Redis Set System Cron Payload

Uses the Redis SET command to write a cron entry in system-cron format (including an explicit execution user such as root), combined with a remote shell script download and pipe-to-shell execution. This indicates an active Redis exploitation attempt aimed at achieving root-level persistent code execution via /etc/crontab or /etc/cron.d/*.

Observed IPs

Avg Confidence

89%

Protocol

REDIS

Top IPs by event count

IP Address	Risk	Events	Sessions	Country	ASN	Last Seen
182.40.103.253	100%	1,118	165	🇨🇳 CN	AS136195	2026-03-05
139.198.30.179	64%	860	120	🇨🇳 CN	AS59078	2026-03-03
14.103.220.97	100%	693	133	🇨🇳 CN	AS4811	2026-03-05
94.74.84.246	98%	634	83	🇸🇬 SG	AS136907	2026-02-14
125.94.106.113	67%	602	117	🇨🇳 CN	AS4134	2026-03-04
14.103.198.15	100%	598	83	🇨🇳 CN	AS4811	2026-03-04
218.78.131.154	100%	592	203	🇨🇳 CN	AS4812	2026-03-05
180.76.114.78	68%	560	238	🇨🇳 CN	AS38365	2026-03-05
114.80.35.241	99%	529	186	🇨🇳 CN	AS4811	2026-03-05
106.227.11.236	99%	499	111	🇨🇳 CN	AS134238	2026-03-05
49.115.217.27	62%	491	148	🇨🇳 CN	AS4134	2026-03-05
125.67.236.54	99%	435	142	🇨🇳 CN	AS4134	2026-03-04
111.228.61.51	95%	423	29	🇨🇳 CN	AS141679	2026-02-03
182.92.181.218	100%	413	88	🇨🇳 CN	AS37963	2026-03-02
106.12.184.7	70%	336	158	🇨🇳 CN	AS38365	2026-03-04
120.48.43.118	98%	317	99	🇨🇳 CN	AS38365	2026-03-04
101.201.124.141	98%	279	43	🇨🇳 CN	AS37963	2026-03-02
117.50.47.100	94%	261	50	🇨🇳 CN	AS4808	2026-03-04
218.59.175.217	67%	248	114	🇨🇳 CN	AS4837	2026-03-05
101.201.71.213	99%	243	40	🇨🇳 CN	AS37963	2026-02-28