Redis Set Cron Ssh Rsa Authorized Key Injection

Uses the Redis SET command to write an SSH public key (ssh-rsa) value, a technique commonly used after changing Redis dir and dbfilename to place the key into an authorized_keys file, enabling SSH key-based access for the attacker.

Observed IPs

190

Avg Confidence

63%

Protocol

REDIS

Top IPs by event count

IP Address	Risk	Events	Sessions	Country	ASN	Last Seen
36.112.94.94	84%	4,158	2,244	🇨🇳 CN	AS4847	2026-02-26
121.30.192.44	77%	924	304	🇨🇳 CN	AS4837	2026-03-05
39.104.64.187	70%	209	51	🇨🇳 CN	AS37963	2026-02-07
171.80.12.2	66%	208	180	🇨🇳 CN	AS151185	2026-03-04
124.236.108.172	66%	207	70	🇨🇳 CN	AS134760	2026-03-05
36.155.92.2	78%	202	24	🇨🇳 CN	AS56046	2026-02-07
8.148.205.29	79%	197	38	🇨🇳 CN	AS37963	2026-03-03
209.38.249.252	81%	155	18	🇩🇪 DE	AS14061	2026-02-27
36.133.109.170	71%	151	15	🇨🇳 CN	AS9808	2026-02-25
14.103.250.91	71%	149	65	🇨🇳 CN	AS4811	2026-02-26
222.88.163.198	67%	127	12	🇨🇳 CN	AS4134	2026-02-05
121.196.215.180	73%	119	7	🇨🇳 CN	AS37963	2026-02-09
106.75.218.39	71%	102	18	🇨🇳 CN	AS17621	2026-03-03
8.218.228.75	65%	98	11	🇭🇰 HK	AS45102	2026-02-10
8.138.104.161	71%	93	6	🇨🇳 CN	AS37963	2026-02-08
113.105.105.179	71%	91	10	🇨🇳 CN	AS4134	2026-02-25
47.108.169.114	67%	90	33	🇨🇳 CN	AS37963	2026-02-16
221.179.61.253	77%	89	8	🇨🇳 CN	AS9808	2026-02-14
107.174.52.27	77%	88	19	🇺🇸 US	AS36352	2026-03-01
47.107.147.159	76%	88	22	🇨🇳 CN	AS37963	2026-03-04