From reviewing web logs:
78.153.140.151 - - [02/May/2025:05:10:43 +0000] "GET /.env.xml HTTP/1.1" 404 3793 "-" "More Firefox 1.5.0.9 user agents strings -->>"
Perhaps if you’re going to source from a list of UAs, you shoud look at the list first and remove anything that doesn’t look like a UA. But thanks for making me laugh.
That’s the usual dreck from hostglobalplus, though. They’re one of my personal shoot-on-sight providers, so as soon as I see them in my logs I firewall off the whole netblock