Http Request Path Aws Credentials Js

Matches HTTP requests attempting to access a JavaScript file named /.aws/credentials.js. This primitive helps identify reconnaissance or exploitation attempts where attackers probe for improperly stored or exposed AWS credential material embedded in script files, often due to insecure deployment practices, directory exposure, or file disclosure vulnerabilities.

Observed IPs

Avg Confidence

83%

Protocol

HTTP

Top IPs by event count

IP Address	Risk	Events	Sessions	Country	ASN	Last Seen
185.177.72.38	99%	32,544	2,183	🇫🇷 FR	AS211590	2026-04-23
185.177.72.49	94%	21,261	1,513	🇫🇷 FR	AS211590	2026-04-25
45.148.10.249	100%	2,340	2,331	🇳🇱 NL	AS48090	2026-04-23
45.148.10.5	100%	553	553	🇳🇱 NL	AS48090	2026-03-21
195.178.110.28	99%	507	507	🇧🇬 BG	AS48090	2026-03-21
185.177.72.66	92%	130	130	🇫🇷 FR	AS211590	2026-04-22
185.177.72.205	87%	93	93	🇫🇷 FR	AS211590	2026-04-24
185.177.72.11	92%	87	85	🇫🇷 FR	AS211590	2026-04-25
185.177.72.100	84%	61	61	🇫🇷 FR	AS211590	2026-04-24
185.177.72.31	77%	39	39	🇫🇷 FR	AS211590	2026-04-22
185.177.72.5	71%	36	36	🇫🇷 FR	AS211590	2026-04-19
185.177.72.69	88%	35	35	🇫🇷 FR	AS211590	2026-04-25
185.217.126.47	51%	29	29	🇫🇷 FR	AS51167	2026-03-26
173.212.230.39	51%	6	6	🇫🇷 FR	AS51167	2026-03-01
207.180.211.231	54%	4	4	🇫🇷 FR	AS51167	2026-02-28