Even if it is in redis or memcached, it is still consuming resources in deciding what needs to be done with each successive volley.
Given that each address only shows up three times, it appears that something like fail2ban is already in play (or that fail2ban is what the attack is designed to...