Log Explorer

Fact drill-down for 185.180.204.173

Risk 62 MED Scope All time All-time facts 572 In-scope 572 Filtered 572 Seen 2025-10-04 → 2025-10-04

Reset (all-time)

Active (none) Clear

Faceted filters (facts-based) exact core + snapshot + optional start/end

Annotation facets

HTTP facets

Snapshot facets

Custom time window (optional override)

Provide start/end to scope time explicitly (overrides days). Leave blank for all-time.

Tip: keep windows tight when you need speed, but the default is fact-complete.

Top annotators (facts, in-scope)

base 268 sfp 268 scan_velocity 25 cred 8 ref 3

Top labels (facts, in-scope)

sensitive_file 268 observed 268 scan_velocity 25 cred 8 ref 3

Click a pill to apply it as a filter.

Annotated access events

Showing page 1 / 12 — total 572 rows

← Prev Next →

#1 2025-10-04 19:09:07 event 18853593 GET 404 bytes 7947

ann base label observed

Request event observed

/production/.env

referer

http://68.183.80.204:80/production/.env

Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.124 Safari/537.36

Annotation facts

label

observed

rule

base_observed

conf

—

details

—

More (full fields + snapshot) expand

url

/production/.env

referer

http://68.183.80.204:80/production/.env

Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.124 Safari/537.36

summary

event observed

details

—

subnet

185.180.204.0/24

asn

198414 — Cyber_Folks S.A.

geo

Poland, Lesser Poland, Krakow

org

CF VPS GD

#2 2025-10-04 19:09:07 event 18853592 GET 404 bytes 7947

ann base label observed

Request event observed

/production/.env

referer

http://68.183.80.204:80/production/.env

Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.124 Safari/537.36

Annotation facts

label

observed

rule

base_observed

conf

—

details

—

More (full fields + snapshot) expand

url

/production/.env

referer

http://68.183.80.204:80/production/.env

Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.124 Safari/537.36

summary

event observed

details

—

subnet

185.180.204.0/24

asn

198414 — Cyber_Folks S.A.

geo

Poland, Lesser Poland, Krakow

org

CF VPS GD

#3 2025-10-04 19:09:07 event 18853593 GET 404 bytes 7947

ann sfp 40 label sensitive_file

Request Probe for environment/secret file (.env)

/production/.env

referer

http://68.183.80.204:80/production/.env

Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.124 Safari/537.36

Annotation facts

label

sensitive_file

rule

sfp:file:env

conf

92.00

details

Request targeted a .env-style file (often contains secrets). Snippet='/production/.env'

More (full fields + snapshot) expand

url

/production/.env

referer

http://68.183.80.204:80/production/.env

Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.124 Safari/537.36

summary

Probe for environment/secret file (.env)

details

Request targeted a .env-style file (often contains secrets). Snippet='/production/.env'

subnet

185.180.204.0/24

asn

198414 — Cyber_Folks S.A.

geo

Poland, Lesser Poland, Krakow

org

CF VPS GD

#4 2025-10-04 19:09:07 event 18853592 GET 404 bytes 7947

ann sfp 40 label sensitive_file

Request Probe for environment/secret file (.env)

/production/.env

referer

http://68.183.80.204:80/production/.env

Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.124 Safari/537.36

Annotation facts

label

sensitive_file

rule

sfp:file:env

conf

92.00

details

Request targeted a .env-style file (often contains secrets). Snippet='/production/.env'

More (full fields + snapshot) expand

url

/production/.env

referer

http://68.183.80.204:80/production/.env

Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.124 Safari/537.36

summary

Probe for environment/secret file (.env)

details

Request targeted a .env-style file (often contains secrets). Snippet='/production/.env'

subnet

185.180.204.0/24

asn

198414 — Cyber_Folks S.A.

geo

Poland, Lesser Poland, Krakow

org

CF VPS GD

#5 2025-10-04 19:09:05 event 18853587 GET 404 bytes 7947

ann base label observed

Request event observed

/site/.env

referer

http://68.183.80.204:80/site/.env

Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.124 Safari/537.36

Annotation facts

label

observed

rule

base_observed

conf

—

details

—

More (full fields + snapshot) expand

url

/site/.env

referer

http://68.183.80.204:80/site/.env

Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.124 Safari/537.36

summary

event observed

details

—

subnet

185.180.204.0/24

asn

198414 — Cyber_Folks S.A.

geo

Poland, Lesser Poland, Krakow

org

CF VPS GD

#6 2025-10-04 19:09:05 event 18853586 GET 404 bytes 7947

ann base label observed

Request event observed

/site/.env

referer

http://68.183.80.204:80/site/.env

Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.124 Safari/537.36

Annotation facts

label

observed

rule

base_observed

conf

—

details

—

More (full fields + snapshot) expand

url

/site/.env

referer

http://68.183.80.204:80/site/.env

Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.124 Safari/537.36

summary

event observed

details

—

subnet

185.180.204.0/24

asn

198414 — Cyber_Folks S.A.

