Loading threats
Detects a Redis SET command that implants a cron-formatted entry (*/<n> * * * *) containing a direct HTTP retrieval (curl/cd1 -fsSL style fetch) piped into sh. This pattern reflects Redis exploitation where attackers establish scheduled remote script execution without obfuscation (no base64 layer), typically for botnet enrollment or cryptominer deployment.
| IP Address | Risk | Events | Sessions | Country | ASN | Last Seen |
|---|---|---|---|---|---|---|
| 180.149.32.80 | 97% | 3,225 | 490 | 🇺🇸 US | AS25846 | 2026-02-09 |
| 101.206.108.14 | 100% | 2,558 | 750 | 🇨🇳 CN | AS4837 | 2026-03-05 |
| 74.50.81.220 | 99% | 1,231 | 160 | 🇺🇸 US | AS19318 | 2026-03-05 |
| 97.74.92.144 | 87% | 1,196 | 293 | 🇺🇸 US | AS26496 | 2026-03-05 |
| 182.40.103.253 | 100% | 1,118 | 165 | 🇨🇳 CN | AS136195 | 2026-03-05 |
| 157.230.101.158 | 95% | 1,091 | 333 | 🇩🇪 DE | AS14061 | 2026-03-05 |
| 64.20.44.213 | 93% | 1,086 | 74 | 🇺🇸 US | AS19318 | 2026-02-07 |
| 138.68.169.168 | 100% | 1,026 | 193 | 🇬🇧 GB | AS14061 | 2026-03-05 |
| 84.247.137.164 | 100% | 881 | 107 | 🇫🇷 FR | AS51167 | 2026-02-23 |
| 143.198.113.180 | 83% | 879 | 79 | 🇺🇸 US | AS14061 | 2026-02-21 |
| 139.198.30.179 | 64% | 860 | 120 | 🇨🇳 CN | AS59078 | 2026-03-03 |
| 155.212.222.212 | 90% | 824 | 61 | 🇷🇺 RU | AS198610 | 2026-02-04 |
| 20.197.32.228 | 99% | 713 | 171 | 🇮🇳 IN | AS8075 | 2026-03-04 |
| 14.103.220.97 | 100% | 693 | 133 | 🇨🇳 CN | AS4811 | 2026-03-05 |
| 31.210.36.192 | 92% | 645 | 53 | 🇹🇷 TR | AS212219 | 2026-02-24 |
| 94.74.84.246 | 98% | 634 | 83 | 🇸🇬 SG | AS136907 | 2026-02-14 |
| 125.94.106.113 | 67% | 602 | 117 | 🇨🇳 CN | AS4134 | 2026-03-04 |
| 14.103.198.15 | 100% | 598 | 83 | 🇨🇳 CN | AS4811 | 2026-03-04 |
| 218.78.131.154 | 100% | 590 | 201 | 🇨🇳 CN | AS4812 | 2026-03-04 |
| 20.52.250.139 | 98% | 575 | 50 | 🇩🇪 DE | AS8075 | 2026-02-25 |