Http Request Path Aws Config File

Matches HTTP requests attempting to access the sensitive AWS CLI configuration file /.aws/config. This primitive helps identify reconnaissance or exploitation activity where attackers probe for exposed cloud configuration data, including account profiles, regions, and role settings, typically through path traversal, local file inclusion, or misconfigured web server directory exposure.

Observed IPs

182

Avg Confidence

51%

Protocol

HTTP

Top IPs by event count

IP Address	Risk	Events	Sessions	Country	ASN	Last Seen
185.177.72.38	99%	32,544	2,183	🇫🇷 FR	AS211590	2026-04-23
185.177.72.30	98%	26,701	1,384	🇫🇷 FR	AS211590	2026-04-29
185.177.72.52	99%	24,027	1,183	🇫🇷 FR	AS211590	2026-05-04
185.177.72.49	94%	21,285	1,537	🇫🇷 FR	AS211590	2026-05-04
185.177.72.22	98%	20,803	1,499	🇫🇷 FR	AS211590	2026-04-02
185.177.72.13	98%	17,709	1,509	🇫🇷 FR	AS211590	2026-05-04
185.177.72.51	93%	17,689	1,598	🇫🇷 FR	AS211590	2026-04-29
185.177.72.23	97%	15,445	1,614	🇫🇷 FR	AS211590	2026-04-28
185.177.72.56	96%	14,840	1,476	🇫🇷 FR	AS211590	2026-05-04
195.178.110.199	98%	6,006	1,966	🇧🇬 BG	AS48090	2026-03-20
152.42.255.97	85%	4,894	4,850	🇸🇬 SG	AS14061	2026-03-08
195.178.110.108	100%	3,715	569	🇧🇬 BG	AS48090	2026-03-22
195.178.110.159	100%	3,232	3,232	🇧🇬 BG	AS48090	2026-04-07
45.148.10.249	100%	2,340	2,331	🇳🇱 NL	AS48090	2026-04-23
45.138.16.145	80%	1,610	1,518	🇵🇱 PL	AS210558	2026-03-12
124.243.150.54	89%	1,515	1,507	🇸🇬 SG	AS136907	2026-05-04
152.42.221.249	96%	984	984	🇸🇬 SG	AS14061	2026-03-04
45.138.16.178	99%	858	858	🇵🇱 PL	AS210558	2026-04-22
45.148.10.187	71%	757	756	🇳🇱 NL	AS48090	2026-04-01
107.173.39.70	95%	687	687	🇺🇸 US		2026-04-26

Loading threats