geo

Poland, Lesser Poland, Krakow

org

CF VPS GD

#7 2025-10-04 19:09:05 event 18853587 GET 404 bytes 7947

ann sfp 40 label sensitive_file

Request Probe for environment/secret file (.env)

/site/.env

referer

http://68.183.80.204:80/site/.env

Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.124 Safari/537.36

Annotation facts

label

sensitive_file

rule

sfp:file:env

conf

92.00

details

Request targeted a .env-style file (often contains secrets). Snippet='/site/.env'

More (full fields + snapshot) expand

url

/site/.env

referer

http://68.183.80.204:80/site/.env

Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.124 Safari/537.36

summary

Probe for environment/secret file (.env)

details

Request targeted a .env-style file (often contains secrets). Snippet='/site/.env'

subnet

185.180.204.0/24

asn

198414 — Cyber_Folks S.A.

geo

Poland, Lesser Poland, Krakow

org

CF VPS GD

#8 2025-10-04 19:09:05 event 18853586 GET 404 bytes 7947

ann sfp 40 label sensitive_file

Request Probe for environment/secret file (.env)

/site/.env

referer

http://68.183.80.204:80/site/.env

Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.124 Safari/537.36

Annotation facts

label

sensitive_file

rule

sfp:file:env

conf

92.00

details

Request targeted a .env-style file (often contains secrets). Snippet='/site/.env'

More (full fields + snapshot) expand

url

/site/.env

referer

http://68.183.80.204:80/site/.env

Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.124 Safari/537.36

summary

Probe for environment/secret file (.env)

details

Request targeted a .env-style file (often contains secrets). Snippet='/site/.env'

subnet

185.180.204.0/24

asn

198414 — Cyber_Folks S.A.

geo

Poland, Lesser Poland, Krakow

org

CF VPS GD

#9 2025-10-04 19:09:04 event 18853585 GET 404 bytes 7944

ann base label observed

Request event observed

/main/.env

referer

http://68.183.80.204:80/main/.env

Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.124 Safari/537.36

Annotation facts

label

observed

rule

base_observed

conf

—

details

—

More (full fields + snapshot) expand

url

/main/.env

referer

http://68.183.80.204:80/main/.env

Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.124 Safari/537.36

summary

event observed

details

—

subnet

185.180.204.0/24

asn

198414 — Cyber_Folks S.A.

geo

Poland, Lesser Poland, Krakow

org

CF VPS GD

#10 2025-10-04 19:09:04 event 18853581 GET 404 bytes 7944

ann base label observed

Request event observed

/main/.env

referer

http://68.183.80.204:80/main/.env

Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.124 Safari/537.36

Annotation facts

label

observed

rule

base_observed

conf

—

details

—

More (full fields + snapshot) expand

url

/main/.env

referer

http://68.183.80.204:80/main/.env

Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.124 Safari/537.36

summary

event observed

details

—

subnet

185.180.204.0/24

asn

198414 — Cyber_Folks S.A.

geo

Poland, Lesser Poland, Krakow

org

CF VPS GD

#11 2025-10-04 19:09:04 event 18853585 GET 404 bytes 7944

ann sfp 40 label sensitive_file

Request Probe for environment/secret file (.env)

/main/.env

referer

http://68.183.80.204:80/main/.env

Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.124 Safari/537.36

Annotation facts

label

sensitive_file

rule

sfp:file:env

conf

92.00

details

Request targeted a .env-style file (often contains secrets). Snippet='/main/.env'

More (full fields + snapshot) expand

url

/main/.env

referer

http://68.183.80.204:80/main/.env

Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.124 Safari/537.36

summary

Probe for environment/secret file (.env)

details

Request targeted a .env-style file (often contains secrets). Snippet='/main/.env'

subnet

185.180.204.0/24

asn

198414 — Cyber_Folks S.A.

geo

Poland, Lesser Poland, Krakow

org

CF VPS GD

#12 2025-10-04 19:09:04 event 18853581 GET 404 bytes 7944

ann sfp 40 label sensitive_file

Request Probe for environment/secret file (.env)

/main/.env

referer

http://68.183.80.204:80/main/.env

Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.124 Safari/537.36

Annotation facts

label

sensitive_file

rule

sfp:file:env

conf

92.00

details

Request targeted a .env-style file (often contains secrets). Snippet='/main/.env'

More (full fields + snapshot) expand

url

/main/.env

referer

http://68.183.80.204:80/main/.env

Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.124 Safari/537.36

summary

Probe for environment/secret file (.env)

details

Request targeted a .env-style file (often contains secrets). Snippet='/main/.env'

subnet

185.180.204.0/24

asn

198414 — Cyber_Folks S.A.

