Extreme Threat
IP 134.122.136.119 is a critical-risk address identified as a compromised host actively participating in automated attacks, with 539 abuse reports filed against this single IP and a threat level score of 10 out of 10. The address, registered to CTG Server Limited operating within AS152194 and geolocated to Japan, has been flagged by automated honeypot sensors as an exploited platform being weaponized by threat actors without the legitimate operator's knowledge.
Analysis of the 539 reports filed between December 2025 and December 2025 reveals sustained malicious activity with an intensity rating of 8 out of 10, indicating persistent and repeated attack campaigns rather than opportunistic probing. All 20 most recent threat-category classifications explicitly identify this address as an exploited host, confirming that the system itself has been compromised and repurposed as an attack vector. The detected attack pattern points to Redis exploitation techniques, targeting vulnerable Redis database instances exposed to the internet. The 94% confidence score substantiates the reliability of these findings, with detection originating exclusively from automated honeypot infrastructure monitoring internet-facing services.
Exploited host activity represents a severe threat category because it involves systems that have been silently compromised, often through unpatched vulnerabilities or credential compromise, and subsequently weaponized to launch attacks against third parties. The Redis attack pattern specifically suggests attempts to exploit misconfigured Redis deployments for unauthorized data access, remote code execution or network propagation. When a host operates as an exploited platform, the original owner faces potential legal liability for damage caused by their infrastructure, while targets face sophisticated attacks originating from what appears to be a legitimate server.
Site operators should immediately block IP 134.122.136.119 at the network perimeter or firewall level given its critical threat classification. Organizations running publicly accessible Redis instances should verify that authentication is enabled, binding is restricted to localhost only, and that network exposure is minimized. Implementing rate-limiting via tools such as fail2ban or configuring strict connection thresholds can reduce the effectiveness of automated exploitation attempts. Proactive monitoring of authentication logs and implementing intrusion detection rules for anomalous Redis command patterns will further harden defenses against this attack vector.
HK 
RO 
FR 
SE 
TR