I saw this line in a server log this morning and thought it was humorous – if you’re going to spoof the UserAgent, why not do it right?
220.127.116.11 - $virtual_host.com - [06/Feb/2020:07:21:11 -0800] "GET /.env HTTP/1.1" 301 238 "-" "Mozlila/5.0 (Linux; Android 7.0; SM-G892A Bulid/NRD90M; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/60.0.3112.107 Moblie Safari/537.36"
I better go find Mozlila with my Moblie!
This is a poor hack attempt to get an .env file that would have environment credentials in it. That’s a pretty common method of deploying credentials to Rails apps.