geo

Poland, Lesser Poland, Krakow

org

CF VPS GD

#13 2025-10-04 19:09:03 event 18853577 GET 301 bytes 178

ann base label observed

Request event observed

/production/.env

referer

Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.124 Safari/537.36

Annotation facts

label

observed

rule

base_observed

conf

—

details

—

More (full fields + snapshot) expand

url

/production/.env

referer

Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.124 Safari/537.36

summary

event observed

details

—

subnet

185.180.204.0/24

asn

198414 — Cyber_Folks S.A.

geo

Poland, Lesser Poland, Krakow

org

CF VPS GD

#14 2025-10-04 19:09:03 event 18853575 GET 404 bytes 7946

ann base label observed

Request event observed

/panel/.env

referer

http://68.183.80.204:80/panel/.env

Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.124 Safari/537.36

Annotation facts

label

observed

rule

base_observed

conf

—

details

—

More (full fields + snapshot) expand

url

/panel/.env

referer

http://68.183.80.204:80/panel/.env

Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.124 Safari/537.36

summary

event observed

details

—

subnet

185.180.204.0/24

asn

198414 — Cyber_Folks S.A.

geo

Poland, Lesser Poland, Krakow

org

CF VPS GD

#15 2025-10-04 19:09:03 event 18853574 GET 301 bytes 178

ann base label observed

Request event observed

/production/.env

referer

Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.124 Safari/537.36

Annotation facts

label

observed

rule

base_observed

conf

—

details

—

More (full fields + snapshot) expand

url

/production/.env

referer

Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.124 Safari/537.36

summary

event observed

details

—

subnet

185.180.204.0/24

asn

198414 — Cyber_Folks S.A.

geo

Poland, Lesser Poland, Krakow

org

CF VPS GD

#16 2025-10-04 19:09:03 event 18853572 GET 404 bytes 7946

ann base label observed

Request event observed

/panel/.env

referer

http://68.183.80.204:80/panel/.env

Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.124 Safari/537.36

Annotation facts

label

observed

rule

base_observed

conf

—

details

—

More (full fields + snapshot) expand

url

/panel/.env

referer

http://68.183.80.204:80/panel/.env

Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.124 Safari/537.36

summary

event observed

details

—

subnet

185.180.204.0/24

asn

198414 — Cyber_Folks S.A.

geo

Poland, Lesser Poland, Krakow

org

CF VPS GD

#17 2025-10-04 19:09:03 event 18853577 GET 301 bytes 178

ann sfp 40 label sensitive_file

Request Probe for environment/secret file (.env)

/production/.env

referer

Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.124 Safari/537.36

Annotation facts

label

sensitive_file

rule

sfp:file:env

conf

92.00

details

Request targeted a .env-style file (often contains secrets). Snippet='/production/.env'

More (full fields + snapshot) expand

url

/production/.env

referer

Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.124 Safari/537.36

summary

Probe for environment/secret file (.env)

details

Request targeted a .env-style file (often contains secrets). Snippet='/production/.env'

subnet

185.180.204.0/24

asn

198414 — Cyber_Folks S.A.

geo

Poland, Lesser Poland, Krakow

org

CF VPS GD

#18 2025-10-04 19:09:03 event 18853575 GET 404 bytes 7946

ann sfp 40 label sensitive_file

Request Probe for environment/secret file (.env)

/panel/.env

referer

http://68.183.80.204:80/panel/.env

Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.124 Safari/537.36

Annotation facts

label

sensitive_file

rule

sfp:file:env

conf

92.00

details

Request targeted a .env-style file (often contains secrets). Snippet='/panel/.env'

More (full fields + snapshot) expand

url

/panel/.env

referer

http://68.183.80.204:80/panel/.env

Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.124 Safari/537.36

summary

Probe for environment/secret file (.env)

details

Request targeted a .env-style file (often contains secrets). Snippet='/panel/.env'

subnet

185.180.204.0/24

asn

198414 — Cyber_Folks S.A.

geo

Poland, Lesser Poland, Krakow

org

CF VPS GD

#19 2025-10-04 19:09:03 event 18853574 GET 301 bytes 178

ann sfp 40 label sensitive_file

Request Probe for environment/secret file (.env)

/production/.env

referer

Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.124 Safari/537.36

Annotation facts

label

sensitive_file

rule

sfp:file:env

conf

92.00

details

Request targeted a .env-style file (often contains secrets). Snippet='/production/.env'

More (full fields + snapshot) expand

url

/production/.env

referer

Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.124 Safari/537.36

summary

Probe for environment/secret file (.env)

details

Request targeted a .env-style file (often contains secrets). Snippet='/production/.env'

subnet

185.180.204.0/24

asn

198414 — Cyber_Folks S.A.

geo

Poland, Lesser Poland, Krakow

org

CF VPS GD

#20 2025-10-04 19:09:03 event 18853572 GET 404 bytes 7946

ann sfp 40 label sensitive_file

Request Probe for environment/secret file (.env)

