Loading threats
HTTPS request sequence probing for exposed environment configuration files and cloud credential paths, including multiple .env variants, application configuration files, and /.aws/credentials, with repeated attempts using query modifiers (import&raw). The pattern reflects automated enumeration of sensitive configuration resources via direct path discovery.
This behavioral pattern is part of the SikkerAPI detection catalog and is actively monitored across our global honeypot network. No IPs in the current retention window have triggered this detection signature.
When an attacker exhibits this behavior, matched IPs will appear here with confidence scores, geolocation, and session details. Browse other HTTPS detections or look up a specific IP to check its threat profile.