This IP address has been reported a total of
17
times from
10 distinct
sources.
123.58.47.228 was first reported on
, and the most recent report was
.
Recent Reports:
We have received reports of abusive activity from this IP address within the last week. It is
potentially still actively engaged in abusive activities.
Reporter
IoA Timestamp (UTC)
Comment
Categories
Anonymous
Bot / scanning and/or hacking attempts: GET /js/app.js HTTP/1.1, GET /wp-config.php~ HTTP/1.1, GET / ...
show moreBot / scanning and/or hacking attempts: GET /js/app.js HTTP/1.1, GET /wp-config.php~ HTTP/1.1, GET /application.yml HTTP/1.1, GET /appsettings.json HTTP/1.1, GET /serverless.yml HTTP/1.1, GET /application.yaml HTTP/1.1, GET /application-dev.properties HTTP/1.1, GET /config.py HTTP/1.1, GET /application-prod.properties HTTP/1.1, GET /appsettings.Development.json HTTP/1.1, GET /config.yml HTTP/1.1, GET /appsettings.Production.json HTTP/1.1, GET /config.yaml HTTP/1.1, GET /config.toml HTTP/1.1, GET /wp-config.php.old HTTP/1.1
show less
Honeypot triggered:
IP: 123.58.47.228
Request to: https://xserverx.ru/.env
Method: GET
Host: xserver ...
show moreHoneypot triggered:
IP: 123.58.47.228
Request to: https://xserverx.ru/.env
Method: GET
Host: xserverx.ru
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/136.0.0.0 Safari/537.36 (Silvy X Ran)
Referer: Direct
Country: CN
ASN: Unknown
Triggered rules: (\.env|\.env\.local|\.env\.production)
Timestamp: 2026-07-01T04:57:09.499Z
show less
[TueJun3006:23:15.9336512026][security2:error][pid3900796:tid3900881][client123.58.47.228:0]ModSecur ...
show more[TueJun3006:23:15.9336512026][security2:error][pid3900796:tid3900881][client123.58.47.228:0]ModSecurity:Accessdeniedwithcode403\(phase1\).Patternmatch\"\(\?i\)\(\?:/\(\?:\^\|/\)\\\\\\\\.\(env\|git\|svn\|hg\|DS_Store\)\|/\(\?:wp-config\|\\\\\\\\.htaccess\|\\\\\\\\.htpasswd\)\|\\\\\\\\.\(\?:sql\|bak\|old\|log\)\$\)\"atREQUEST_URI.[file\"/etc/apache2/conf.d/modsec_custom_rules.conf\"][line\"156\"][id\"960720\"][msg\"Forbiddenfileaccessattempt\"][severity\"CRITICAL\"][hostname\"globalhorizon.ch.136-243-54-122.cpanel.site\"][uri\"/wp-config.php.bak\"][unique_id\"akNEsykUeYPvMi7efz5HCwAAAJQ\"]
show less
Auto-ban: single probe for restricted files (.env / backups / admin endpoints). Likely mass-scan on ...
show moreAuto-ban: single probe for restricted files (.env / backups / admin endpoints). Likely mass-scan on 2026-06-25.
show less