/panel/.env

referer

http://68.183.80.204:80/panel/.env

Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.124 Safari/537.36

Annotation facts

label

sensitive_file

rule

sfp:file:env

conf

92.00

details

Request targeted a .env-style file (often contains secrets). Snippet='/panel/.env'

More (full fields + snapshot) expand

url

/panel/.env

referer

http://68.183.80.204:80/panel/.env

Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.124 Safari/537.36

summary

Probe for environment/secret file (.env)

details

Request targeted a .env-style file (often contains secrets). Snippet='/panel/.env'

subnet

185.180.204.0/24

asn

198414 — Cyber_Folks S.A.

geo

Poland, Lesser Poland, Krakow

org

CF VPS GD

#21 2025-10-04 19:09:03 event 18853574 GET 301 bytes 178

ann scan_velocity 14 label scan_velocity

Request Scan-velocity indicator: scanv:rpm

/production/.env

referer

Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.124 Safari/537.36

Annotation facts

label

scan_velocity

rule

scanv:rpm

conf

85.00

details

rpm_equiv=54.7; score=7; window=90s; total=82; rpm_equiv=54.7; upm_nonstatic_equiv=20.7; 404=30/82(0.37); ext_hits=33; ua_sig=0; methods=['GET']

More (full fields + snapshot) expand

url

/production/.env

referer

Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.124 Safari/537.36

summary

Scan-velocity indicator: scanv:rpm

details

rpm_equiv=54.7; score=7; window=90s; total=82; rpm_equiv=54.7; upm_nonstatic_equiv=20.7; 404=30/82(0.37); ext_hits=33; ua_sig=0; methods=['GET']

subnet

185.180.204.0/24

asn

198414 — Cyber_Folks S.A.

geo

Poland, Lesser Poland, Krakow

org

CF VPS GD

#22 2025-10-04 19:09:03 event 18853574 GET 301 bytes 178

ann scan_velocity 14 label scan_velocity

Request Scan-velocity indicator: scanv:ext_enum

/production/.env

referer

Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.124 Safari/537.36

Annotation facts

label

scan_velocity

rule

scanv:ext_enum

conf

85.00

details

ext_hits=33; score=7; window=90s; total=82; rpm_equiv=54.7; upm_nonstatic_equiv=20.7; 404=30/82(0.37); ext_hits=33; ua_sig=0; methods=['GET']

More (full fields + snapshot) expand

url

/production/.env

referer

Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.124 Safari/537.36

summary

Scan-velocity indicator: scanv:ext_enum

details

ext_hits=33; score=7; window=90s; total=82; rpm_equiv=54.7; upm_nonstatic_equiv=20.7; 404=30/82(0.37); ext_hits=33; ua_sig=0; methods=['GET']

subnet

185.180.204.0/24

asn

198414 — Cyber_Folks S.A.

geo

Poland, Lesser Poland, Krakow

org

CF VPS GD

#23 2025-10-04 19:09:03 event 18853574 GET 301 bytes 178

ann scan_velocity label scan_velocity

Request Scan-velocity window summary

/production/.env

referer

Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.124 Safari/537.36

Annotation facts

label

scan_velocity

rule

scanv:window

conf

—

details

window=90s; total=82; rpm_equiv=54.7; upm_nonstatic_equiv=20.7; 404=30/82(0.37); ext_hits=33; ua_sig=0; methods=['GET']

More (full fields + snapshot) expand

url

/production/.env

referer

Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.124 Safari/537.36

summary

Scan-velocity window summary

details

window=90s; total=82; rpm_equiv=54.7; upm_nonstatic_equiv=20.7; 404=30/82(0.37); ext_hits=33; ua_sig=0; methods=['GET']

subnet

185.180.204.0/24

asn

198414 — Cyber_Folks S.A.

geo

Poland, Lesser Poland, Krakow

org

CF VPS GD

#24 2025-10-04 19:09:02 event 18853571 GET 404 bytes 7944

ann base label observed

Request event observed

/stage/.env

referer

http://68.183.80.204:80/stage/.env

Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.124 Safari/537.36

Annotation facts

label

observed

rule

base_observed

conf

—

details

—

More (full fields + snapshot) expand

url

/stage/.env

referer

http://68.183.80.204:80/stage/.env

Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.124 Safari/537.36

summary

event observed

details

—

subnet

185.180.204.0/24

asn

198414 — Cyber_Folks S.A.

geo

Poland, Lesser Poland, Krakow

org

CF VPS GD

#25 2025-10-04 19:09:02 event 18853570 GET 404 bytes 7941

ann base label observed

Request event observed

/dashboard/.env

referer

http://68.183.80.204:80/dashboard/.env

Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.124 Safari/537.36

Annotation facts

label

observed

rule

base_observed

conf

—

details

—

More (full fields + snapshot) expand

url

/dashboard/.env

referer

http://68.183.80.204:80/dashboard/.env

Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.124 Safari/537.36

summary

event observed

details

—

subnet

185.180.204.0/24

asn

198414 — Cyber_Folks S.A.

