Ban Hackers

Back in the day, hackers were unemployed or unemployable programmers or teenagers with nothing to do.
Now days, it's criminal organizations and Programmers (with a capital P) with masters degrees hired by foreign (and not so foreign) governments to hack into every server they can find. They even try to scan every possible IP address for web servers. When they find one, somebody later tries to hack it.
So, I set up a website for them to visit. It says Coming Soon.
Then, it records their IP Address and bans it from the server with iptables. It also adds their IP Address and User Agent string to the database.

Here are the IP addresses I've banned over the last week:
BannedID IP User Agent String Date Hacked Banned Reason
6686320.163.58.125Mozilla/5.0 zgrab/0.x7/2/2025 07:32:01 PMUser Agent Mozilla/5.0 zgrab/0.x
6686213.214.209.226Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.108 Safari/537.367/2/2025 05:17:46 PMEvil 404 /wp-includes/wlwmanifest.xml
66861147.185.132.22Expanse, a Palo Alto Networks company, searches across the global IPv4 space multiple times per day to identify customers' presences on the Internet. If you would like to be excluded from our scan7/2/2025 05:14:59 PMTried to access http ip directly.
6686020.119.74.72Mozilla/5.0 zgrab/0.x7/2/2025 04:59:56 PMUser Agent Mozilla/5.0 zgrab/0.x
66859185.247.137.180Mozilla/5.0 (compatible; InternetMeasurement/1.0; +https://internet-measurement.com/)7/2/2025 04:05:18 PMTried to access http ip directly.
6685854.229.179.86Mozilla/5.0 (compatible; NetcraftSurveyAgent/1.0; +info@netcraft.com)7/2/2025 02:03:45 PMTried to access http ip directly.
66857185.133.214.138Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/52.0.2743.116 Safari/537.367/2/2025 01:47:28 PMTried to access http ip directly.
66856134.122.30.191Mozilla/5.0; Keydrop.io/1.0(onlyscans.com/about);7/2/2025 01:41:12 PMEvil 404 .env (AWS vulnerability)
6685543.165.189.110Mozilla/5.0 (iPhone; CPU iPhone OS 13_2_3 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/13.0.3 Mobile/15E148 Safari/604.17/2/2025 11:02:03 AMTried to access http ip directly.
66854159.203.10.69curl/8.1.27/2/2025 08:51:36 AMUser Agent curl/8.1.2
66853115.76.223.110Custom-AsyncHttpClient7/2/2025 07:46:17 AMEvil 404 /admin/vendor/phpunit/phpunit/src/Util/PHP/eval-st
6685251.210.223.51Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.0.0 Safari/537.367/2/2025 06:48:32 AMEvil 404 /admin/sqladmin/index.php?lang=en
66851134.209.251.42Mozilla/5.0; Keydrop.io/1.0(onlyscans.com/about);7/2/2025 02:28:00 AMEvil 404 .env (AWS vulnerability)
6685065.49.1.142Mozilla/5.0 (X11; Linux x86_64; rv:56.0) Gecko/20100101 Firefox/56.07/2/2025 01:53:23 AMTried to access http ip directly.
66849194.53.114.74Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/51.0.2704.103 Safari/537.367/2/2025 01:05:15 AMTried to access http ip directly.
6684840.124.80.149Mozilla/5.0 zgrab/0.x7/2/2025 12:15:25 AMTried to access http ip directly.
668475.32.176.113Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/52.0.2743.116 Safari/537.367/1/2025 11:04:17 PMTried to access http ip directly.
66846104.248.144.225Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:71.0) Gecko/20100101 Firefox/71.07/1/2025 10:35:16 PMEvil 404 /boaform/admin/formLogin
6684535.203.211.63Expanse, a Palo Alto Networks company, searches across the global IPv4 space multiple times per day to identify customers' presences on the Internet. If you would like to be excluded from our scan7/1/2025 10:27:16 PMTried to access http ip directly.
6684434.140.130.215python-requests/2.32.47/1/2025 09:23:12 PMTried to access http ip directly.
6684387.121.84.149curl/7.81.07/1/2025 08:58:29 PMTried to access http ip directly.
