Loading threats
Detects a Redis SET command that writes an @hourly cron job invoking python -c with urllib2.urlopen() to fetch a remote shell script over HTTP, save it to a hidden dot-file, chmod it executable, and execute it. This reflects automated Redis exploitation used for persistent botnet or malware deployment via scheduled task abuse.
| IP Address | Risk | Events | Sessions | Country | ASN | Last Seen |
|---|---|---|---|---|---|---|
| 183.56.243.176 | 94% | 5,895 | 810 | 🇨🇳 CN | AS135089 | 2026-04-20 |
| 220.181.1.163 | 100% | 2,895 | 923 | 🇨🇳 CN | AS23724 | 2026-04-20 |
| 221.130.29.85 | 91% | 2,316 | 1,225 | 🇨🇳 CN | AS56046 | 2026-04-20 |
| 14.116.219.149 | 92% | 1,828 | 805 | 🇨🇳 CN | AS58466 | 2026-04-19 |
| 113.214.18.234 | 100% | 1,611 | 1,072 | 🇨🇳 CN | AS24139 | 2026-04-20 |
| 39.105.202.192 | 85% | 1,034 | 489 | 🇨🇳 CN | AS37963 | 2026-04-20 |
| 8.142.178.141 | 94% | 1,001 | 641 | 🇨🇳 CN | AS37963 | 2026-04-20 |
| 81.70.2.239 | 84% | 784 | 271 | 🇨🇳 CN | AS45090 | 2026-04-19 |
| 183.56.219.190 | 82% | 766 | 270 | 🇨🇳 CN | AS135089 | 2026-04-18 |
| 140.238.153.39 | 84% | 746 | 397 | 🇨🇦 CA | AS31898 | 2026-04-20 |
| 47.96.228.248 | 84% | 724 | 495 | 🇨🇳 CN | AS37963 | 2026-04-20 |
| 47.244.168.170 | 95% | 655 | 221 | 🇭🇰 HK | AS45102 | 2026-03-02 |
| 125.74.55.217 | 78% | 610 | 217 | 🇨🇳 CN | AS141998 | 2026-04-16 |
| 125.88.205.65 | 79% | 560 | 225 | 🇨🇳 CN | AS58466 | 2026-04-19 |
| 14.18.118.84 | 78% | 541 | 223 | 🇨🇳 CN | AS58466 | 2026-04-20 |
| 150.158.97.56 | 78% | 396 | 200 | 🇨🇳 CN | AS45090 | 2026-04-08 |
| 222.79.104.148 | 99% | 285 | 283 | 🇨🇳 CN | AS133774 | 2026-03-30 |
| 220.250.52.75 | 69% | 238 | 162 | 🇨🇳 CN | AS4837 | 2026-04-19 |
| 36.139.84.140 | 74% | 231 | 133 | 🇨🇳 CN | AS56046 | 2026-04-19 |
| 96.9.79.178 | 99% | 90 | 90 | 🇰🇭 KH | AS131207 | 2026-03-31 |