geo

Poland, Lesser Poland, Krakow

org

CF VPS GD

#26 2025-10-04 19:09:02 event 18853568 GET 301 bytes 178

ann base label observed

Request event observed

/main/.env

referer

Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.124 Safari/537.36

Annotation facts

label

observed

rule

base_observed

conf

—

details

—

More (full fields + snapshot) expand

url

/main/.env

referer

Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.124 Safari/537.36

summary

event observed

details

—

subnet

185.180.204.0/24

asn

198414 — Cyber_Folks S.A.

geo

Poland, Lesser Poland, Krakow

org

CF VPS GD

#27 2025-10-04 19:09:02 event 18853567 GET 301 bytes 178

ann base label observed

Request event observed

/site/.env

referer

Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.124 Safari/537.36

Annotation facts

label

observed

rule

base_observed

conf

—

details

—

More (full fields + snapshot) expand

url

/site/.env

referer

Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.124 Safari/537.36

summary

event observed

details

—

subnet

185.180.204.0/24

asn

198414 — Cyber_Folks S.A.

geo

Poland, Lesser Poland, Krakow

org

CF VPS GD

#28 2025-10-04 19:09:02 event 18853566 GET 404 bytes 7944

ann base label observed

Request event observed

/stage/.env

referer

http://68.183.80.204:80/stage/.env

Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.124 Safari/537.36

Annotation facts

label

observed

rule

base_observed

conf

—

details

—

More (full fields + snapshot) expand

url

/stage/.env

referer

http://68.183.80.204:80/stage/.env

Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.124 Safari/537.36

summary

event observed

details

—

subnet

185.180.204.0/24

asn

198414 — Cyber_Folks S.A.

geo

Poland, Lesser Poland, Krakow

org

CF VPS GD

#29 2025-10-04 19:09:02 event 18853565 GET 404 bytes 7941

ann base label observed

Request event observed

/dashboard/.env

referer

http://68.183.80.204:80/dashboard/.env

Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.124 Safari/537.36

Annotation facts

label

observed

rule

base_observed

conf

—

details

—

More (full fields + snapshot) expand

url

/dashboard/.env

referer

http://68.183.80.204:80/dashboard/.env

Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.124 Safari/537.36

summary

event observed

details

—

subnet

185.180.204.0/24

asn

198414 — Cyber_Folks S.A.

geo

Poland, Lesser Poland, Krakow

org

CF VPS GD

#30 2025-10-04 19:09:02 event 18853571 GET 404 bytes 7944

ann sfp 40 label sensitive_file

Request Probe for environment/secret file (.env)

/stage/.env

referer

http://68.183.80.204:80/stage/.env

Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.124 Safari/537.36

Annotation facts

label

sensitive_file

rule

sfp:file:env

conf

92.00

details

Request targeted a .env-style file (often contains secrets). Snippet='/stage/.env'

More (full fields + snapshot) expand

url

/stage/.env

referer

http://68.183.80.204:80/stage/.env

Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.124 Safari/537.36

summary

Probe for environment/secret file (.env)

details

Request targeted a .env-style file (often contains secrets). Snippet='/stage/.env'

subnet

185.180.204.0/24

asn

198414 — Cyber_Folks S.A.

geo

Poland, Lesser Poland, Krakow

org

CF VPS GD

#31 2025-10-04 19:09:02 event 18853570 GET 404 bytes 7941

ann sfp 40 label sensitive_file

Request Probe for environment/secret file (.env)

/dashboard/.env

referer

http://68.183.80.204:80/dashboard/.env

Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.124 Safari/537.36

Annotation facts

label

sensitive_file

rule

sfp:file:env

conf

92.00

details

Request targeted a .env-style file (often contains secrets). Snippet='/dashboard/.env'

More (full fields + snapshot) expand

url

/dashboard/.env

referer

http://68.183.80.204:80/dashboard/.env

Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.124 Safari/537.36

summary

Probe for environment/secret file (.env)

details

Request targeted a .env-style file (often contains secrets). Snippet='/dashboard/.env'

subnet

185.180.204.0/24

asn

198414 — Cyber_Folks S.A.

geo

Poland, Lesser Poland, Krakow

org

CF VPS GD

#32 2025-10-04 19:09:02 event 18853568 GET 301 bytes 178

ann sfp 40 label sensitive_file

Request Probe for environment/secret file (.env)

/main/.env

referer

Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.124 Safari/537.36

Annotation facts

label

sensitive_file

rule

sfp:file:env

conf

92.00

details

Request targeted a .env-style file (often contains secrets). Snippet='/main/.env'