6684220.163.15.107Mozilla/5.0 zgrab/0.x7/1/2025 08:47:37 PMUser Agent Mozilla/5.0 zgrab/0.x
66841157.245.60.6curl/8.1.27/1/2025 08:03:11 PMUser Agent curl/8.1.2
66840199.45.154.114Mozilla/5.0 (compatible; CensysInspect/1.1; +https://about.censys.io/)7/1/2025 06:22:12 PMTried to access http ip directly.
66839176.65.148.183Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.0.0 Safari/537.367/1/2025 06:03:12 PMEvil 404 .env (AWS vulnerability)
66838217.182.68.199Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/88.0.4240.193 Safari/537.367/1/2025 05:34:45 PMEvil 404 /wp-includes/wlwmanifest.xml
66837104.152.52.65curl/7.61.17/1/2025 05:02:55 PMTried to access http ip directly.
66836116.204.171.17Mozilla/5.0 (iPhone; CPU iPhone OS 18_3_2 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/18.3.1 Mobile/15E148 Safari/604.17/1/2025 04:45:47 PMTried to access http ip directly.
66835161.35.172.243Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/137.0.0.0 Safari/537.367/1/2025 03:27:49 PMTried to access http ip directly.
66834195.182.25.241Mozilla/5.0 (Linux; Android 8.0.0; d-02K) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/72.0.3626.105 Safari/537.367/1/2025 03:00:18 PMEvil 404 .env (AWS vulnerability)
66833157.230.248.242Mozilla/5.0; Keydrop.io/1.0(onlyscans.com/about);7/1/2025 02:23:23 PMEvil 404 .env (AWS vulnerability)
6683234.235.167.104Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/136.0.0.0 Safari/537.367/1/2025 02:15:52 PMTried to access http ip directly.
66831171.97.16.167Hello-World/1.07/1/2025 01:01:27 PMTried to access http ip directly.
66830123.58.209.1127/1/2025 12:06:11 PMTried to log in as root with no password.
66829179.32.129.233Mozilla/5.0 (Windows NT 10.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/51.0.2704.103 Safari/537.367/1/2025 10:44:06 AMTried to access http ip directly.
6682843.155.157.239Mozilla/5.0 (iPhone; CPU iPhone OS 13_2_3 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/13.0.3 Mobile/15E148 Safari/604.17/1/2025 10:37:12 AMTried to access http ip directly.
6682720.150.192.39Mozilla/5.0 zgrab/0.x7/1/2025 10:26:05 AMUser Agent Mozilla/5.0 zgrab/0.x
6682641.90.65.112Mozilla/5.0 (Windows NT 10.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/51.0.2704.103 Safari/537.367/1/2025 07:32:22 AMTried to access http ip directly.
66825139.59.180.173curl/8.1.27/1/2025 06:45:23 AMUser Agent curl/8.1.2
66824164.92.105.39Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.367/1/2025 02:56:38 AMTried to access http ip directly.
66823157.230.212.28masscan/1.0 (https://github.com/robertdavidgraham/masscan)7/1/2025 02:28:14 AMTried to access http ip directly.
66822205.169.39.23Mozilla/5.0 (Windows NT 10.0) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.0.0 Safari/537.367/1/2025 02:14:24 AMTried to access http ip directly.
6682164.227.71.153Mozilla/5.0; Keydrop.io/1.0(onlyscans.com/about);7/1/2025 12:40:48 AMEvil 404 .env (AWS vulnerability)
6682092.60.40.205Python/3.11 aiohttp/3.12.136/30/2025 11:24:46 PMUser Agent Python/3.11 aiohttp/3.12.13
6681945.33.14.197Mozilla/5.0 zgrab/0.x6/30/2025 10:35:31 PMTried to access http ip directly.
66818135.237.126.9Mozilla/5.0 zgrab/0.x6/30/2025 10:12:30 PMTried to access http ip directly.
66817104.234.115.33'Mozilla/5.0 (compatible; GenomeCrawlerd/1.0; +https://www.nokia.com/genomecrawler)'6/30/2025 10:11:21 PMTried to access http ip directly.
66816157.245.33.129Yoohoo6/30/2025 09:51:48 PMEvil 404 .env (AWS vulnerability)
66815157.245.33.129Yoohoo6/30/2025 09:51:48 PMEvil 404 .env (AWS vulnerability)
6681434.66.88.210Mozilla/5.0 (Kubuntu; Linux x86_64; rv:127.0) Gecko/20100101 Firefox/127.06/30/2025 08:56:31 PMTried to access http ip directly.
