Identifies an HTTPS request targeting a .env file in the web root or application directory. Access attempts to /.env indicate automated scanning for exposed environment configuration files that may contain application secrets, database credentials, API keys, or cloud tokens. This probe is commonly associated with opportunistic internet-wide scanning for misconfigured web deployments.

Identifies HTTP GET requests targeting the /.env file, indicating attempts to access exposed environment configuration files commonly containing application secrets such as database credentials, API keys, and service tokens.