More (full fields + snapshot) expand

url

/main/.env

referer

Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.124 Safari/537.36

summary

Probe for environment/secret file (.env)

details

Request targeted a .env-style file (often contains secrets). Snippet='/main/.env'

subnet

185.180.204.0/24

asn

198414 — Cyber_Folks S.A.

geo

Poland, Lesser Poland, Krakow

org

CF VPS GD

#33 2025-10-04 19:09:02 event 18853567 GET 301 bytes 178

ann sfp 40 label sensitive_file

Request Probe for environment/secret file (.env)

/site/.env

referer

Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.124 Safari/537.36

Annotation facts

label

sensitive_file

rule

sfp:file:env

conf

92.00

details

Request targeted a .env-style file (often contains secrets). Snippet='/site/.env'

More (full fields + snapshot) expand

url

/site/.env

referer

Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.124 Safari/537.36

summary

Probe for environment/secret file (.env)

details

Request targeted a .env-style file (often contains secrets). Snippet='/site/.env'

subnet

185.180.204.0/24

asn

198414 — Cyber_Folks S.A.

geo

Poland, Lesser Poland, Krakow

org

CF VPS GD

#34 2025-10-04 19:09:02 event 18853566 GET 404 bytes 7944

ann sfp 40 label sensitive_file

Request Probe for environment/secret file (.env)

/stage/.env

referer

http://68.183.80.204:80/stage/.env

Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.124 Safari/537.36

Annotation facts

label

sensitive_file

rule

sfp:file:env

conf

92.00

details

Request targeted a .env-style file (often contains secrets). Snippet='/stage/.env'

More (full fields + snapshot) expand

url

/stage/.env

referer

http://68.183.80.204:80/stage/.env

Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.124 Safari/537.36

summary

Probe for environment/secret file (.env)

details

Request targeted a .env-style file (often contains secrets). Snippet='/stage/.env'

subnet

185.180.204.0/24

asn

198414 — Cyber_Folks S.A.

geo

Poland, Lesser Poland, Krakow

org

CF VPS GD

#35 2025-10-04 19:09:02 event 18853565 GET 404 bytes 7941

ann sfp 40 label sensitive_file

Request Probe for environment/secret file (.env)

/dashboard/.env

referer

http://68.183.80.204:80/dashboard/.env

Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.124 Safari/537.36

Annotation facts

label

sensitive_file

rule

sfp:file:env

conf

92.00

details

Request targeted a .env-style file (often contains secrets). Snippet='/dashboard/.env'

More (full fields + snapshot) expand

url

/dashboard/.env

referer

http://68.183.80.204:80/dashboard/.env

Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.124 Safari/537.36

summary

Probe for environment/secret file (.env)

details

Request targeted a .env-style file (often contains secrets). Snippet='/dashboard/.env'

subnet

185.180.204.0/24

asn

198414 — Cyber_Folks S.A.

geo

Poland, Lesser Poland, Krakow

org

CF VPS GD

#36 2025-10-04 19:09:01 event 18853563 GET 404 bytes 7944

ann base label observed

Request event observed

/development/.env

referer

http://68.183.80.204:80/development/.env

Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.124 Safari/537.36

Annotation facts

label

observed

rule

base_observed

conf

—

details

—

More (full fields + snapshot) expand

url

/development/.env

referer

http://68.183.80.204:80/development/.env

Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.124 Safari/537.36

summary

event observed

details

—

subnet

185.180.204.0/24

asn

198414 — Cyber_Folks S.A.

geo

Poland, Lesser Poland, Krakow

org

CF VPS GD

#37 2025-10-04 19:09:01 event 18853562 GET 404 bytes 7947

ann base label observed

Request event observed

/staging/.env

referer

http://68.183.80.204:80/staging/.env

Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.124 Safari/537.36

Annotation facts

label

observed

rule

base_observed

conf

—

details

—

More (full fields + snapshot) expand

url

/staging/.env

referer

http://68.183.80.204:80/staging/.env

Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.124 Safari/537.36

summary

event observed

details

—

subnet

185.180.204.0/24

asn

198414 — Cyber_Folks S.A.

geo

Poland, Lesser Poland, Krakow

org

CF VPS GD

#38 2025-10-04 19:09:01 event 18853561 GET 200 bytes 2395

ann base label observed

Request event observed

/admin/login/?next=/admin/.env

referer

https://68.183.80.204/admin/.env

Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.124 Safari/537.36

Annotation facts

label

observed

rule

base_observed

conf

—

details

—

More (full fields + snapshot) expand

url

/admin/login/?next=/admin/.env

referer

https://68.183.80.204/admin/.env

Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.124 Safari/537.36

summary

event observed

details

—

subnet

185.180.204.0/24

asn

198414 — Cyber_Folks S.A.

