Loading threats
Uses the Redis SET command to write a cron entry in system-cron format (including an explicit execution user such as root), combined with a remote shell script download and pipe-to-shell execution. This indicates an active Redis exploitation attempt aimed at achieving root-level persistent code execution via /etc/crontab or /etc/cron.d/*.
| IP Address | Risk | Events | Sessions | Country | ASN | Last Seen |
|---|---|---|---|---|---|---|
| 182.40.103.253 | 100% | 1,413 | 460 | 🇨🇳 CN | AS136195 | 2026-04-26 |
| 139.198.30.179 | 86% | 1,058 | 318 | 🇨🇳 CN | AS59078 | 2026-04-26 |
| 218.78.131.154 | 100% | 971 | 580 | 🇨🇳 CN | AS4812 | 2026-04-27 |
| 14.103.220.97 | 100% | 911 | 351 | 🇨🇳 CN | AS4811 | 2026-04-27 |
| 114.80.35.241 | 100% | 873 | 528 | 🇨🇳 CN | AS4811 | 2026-04-27 |
| 180.76.114.78 | 83% | 824 | 502 | 🇨🇳 CN | AS38365 | 2026-04-15 |
| 125.94.106.113 | 86% | 760 | 275 | 🇨🇳 CN | AS4134 | 2026-04-26 |
| 14.103.198.15 | 100% | 711 | 196 | 🇨🇳 CN | AS4811 | 2026-04-26 |
| 49.115.217.27 | 83% | 647 | 304 | 🇨🇳 CN | AS4134 | 2026-04-26 |
| 106.13.124.241 | 71% | 593 | 425 | 🇨🇳 CN | AS38365 | 2026-04-25 |
| 106.227.11.236 | 99% | 568 | 180 | 🇨🇳 CN | AS134238 | 2026-03-26 |
| 106.12.184.7 | 78% | 556 | 378 | 🇨🇳 CN | AS38365 | 2026-04-26 |
| 182.92.181.218 | 100% | 506 | 181 | 🇨🇳 CN | AS37963 | 2026-04-25 |
| 61.153.23.162 | 70% | 468 | 335 | 🇨🇳 CN | AS4134 | 2026-04-19 |
| 125.67.236.54 | 99% | 458 | 165 | 🇨🇳 CN | AS4134 | 2026-03-11 |
| 120.48.43.118 | 98% | 435 | 217 | 🇨🇳 CN | AS38365 | 2026-04-27 |
| 43.134.0.85 | 83% | 404 | 323 | 🇸🇬 SG | AS132203 | 2026-04-25 |
| 218.59.175.217 | 80% | 399 | 265 | 🇨🇳 CN | AS4837 | 2026-04-27 |
| 180.76.52.82 | 94% | 346 | 194 | 🇨🇳 CN | AS38365 | 2026-04-27 |
| 106.13.45.232 | 67% | 316 | 213 | 🇨🇳 CN | AS38365 | 2026-04-25 |