Loading threats
Matches HTTP requests attempting to access the local file path /home/ubuntu/.aws/credentials. This primitive helps identify reconnaissance or exploitation activity where attackers probe for exposed AWS credential files on misconfigured web servers or vulnerable file-read endpoints, often as part of cloud credential harvesting attempts.
| IP Address | Risk | Events | Sessions | Country | ASN | Last Seen |
|---|---|---|---|---|---|---|
| 45.148.10.5 | 99% | 493 | 493 | 🇳🇱 NL | AS48090 | 2026-03-20 |
| 195.178.110.28 | 99% | 442 | 442 | 🇧🇬 BG | AS48090 | 2026-03-20 |