geo

Poland, Lesser Poland, Krakow

org

CF VPS GD

#39 2025-10-04 19:09:01 event 18853560 GET 404 bytes 7947

ann base label observed

Request event observed

/app/config/.env

referer

http://68.183.80.204:80/app/config/.env

Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.124 Safari/537.36

Annotation facts

label

observed

rule

base_observed

conf

—

details

—

More (full fields + snapshot) expand

url

/app/config/.env

referer

http://68.183.80.204:80/app/config/.env

Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.124 Safari/537.36

summary

event observed

details

—

subnet

185.180.204.0/24

asn

198414 — Cyber_Folks S.A.

geo

Poland, Lesser Poland, Krakow

org

CF VPS GD

#40 2025-10-04 19:09:01 event 18853559 GET 404 bytes 7947

ann base label observed

Request event observed

/production/.env

referer

http://68.183.80.204:80/production/.env

Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.124 Safari/537.36

Annotation facts

label

observed

rule

base_observed

conf

—

details

—

More (full fields + snapshot) expand

url

/production/.env

referer

http://68.183.80.204:80/production/.env

Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.124 Safari/537.36

summary

event observed

details

—

subnet

185.180.204.0/24

asn

198414 — Cyber_Folks S.A.

geo

Poland, Lesser Poland, Krakow

org

CF VPS GD

#41 2025-10-04 19:09:01 event 18853557 GET 301 bytes 178

ann base label observed

Request event observed

/panel/.env

referer

Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.124 Safari/537.36

Annotation facts

label

observed

rule

base_observed

conf

—

details

—

More (full fields + snapshot) expand

url

/panel/.env

referer

Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.124 Safari/537.36

summary

event observed

details

—

subnet

185.180.204.0/24

asn

198414 — Cyber_Folks S.A.

geo

Poland, Lesser Poland, Krakow

org

CF VPS GD

#42 2025-10-04 19:09:01 event 18853563 GET 404 bytes 7944

ann sfp 40 label sensitive_file

Request Probe for environment/secret file (.env)

/development/.env

referer

http://68.183.80.204:80/development/.env

Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.124 Safari/537.36

Annotation facts

label

sensitive_file

rule

sfp:file:env

conf

92.00

details

Request targeted a .env-style file (often contains secrets). Snippet='/development/.env'

More (full fields + snapshot) expand

url

/development/.env

referer

http://68.183.80.204:80/development/.env

Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.124 Safari/537.36

summary

Probe for environment/secret file (.env)

details

Request targeted a .env-style file (often contains secrets). Snippet='/development/.env'

subnet

185.180.204.0/24

asn

198414 — Cyber_Folks S.A.

geo

Poland, Lesser Poland, Krakow

org

CF VPS GD

#43 2025-10-04 19:09:01 event 18853562 GET 404 bytes 7947

ann sfp 40 label sensitive_file

Request Probe for environment/secret file (.env)

/staging/.env

referer

http://68.183.80.204:80/staging/.env

Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.124 Safari/537.36

Annotation facts

label

sensitive_file

rule

sfp:file:env

conf

92.00

details

Request targeted a .env-style file (often contains secrets). Snippet='/staging/.env'

More (full fields + snapshot) expand

url

/staging/.env

referer

http://68.183.80.204:80/staging/.env

Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.124 Safari/537.36

summary

Probe for environment/secret file (.env)

details

Request targeted a .env-style file (often contains secrets). Snippet='/staging/.env'

subnet

185.180.204.0/24

asn

198414 — Cyber_Folks S.A.

geo

Poland, Lesser Poland, Krakow

org

CF VPS GD

#44 2025-10-04 19:09:01 event 18853561 GET 200 bytes 2395

ann sfp 40 label sensitive_file

Request Probe for environment/secret file (.env)

/admin/login/?next=/admin/.env

referer

https://68.183.80.204/admin/.env

Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.124 Safari/537.36

Annotation facts

label

sensitive_file

rule

sfp:file:env

conf

92.00

details

Request targeted a .env-style file (often contains secrets). Snippet='/admin/login/?next=/admin/.env'

More (full fields + snapshot) expand

url

/admin/login/?next=/admin/.env

referer

https://68.183.80.204/admin/.env

Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.124 Safari/537.36

summary

Probe for environment/secret file (.env)

details

Request targeted a .env-style file (often contains secrets). Snippet='/admin/login/?next=/admin/.env'

subnet

185.180.204.0/24

asn

198414 — Cyber_Folks S.A.

geo

Poland, Lesser Poland, Krakow

org

CF VPS GD

#45 2025-10-04 19:09:01 event 18853560 GET 404 bytes 7947

ann sfp 40 label sensitive_file

Request Probe for environment/secret file (.env)

/app/config/.env

referer

http://68.183.80.204:80/app/config/.env

Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.124 Safari/537.36

Annotation facts

label

sensitive_file

rule

sfp:file:env

conf

92.00

details

Request targeted a .env-style file (often contains secrets). Snippet='/app/config/.env'