6681320.65.194.143Mozilla/5.0 zgrab/0.x6/30/2025 07:03:50 PMUser Agent Mozilla/5.0 zgrab/0.x
6681291.244.197.102Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/90.0.4430.85 Safari/537.36 Edg/90.0.818.466/30/2025 06:27:29 PMTried to access http ip directly.
66811159.223.50.79curl/8.1.26/30/2025 06:15:04 PMUser Agent curl/8.1.2
6681080.251.153.117Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/90.0.4430.85 Safari/537.36 Edg/90.0.818.466/30/2025 05:31:45 PMTried to access http ip directly.
6680992.118.39.86Mozilla/5.0 zgrab/0.x6/30/2025 05:17:24 PMUser Agent Mozilla/5.0 zgrab/0.x
66808204.76.203.233Go-http-client/1.16/30/2025 03:44:30 PMTried to access http ip directly.
6680734.76.0.248python-requests/2.32.46/30/2025 02:07:57 PMTried to access http ip directly.
6680644.211.43.45Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/136.0.0.0 Safari/537.366/30/2025 02:06:47 PMTried to access http ip directly.
66805198.199.85.41Mozilla/5.0; Keydrop.io/1.0(onlyscans.com/about);6/30/2025 12:58:36 PMEvil 404 .env (AWS vulnerability)
6680493.123.72.134Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/90.0.4430.85 Safari/537.36 Edg/90.0.818.466/30/2025 11:56:46 AMTried to access http ip directly.
66803123.160.221.131Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.110 Safari/537.366/30/2025 11:13:41 AMTried to access http ip directly.
668028.216.67.37curl/7.64.16/30/2025 11:13:04 AMTried to access http ip directly.
6680143.159.143.190Mozilla/5.0 (iPhone; CPU iPhone OS 13_2_3 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/13.0.3 Mobile/15E148 Safari/604.16/30/2025 11:09:57 AMTried to access http ip directly.
66800135.237.123.203Mozilla/5.0 zgrab/0.x6/30/2025 10:59:00 AMUser Agent Mozilla/5.0 zgrab/0.x
66799209.97.171.55Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/81.0.4044.129 Safari/537.366/30/2025 10:18:47 AMEvil 404 .env (AWS vulnerability)
6679883.229.17.125Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:71.0) Gecko/20100101 Firefox/71.06/30/2025 08:44:11 AMEvil 404 /boaform/admin/formLogin
6679765.49.1.192Mozilla/5.0 (Linux; Android 10; K) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.0.0 Mobile Safari/537.366/30/2025 07:49:38 AMTried to access http ip directly.
6679635.203.210.227Expanse, a Palo Alto Networks company, searches across the global IPv4 space multiple times per day to identify customers' presences on the Internet. If you would like to be excluded from our scan6/30/2025 06:08:26 AMTried to access http ip directly.
66795185.176.42.146Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/81.0.4044.129 Safari/537.366/30/2025 05:55:43 AMEvil 404 .env (AWS vulnerability)
66794104.248.63.252curl/8.1.26/30/2025 05:41:02 AMUser Agent curl/8.1.2
66793164.90.230.1curl/8.1.26/30/2025 04:47:08 AMUser Agent curl/8.1.2
6679245.79.190.216Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML6/30/2025 04:24:01 AMTried to access http ip directly.
6679113.49.240.229Mozilla/5.0 (Macintosh; Intel Mac OS X 10_9_3) AppleWebKit/537.75.14 (KHTML, like Gecko) Version/7.0.3 Safari/7046A194A6/30/2025 03:23:34 AMEvil 404 /wp-admin/install.php?step=1
6679085.204.70.114Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.108 Safari/537.366/30/2025 02:20:31 AMEvil 404 /wp-includes/wlwmanifest.xml
6678964.225.58.250Mozilla/5.0; Keydrop.io/1.0(onlyscans.com/about);6/30/2025 02:12:11 AMEvil 404 .env (AWS vulnerability)
6678843.165.190.5Mozilla/5.0 (iPhone; CPU iPhone OS 13_2_3 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/13.0.3 Mobile/15E148 Safari/604.16/30/2025 01:40:24 AMTried to access http ip directly.
