Loading threats
Matches HTTP requests attempting to access a JSON-formatted AWS credentials file at /.aws/credentials.json. This primitive helps identify reconnaissance or exploitation attempts where attackers probe for exposed cloud authentication material stored in alternative formats, commonly through directory listing, local file inclusion, or other file disclosure vulnerabilities.
| IP Address | Risk | Events | Sessions | Country | ASN | Last Seen |
|---|---|---|---|---|---|---|
| 45.148.10.5 | 94% | 553 | 553 | 🇳🇱 NL | AS48090 | 2026-03-21 |
| 195.178.110.28 | 94% | 507 | 507 | 🇧🇬 BG | AS48090 | 2026-03-21 |