇳 CN | AS24139 | 2026-03-20 |
| 39.105.202.192 | 86% | 919 | 374 | 🇨🇳 CN | AS37963 | 2026-03-18 |
| 8.142.178.141 | 90% | 750 | 390 | 🇨🇳 CN | AS37963 | 2026-03-20 |
| 81.70.2.239 | 78% | 673 | 160 | 🇨🇳 CN | AS45090 | 2026-03-20 |
| 47.244.168.170 | 95% | 655 | 221 | 🇭🇰 HK | AS45102 | 2026-03-02 |
| 183.56.219.190 | 81% | 651 | 155 | 🇨🇳 CN | AS135089 | 2026-03-18 |
| 140.238.153.39 | 81% | 594 | 245 | 🇨🇦 CA | AS31898 | 2026-03-20 |
| 125.74.55.217 | 75% | 544 | 151 | 🇨🇳 CN | AS141998 | 2026-03-20 |
| 47.96.228.248 | 82% | 544 | 315 | 🇨🇳 CN | AS37963 | 2026-03-21 |
| 125.88.205.65 | 77% | 456 | 121 | 🇨🇳 CN | AS58466 | 2026-03-20 |
| 14.18.118.84 | 73% | 453 | 135 | 🇨🇳 CN | AS58466 | 2026-03-19 |
| 150.158.97.56 | 76% | 338 | 142 | 🇨🇳 CN | AS45090 | 2026-03-20 |
| 36.139.84.140 | 72% | 177 | 79 | 🇨🇳 CN | AS56046 | 2026-03-20 |
| 220.250.52.75 | 60% | 172 | 96 | 🇨🇳 CN | AS4837 | 2026-03-20 |
| 222.79.104.148 | 99% | 157 | 155 | 🇨🇳 CN | AS133774 | 2026-03-21 |
| 120.53.106.134 | 55% | 53 | 19 | 🇨🇳 CN | AS45090 | 2026-03-16 |