66787152.32.134.89Mozilla/5.0 (Macintosh; Intel Mac OS X 8_2_2) AppleWebKit/542.38 (KHTML, like Gecko) Chrome/83.0.287 Safari/537.366/29/2025 11:32:08 PMTried to access http ip directly.
66786165.154.40.42curl/7.29.06/29/2025 11:31:57 PMTried to access http ip directly.
66785169.150.196.14Python/3.11 aiohttp/3.12.136/29/2025 08:35:26 PMUser Agent Python/3.11 aiohttp/3.12.13
6678420.221.72.95Mozilla/5.0 zgrab/0.x6/29/2025 05:41:05 PMUser Agent Mozilla/5.0 zgrab/0.x
66783142.93.208.13curl/8.1.26/29/2025 04:14:27 PMUser Agent curl/8.1.2
6678240.119.41.182Mozilla/5.0 zgrab/0.x6/29/2025 03:20:09 PMUser Agent Mozilla/5.0 zgrab/0.x
6678144.220.188.172Mozilla/5.0 (Windows NT 6.2;en-US) AppleWebKit/537.32.36 (KHTML, live Gecko) Chrome/60.0.3006.87 Safari/537.326/29/2025 03:08:49 PMTried to access http ip directly.
66780165.227.179.99Mozilla/5.0 (X11; Linux x86_64; rv:137.0) Gecko/20100101 Firefox/137.06/29/2025 02:44:55 PMTried to access http ip directly.
6677934.229.138.24Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/136.0.0.0 Safari/537.366/29/2025 01:58:48 PMTried to access http ip directly.
6677868.183.192.23Mozilla/5.0; Keydrop.io/1.0(onlyscans.com/about);6/29/2025 11:56:22 AMEvil 404 .env (AWS vulnerability)
6677720.163.2.53Mozilla/5.0 zgrab/0.x6/29/2025 10:01:16 AMUser Agent Mozilla/5.0 zgrab/0.x
6677675.128.48.101Hello-World/1.06/29/2025 06:02:32 AMTried to access http ip directly.
6677552.221.182.178Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.108 Safari/537.366/29/2025 05:11:56 AMEvil 404 /wp-includes/wlwmanifest.xml
6677443.128.88.125Mozilla/5.0 (Macintosh; Intel Mac OS X 10_10_1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.366/29/2025 04:44:19 AMEvil 404 /wp-includes/js/jquery/jquery.js
66773188.166.156.97curl/8.1.26/29/2025 02:51:26 AMUser Agent curl/8.1.2
66772107.170.21.14Mozilla/5.0; Keydrop.io/1.0(onlyscans.com/about);6/29/2025 02:06:54 AMEvil 404 .env (AWS vulnerability)
66771104.234.115.122'Mozilla/5.0 (compatible; GenomeCrawlerd/1.0; +https://www.nokia.com/genomecrawler)'6/29/2025 12:35:14 AMTried to access http ip directly.
6677066.228.53.174Mozilla/5.0 (Macintosh; Intel Mac OS X 13_1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.0.0 Safari/537.366/28/2025 09:14:17 PMTried to access http ip directly.
6676936.72.215.196Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/52.0.2743.116 Safari/537.366/28/2025 08:57:58 PMTried to access http ip directly.
66768112.166.251.88curl/7.88.16/28/2025 08:27:46 PMTried to access http ip directly.
66767202.51.205.66/28/2025 07:10:57 PMTried to log in as root with no password.
66766162.216.149.30Expanse, a Palo Alto Networks company, searches across the global IPv4 space multiple times per day to identify customers' presences on the Internet. If you would like to be excluded from our scan6/28/2025 07:02:45 PMTried to access http ip directly.
66765112.120.173.42Hello-World/1.06/28/2025 04:58:39 PMTried to access http ip directly.
66764172.202.118.10Mozilla/5.0 zgrab/0.x6/28/2025 03:41:31 PMUser Agent Mozilla/5.0 zgrab/0.x
66763185.247.137.145Mozilla/5.0 (compatible; InternetMeasurement/1.0; +https://internet-measurement.com/)6/28/2025 03:40:16 PMTried to access http ip directly.
66762209.38.31.230curl/8.1.26/28/2025 02:09:41 PMUser Agent curl/8.1.2
6676168.183.15.139Mozilla/5.0; Keydrop.io/1.0(onlyscans.com/about);6/28/2025 12:24:07 PMEvil 404 .env (AWS vulnerability)
66760185.168.174.50Mozilla/5.0 (Windows NT 10.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/51.0.2704.103 Safari/537.366/28/2025 11:56:53 AMTried to access http ip directly.
