Loading threats
Detects execution of the Redis HGETALL command against a hash key following the pattern apikey:sk_live_<32 hex>. This operation retrieves all fields and values stored within the targeted API key hash, indicating direct data extraction of a specific credential object. When the key structure resembles live API credentials (sk_live_), this behavior reflects targeted secret access rather than general enumeration. It is typically observed after prior key discovery activity (e.g., KEYS *) and represents active credential harvesting from a compromised or exposed Redis instance.
| IP Address | Risk | Events | Sessions | Country | ASN | Last Seen |
|---|---|---|---|---|---|---|
| 104.154.213.243 | 97% | 11,009 | 23 | 🇺🇸 US | AS396982 | 2026-02-17 |
| 34.31.92.252 | 93% | 390 | 26 | 🇺🇸 US | AS396982 | 2026-02-20 |
| 35.188.106.181 | 88% | 96 | 1 | 🇺🇸 US | AS396982 | 2026-02-10 |
| 34.9.214.80 | 97% | 44 | 44 | 🇺🇸 US | AS396982 | 2026-03-11 |
| 34.67.26.229 | 97% | 30 | 30 | 🇺🇸 US | AS396982 | 2026-03-05 |
| 136.113.193.207 | 91% | 15 | 15 | 🇺🇸 US | AS396982 |
| 2026-02-25 |
| 34.170.198.233 | 91% | 13 | 13 | 🇺🇸 US | AS396982 | 2026-03-04 |
| 34.29.15.216 | 89% | 11 | 11 | 🇺🇸 US | AS396982 | 2026-02-25 |
| 34.121.185.112 | 89% | 8 | 8 | 🇺🇸 US | AS396982 | 2026-03-05 |
| 34.29.65.200 | 83% | 7 | 7 | 🇺🇸 US | AS396982 | 2026-03-11 |