More (full fields + snapshot) expand

url

/app/config/.env

referer

http://68.183.80.204:80/app/config/.env

Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.124 Safari/537.36

summary

Probe for environment/secret file (.env)

details

Request targeted a .env-style file (often contains secrets). Snippet='/app/config/.env'

subnet

185.180.204.0/24

asn

198414 — Cyber_Folks S.A.

geo

Poland, Lesser Poland, Krakow

org

CF VPS GD

#46 2025-10-04 19:09:01 event 18853559 GET 404 bytes 7947

ann sfp 40 label sensitive_file

Request Probe for environment/secret file (.env)

/production/.env

referer

http://68.183.80.204:80/production/.env

Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.124 Safari/537.36

Annotation facts

label

sensitive_file

rule

sfp:file:env

conf

92.00

details

Request targeted a .env-style file (often contains secrets). Snippet='/production/.env'

More (full fields + snapshot) expand

url

/production/.env

referer

http://68.183.80.204:80/production/.env

Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.124 Safari/537.36

summary

Probe for environment/secret file (.env)

details

Request targeted a .env-style file (often contains secrets). Snippet='/production/.env'

subnet

185.180.204.0/24

asn

198414 — Cyber_Folks S.A.

geo

Poland, Lesser Poland, Krakow

org

CF VPS GD

#47 2025-10-04 19:09:01 event 18853557 GET 301 bytes 178

ann sfp 40 label sensitive_file

Request Probe for environment/secret file (.env)

/panel/.env

referer

Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.124 Safari/537.36

Annotation facts

label

sensitive_file

rule

sfp:file:env

conf

92.00

details

Request targeted a .env-style file (often contains secrets). Snippet='/panel/.env'

More (full fields + snapshot) expand

url

/panel/.env

referer

Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.124 Safari/537.36

summary

Probe for environment/secret file (.env)

details

Request targeted a .env-style file (often contains secrets). Snippet='/panel/.env'

subnet

185.180.204.0/24

asn

198414 — Cyber_Folks S.A.

geo

Poland, Lesser Poland, Krakow

org

CF VPS GD

#48 2025-10-04 19:09:01 event 18853561 GET 200 bytes 2395

ann ref 6 label ref

Request External referer observed on an auth-like endpoint

/admin/login/?next=/admin/.env

referer

https://68.183.80.204/admin/.env

Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.124 Safari/537.36

Annotation facts

label

ref

rule

ref:external_referer_to_auth

conf

70.00

details

External origins hitting login/auth endpoints can be a signal of phishing landing pages or malicious redirect chains. This is only emitted for auth-like paths.

More (full fields + snapshot) expand

url

/admin/login/?next=/admin/.env

referer

https://68.183.80.204/admin/.env

Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.124 Safari/537.36

summary

External referer observed on an auth-like endpoint

details

External origins hitting login/auth endpoints can be a signal of phishing landing pages or malicious redirect chains. This is only emitted for auth-like paths.

subnet

185.180.204.0/24

asn

198414 — Cyber_Folks S.A.

geo

Poland, Lesser Poland, Krakow

org

CF VPS GD

#49 2025-10-04 19:09:01 event 18853561 GET 200 bytes 2395

ann cred 8 label cred

Request Auth success (200) on auth endpoint

/admin/login/?next=/admin/.env

referer

https://68.183.80.204/admin/.env

Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.124 Safari/537.36

Annotation facts

label

cred

rule

cred:auth_success

conf

70.00

details

Useful for takeover-style correlations when preceded by failures from same source.

More (full fields + snapshot) expand

url

/admin/login/?next=/admin/.env

referer

https://68.183.80.204/admin/.env

Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.124 Safari/537.36

summary

Auth success (200) on auth endpoint

details

Useful for takeover-style correlations when preceded by failures from same source.

subnet

185.180.204.0/24

asn

198414 — Cyber_Folks S.A.

geo

Poland, Lesser Poland, Krakow

org

CF VPS GD

#50 2025-10-04 19:09:01 event 18853561 GET 200 bytes 2395

ann cred 10 label cred

Request Auth request appears to use an automation-oriented user agent

/admin/login/?next=/admin/.env

referer

https://68.183.80.204/admin/.env

Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.124 Safari/537.36

Annotation facts

label

cred

rule

cred:scripted_user_agent

conf

70.00

details

Automation-ish UA strings are useful correlates when paired with failures or spraying patterns.

More (full fields + snapshot) expand

url

/admin/login/?next=/admin/.env

referer

https://68.183.80.204/admin/.env

Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.124 Safari/537.36

summary

Auth request appears to use an automation-oriented user agent

details

Automation-ish UA strings are useful correlates when paired with failures or spraying patterns.

subnet

185.180.204.0/24

asn

198414 — Cyber_Folks S.A.

geo

Poland, Lesser Poland, Krakow

org

CF VPS GD

Log Explorer

Annotated access events

Confirm Action