667591.83.125.213Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/49.0.2623.112 Safari/537.366/28/2025 11:36:33 AMTried to access http ip directly.
66758159.223.72.122Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.366/28/2025 11:16:09 AMEvil 404 /wp-includes/ID3/license.txt
6675791.196.152.127Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:134.0) Gecko/20100101 Firefox/134.06/28/2025 09:25:46 AMTried to access http ip directly.
6675634.22.221.223python-requests/2.32.46/28/2025 07:02:06 AMTried to access http ip directly.
66755152.42.211.85Mozlila/5.0 (Linux; Android 7.0; SM-G892A Bulid/NRD90M; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/60.0.3112.107 Moblie Safari/537.366/28/2025 03:42:25 AMEvil 404 /wp-content/plugins/litespeed-cache/readme.txt
66754176.65.149.178Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:71.0) Gecko/20100101 Firefox/71.06/28/2025 02:16:42 AMEvil 404 /boaform/admin/formLogin
66753169.150.196.25Python/3.11 aiohttp/3.12.136/28/2025 01:26:38 AMUser Agent Python/3.11 aiohttp/3.12.13
6675224.199.82.46curl/8.1.26/28/2025 01:12:02 AMUser Agent curl/8.1.2
6675143.134.106.236Mozilla/5.0 (Macintosh; Intel Mac OS X 10_10_1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.366/28/2025 12:16:14 AMEvil 404 /wp-includes/js/jquery/jquery.js
66750165.227.88.203Mozilla/5.0; Keydrop.io/1.0(onlyscans.com/about);6/28/2025 12:05:50 AMEvil 404 .env (AWS vulnerability)
6674935.93.196.112Mozilla/5.0 (Macintosh; Intel Mac OS X 10_11_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/50.0.2661.102 Safari/537.366/27/2025 11:46:27 PMTried to access http ip directly.
6674844.201.129.13Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/136.0.0.0 Safari/537.366/27/2025 11:16:30 PMTried to access http ip directly.
66747147.185.133.141Expanse, a Palo Alto Networks company, searches across the global IPv4 space multiple times per day to identify customers' presences on the Internet. If you would like to be excluded from our scan6/27/2025 10:08:08 PMTried to access http ip directly.
6674635.226.27.221Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.366/27/2025 06:26:29 PMTried to access http ip directly.
66745194.26.29.129python-requests/2.25.16/27/2025 04:37:37 PMUser Agent python-requests/2.25.1
6674445.156.87.152Mozilla/5.0 (X11; Linux x86_64)6/27/2025 03:32:35 PMEvil 404 .env (AWS vulnerability)
66743117.89.91.8Mozilla/5.0 (Windows NT 10.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/51.0.2704.103 Safari/537.366/27/2025 03:08:53 PMTried to access http ip directly.
6674240.86.155.29curl/8.5.06/27/2025 01:51:35 PMUser Agent curl/8.5.0
667414.151.1.31curl/8.5.06/27/2025 01:50:42 PMUser Agent curl/8.5.0
667404.151.179.171curl/8.5.06/27/2025 01:50:16 PMUser Agent curl/8.5.0
667394.151.110.145curl/8.5.06/27/2025 01:49:38 PMUser Agent curl/8.5.0
6673820.165.46.105curl/8.5.06/27/2025 01:48:29 PMUser Agent curl/8.5.0
667374.151.211.119curl/8.5.06/27/2025 01:48:09 PMUser Agent curl/8.5.0
667364.150.40.48curl/8.5.06/27/2025 01:47:54 PMUser Agent curl/8.5.0
667354.151.67.164curl/8.5.06/27/2025 01:47:45 PMUser Agent curl/8.5.0
6673464.227.69.144curl/8.1.26/27/2025 12:26:38 PMUser Agent curl/8.1.2
66733206.123.145.134Mozilla/5.0 (Macintosh; U; Intel Mac OS X 10_6_8; en-us) AppleWebKit/534.50 (KHTML, like Gecko) Version/5.1 Safari/534.506/27/2025 12:15:59 PMEvil 404 .env (AWS vulnerability)
66732139.59.180.47Mozilla/5.0; Keydrop.io/1.0(onlyscans.com/about);6/27/2025 11:52:05 AMEvil 404 .env (AWS vulnerability)
6673187.121.84.130Mozilla/5.06/27/2025 10:21:04 AMTried to access http ip directly.
