ThreatFox IOC Database

You are viewing the ThreatFox database entry for ip:port 117.150.62.177:6379.

Database Entry

Add tag Delete this IOC  Report False Positive Export IOC (JSON)    Export IOC (CSV)
IOC ID:1816729
IOC: 117.150.62.177:6379
IOC Type :ip:port
Threat Type :payload_delivery
Malware: XMRIG
Confidence Level : Confidence level is high (90%)
Is compromised? : False
ASN:AS9808 CHINAMOBILE-CN
Country:- CN
First seen:2026-05-21 05:00:02 UTC
Last seen:never
UUID:81ba2ae9-5482-11f1-b930-42010aa4000a
Reporter nullblue67
Reward 5 credits from ThreatFox
Tags:china-mobile redis-rce webshell-dropper

Avatar
nullblue67
Redis-to-webshell attacker. Pattern: CONFIG SET dir <webroot> + SET dbfilename cmd.php/shell.php attempting to drop PHP webshell via Redis SAVE. Tested 10+ Linux webroots. Captured 2026-05-19. China Mobile residential.