Loading threats
Identifies structured extraction of high-value application configuration and credential material from a Redis datastore. The behavior includes keyspace enumeration, targeted TYPE inspection across configuration namespaces (cloud, database, encryption, JWT, mail, payment, VCS), and direct GET/HGETALL retrieval of secrets, API keys, feature flags, internal URLs, and user cache objects. This tightly grouped pattern reflects deliberate application-layer reconnaissance and credential harvesting following access to a Redis instance, indicating high-confidence data exposure and likely compromise of associated services.
| IP Address | Risk | Events | Sessions | Country | ASN | Last Seen |
|---|---|---|---|---|---|---|
| 104.154.213.243 | 97% | 11,009 | 23 | 🇺🇸 US | AS396982 | 2026-02-17 |
| 34.31.92.252 | 93% | 390 | 26 | 🇺🇸 US | AS396982 | 2026-02-20 |
| 35.188.106.181 | 88% | 96 | 1 | 🇺🇸 US | AS396982 | 2026-02-10 |
| 34.9.214.80 | 97% | 44 | 44 | 🇺🇸 US | AS396982 | 2026-03-11 |
| 34.67.26.229 | 97% | 30 | 30 | 🇺🇸 US | AS396982 | 2026-03-05 |
| 136.113.193.207 |
| 91% |
| 15 |
| 15 |
| 🇺🇸 US |
| AS396982 |
| 2026-02-25 |
| 34.29.65.200 | 83% | 7 | 7 | 🇺🇸 US | AS396982 | 2026-03-11 |