Loading threats
Detects execution of the Redis HGETALL command against a hash key following the pattern apikey:sk_live_<32 hex>. This operation retrieves all fields and values stored within the targeted API key hash, indicating direct data extraction of a specific credential object. When the key structure resembles live API credentials (sk_live_), this behavior reflects targeted secret access rather than general enumeration. It is typically observed after prior key discovery activity (e.g., KEYS *) and represents active credential harvesting from a compromised or exposed Redis instance.
| IP Address | Risk | Events | Sessions | Country | ASN | Last Seen |
|---|---|---|---|---|---|---|
| 34.31.92.252 | 93% | 390 | 26 | 🇺🇸 US | AS396982 | 2026-02-20 |
| 34.9.214.80 | 97% | 44 | 44 | 🇺🇸 US | AS396982 | 2026-03-11 |
| 34.67.26.229 | 97% | 30 | 30 | 🇺🇸 US | AS396982 | 2026-03-05 |
| 34.123.78.31 | 90% | 20 | 20 | 🇺🇸 US | AS396982 | 2026-04-11 |
| 34.29.65.200 | 91% | 19 | 19 | 🇺🇸 US | AS396982 | 2026-03-27 |
| 136.111.99.120 | 96% | 18 | 18 | 🇺🇸 US | AS396982 |
| 2026-04-23 |
| 34.170.198.233 | 86% | 16 | 16 | 🇺🇸 US | AS396982 | 2026-03-20 |
| 136.113.193.207 | 91% | 15 | 15 | 🇺🇸 US | AS396982 | 2026-02-25 |
| 34.55.210.71 | 93% | 13 | 13 | 🇺🇸 US | AS396982 | 2026-04-23 |
| 34.29.15.216 | 89% | 11 | 11 | 🇺🇸 US | AS396982 | 2026-02-25 |
| 34.29.91.3 | 89% | 8 | 8 | 🇺🇸 US | AS396982 | 2026-03-18 |
| 34.121.185.112 | 89% | 8 | 8 | 🇺🇸 US | AS396982 | 2026-03-05 |
| 104.154.62.21 | 84% | 7 | 7 | 🇺🇸 US | AS396982 | 2026-04-08 |
| 34.31.96.184 | 83% | 5 | 5 | 🇺🇸 US | AS396982 | 2026-04-23 |
| 34.69.91.241 | 84% | 3 | 3 | 🇺🇸 US | AS396982 | 2026-04-23 |
| 23.236.56.191 | 73% | 2 | 2 | 🇺🇸 US | AS396982 | 2026-03-23 |