Loading threats
Detects a Redis SET command that implants a system-style cron entry including the root user field and a direct HTTP fetch piped into sh (e.g., cd1 -fsSL http://… | sh). This reflects Redis exploitation where an attacker establishes privileged scheduled execution for repeated remote script retrieval and execution. The inclusion of root indicates targeting of /etc/crontab-style injection, enabling execution with elevated privileges after a subsequent SAVE/BGSAVE. This is strongly associated with automated botnet propagation and host-level persistence via misconfigured or unauthenticated Redis services.
| IP Address | Risk | Events | Sessions | Country | ASN | Last Seen |
|---|---|---|---|---|---|---|
| 101.206.108.14 | 100% | 3,103 | 1,295 | 🇨🇳 CN | AS4837 | 2026-04-19 |
| 97.74.92.144 | 100% | 1,817 | 879 | 🇺🇸 US | AS26496 | 2026-04-19 |
| 157.230.101.158 | 100% | 1,530 | 772 | 🇩🇪 DE | AS14061 | 2026-04-19 |
| 182.40.103.253 | 100% | 1,352 | 399 | 🇨🇳 CN | AS136195 | 2026-04-19 |
| 74.50.81.220 | 100% | 1,285 | 214 | 🇺🇸 US | AS19318 | 2026-03-31 |
| 138.68.169.168 | 100% | 1,047 | 214 | 🇬🇧 GB | AS14061 |
| 2026-03-09 |
| 139.198.30.179 | 85% | 1,006 | 266 | 🇨🇳 CN | AS59078 | 2026-04-16 |
| 218.78.131.154 | 100% | 897 | 506 | 🇨🇳 CN | AS4812 | 2026-04-19 |
| 84.247.137.164 | 100% | 881 | 107 | 🇫🇷 FR | AS51167 | 2026-02-23 |
| 143.198.113.180 | 83% | 879 | 79 | 🇺🇸 US | AS14061 | 2026-02-21 |
| 14.103.220.97 | 100% | 852 | 292 | 🇨🇳 CN | AS4811 | 2026-04-18 |
| 180.76.114.78 | 83% | 824 | 502 | 🇨🇳 CN | AS38365 | 2026-04-15 |
| 114.80.35.241 | 100% | 795 | 450 | 🇨🇳 CN | AS4811 | 2026-04-19 |
| 20.197.32.228 | 100% | 738 | 196 | 🇮🇳 IN | AS8075 | 2026-03-09 |
| 125.94.106.113 | 85% | 727 | 242 | 🇨🇳 CN | AS4134 | 2026-04-19 |
| 14.103.198.15 | 100% | 690 | 175 | 🇨🇳 CN | AS4811 | 2026-04-16 |
| 31.210.36.192 | 92% | 645 | 53 | 🇹🇷 TR | AS212219 | 2026-02-24 |
| 49.115.217.27 | 83% | 630 | 287 | 🇨🇳 CN | AS4134 | 2026-04-18 |
| 183.6.4.31 | 81% | 623 | 218 | 🇨🇳 CN | AS4134 | 2026-04-18 |
| 20.52.250.139 | 98% | 575 | 50 | 🇩🇪 DE | AS8075 | 2026-02-25 |