Loading threats
Matches HTTP requests attempting to access a potentially obfuscated or non-standard AWS credential file path such as /.AWS_/credentials. This primitive helps identify reconnaissance or exploitation activity where attackers probe for misnamed, hidden, or incorrectly secured credential directories that may expose cloud access keys through file disclosure or path traversal vulnerabilities.
| IP Address | Risk | Events | Sessions | Country | ASN | Last Seen |
|---|---|---|---|---|---|---|
| 185.177.72.38 | 98% | 32,379 | 2,018 | 🇫🇷 FR | AS211590 | 2026-03-22 |
| 185.177.72.30 | 95% | 26,541 | 1,224 | 🇫🇷 FR | AS211590 | 2026-03-22 |
| 185.177.72.52 | 95% | 23,912 | 1,068 | 🇫🇷 FR | AS211590 | 2026-03-22 |
| 185.177.72.49 | 95% | 20,868 | 1,120 | 🇫🇷 FR | AS211590 | 2026-03-22 |
| 185.177.72.22 | 97% | 20,705 | 1,401 | 🇫🇷 FR | AS211590 | 2026-03-22 |
| 185.177.72.13 | 95% | 17,593 | 1,409 | 🇫🇷 FR | AS211590 | 2026-03-22 |
| 185.177.72.51 | 97% | 17,528 | 1,437 | 🇫🇷 FR | AS211590 | 2026-03-22 |
| 185.177.72.23 | 96% | 15,127 | 1,296 | 🇫🇷 FR | AS211590 | 2026-03-22 |
| 195.178.110.199 | 99% | 6,006 | 1,966 | 🇧🇬 BG | AS48090 | 2026-03-20 |
| 195.178.110.108 | 100% | 3,715 | 569 | 🇧🇬 BG | AS48090 | 2026-03-22 |
| 45.148.10.5 | 94% | 553 | 553 | 🇳🇱 NL | AS48090 | 2026-03-21 |
| 195.178.110.28 | 94% | 507 | 507 | 🇧🇬 BG | AS48090 | 2026-03-21 |
| 45.148.10.247 | 95% | 223 | 223 | 🇳🇱 NL | AS48090 | 2026-03-22 |
| 104.23.168.81 | 25% | 118 | 65 | 🇳🇱 NL | AS13335 | 2026-03-22 |
| 141.101.76.41 | 28% | 48 | 41 | 🇳🇱 NL | AS13335 | 2026-03-21 |
| 172.70.220.14 | 10% | 36 | 35 | 🇩🇪 DE | AS13335 | 2026-03-20 |
| 176.65.132.46 | 57% | 12 | 12 | 🇩🇪 DE | AS51396 | 2026-02-20 |
| 85.11.167.90 | 49% | 3 | 3 | 🇧🇬 BG | AS213438 | 2026-02-20 |
| 172.71.82.19 | 12% | 1 | 1 | 🇸🇬 SG | AS13335 | 2026-03-17 |
| 104.23.170.188 | 9% | 1 | 1 | 🇳🇱 NL | AS13335 | 2026-03-09 |