Loading threats
Matches HTTP requests attempting to access the sensitive file path /root/.aws/credentials. This primitive helps identify exploitation or reconnaissance activity where attackers probe for exposed AWS credential files belonging to the root user, typically via file disclosure, path traversal, or misconfigured web application endpoints.
| IP Address | Risk | Events | Sessions | Country | ASN | Last Seen |
|---|---|---|---|---|---|---|
| 185.177.72.38 | 94% | 31,924 | 1,563 | 🇫🇷 FR | AS211590 | 2026-03-18 |
| 185.177.72.30 | 92% | 26,325 | 1,008 | 🇫🇷 FR | AS211590 | 2026-03-19 |
| 185.177.72.52 | 93% | 23,814 | 970 | 🇫🇷 FR | AS211590 | 2026-03-19 |
| 185.177.72.49 | 91% | 20,634 | 979 | 🇫🇷 FR | AS211590 | 2026-03-18 |
| 185.177.72.22 | 93% | 20,294 | 990 | 🇫🇷 FR | AS211590 | 2026-03-18 |
| 185.177.72.51 | 91% | 17,216 | 1,125 | 🇫🇷 FR | AS211590 | 2026-03-18 |
| 185.177.72.13 | 91% | 17,195 | 1,066 | 🇫🇷 FR | AS211590 | 2026-03-18 |
| 185.177.72.23 | 92% | 14,928 | 1,099 | 🇫🇷 FR | AS211590 | 2026-03-19 |
| 185.177.72.56 | 91% | 14,306 | 1,036 | 🇫🇷 FR | AS211590 | 2026-03-18 |
| 45.148.10.5 | 99% | 485 | 485 | 🇳🇱 NL | AS48090 | 2026-03-19 |
| 45.139.104.161 | 84% | 472 | 472 | 🇧🇬 BG | AS399979 | 2026-03-11 |
| 195.178.110.28 | 99% | 427 | 427 | 🇧🇬 BG | AS48090 | 2026-03-19 |
| 104.23.229.8 | 4% | 25 | 12 | 🇫🇷 FR | AS13335 | 2026-03-19 |
| 185.177.72.11 | 84% | 17 | 17 | 🇫🇷 FR | AS211590 | 2026-03-16 |
| 172.71.127.159 | 4% | 15 | 9 | 🇫🇷 FR | AS13335 | 2026-03-18 |
| 172.71.232.117 | 4% | 8 | 6 | 🇫🇷 FR | AS13335 | 2026-03-18 |
| 172.68.151.123 | 5% | 8 | 8 | 🇫🇷 FR | AS13335 | 2026-03-19 |
| 172.68.151.162 | 5% | 8 | 6 | 🇫🇷 FR | AS13335 | 2026-03-13 |
| 172.71.127.127 | 5% | 7 | 7 | 🇫🇷 FR | AS13335 | 2026-03-19 |
| 104.23.229.53 | 5% | 7 | 7 | 🇫🇷 FR | AS13335 | 2026-03-18 |