66730165.154.11.52Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.0.0 Safari/537.36 Edg/120.0.0.06/27/2025 10:06:23 AMTried to access http ip directly.
6672957.151.98.114Mozilla/5.0 zgrab/0.x6/27/2025 09:05:15 AMUser Agent Mozilla/5.0 zgrab/0.x
66728150.109.22.45Mozilla/5.0 (Macintosh; Intel Mac OS X 10_10_1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.366/27/2025 07:59:17 AMEvil 404 /wp-includes/js/jquery/jquery.js
66727185.218.84.47Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.366/27/2025 07:41:03 AMTried to access http ip directly.
667262.183.87.223Mozilla/5.0 (Windows NT 10.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/51.0.2704.103 Safari/537.366/27/2025 07:23:59 AMTried to access http ip directly.
66725185.218.84.46Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.366/27/2025 07:05:23 AMTried to access http ip directly.
66724185.218.84.45Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.366/27/2025 07:02:06 AMTried to access http ip directly.
667235.101.64.6Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.88 Safari/537.366/27/2025 06:58:13 AMTried to access http ip directly.
66722186.151.92.222Mozilla/5.0 (Macintosh; Intel Mac OS X 10_11_6) AppleWebKit/601.7.7 (KHTML, like Gecko) Version/9.1.2 Safari/601.7.76/27/2025 06:09:22 AMTried to access http ip directly.
66721108.165.153.7Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/90.0.4430.85 Safari/537.36 Edg/90.0.818.466/27/2025 05:49:10 AMTried to access http ip directly.
66720154.126.201.150xfa16/27/2025 04:17:30 AMEvil 404 /admin/config.php
66719108.165.153.6Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/90.0.4430.85 Safari/537.36 Edg/90.0.818.466/27/2025 03:43:30 AMTried to access http ip directly.
66718185.213.154.247Python/3.11 aiohttp/3.12.136/27/2025 03:26:09 AMUser Agent Python/3.11 aiohttp/3.12.13
66717123.58.204.200Mozilla/5.0 (Macintosh; Intel Mac OS X 11) AppleWebKit/538.41 (KHTML, like Gecko) Chrome/87.0.4280.88 Safari/537.366/27/2025 03:05:37 AMTried to access http ip directly.
66716167.71.79.163Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.06/27/2025 03:00:14 AMTried to access http ip directly.
6671520.55.88.105Mozilla/5.0 zgrab/0.x6/27/2025 02:34:13 AMUser Agent Mozilla/5.0 zgrab/0.x
6671485.204.222.135Mozilla/5.0 (Macintosh; Intel Mac OS X 10_11_6) AppleWebKit/601.7.7 (KHTML, like Gecko) Version/9.1.2 Safari/601.7.76/27/2025 02:11:53 AMTried to access http ip directly.
66713178.210.187.82Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/51.0.2704.103 Safari/537.366/27/2025 01:48:22 AMTried to access http ip directly.
6671234.22.164.219python-requests/2.32.46/27/2025 01:13:56 AMTried to access http ip directly.
66711152.42.166.7Mozilla/5.0; Keydrop.io/1.0(onlyscans.com/about);6/27/2025 12:18:25 AMEvil 404 .env (AWS vulnerability)
66710104.234.115.161'Mozilla/5.0 (compatible; GenomeCrawlerd/1.0; +https://www.nokia.com/genomecrawler)'6/27/2025 12:16:12 AMTried to access http ip directly.
66709128.199.68.101curl/8.1.26/26/2025 11:31:35 PMUser Agent curl/8.1.2
6670835.203.210.140Expanse, a Palo Alto Networks company, searches across the global IPv4 space multiple times per day to identify customers' presences on the Internet. If you would like to be excluded from our scan6/26/2025 10:28:59 PMTried to access http ip directly.
6670720.163.74.20Mozilla/5.0 zgrab/0.x6/26/2025 10:08:39 PMUser Agent Mozilla/5.0 zgrab/0.x
66706218.144.21.147Mozilla/5.0 (Linux; U; Android 4.0.3; ko-kr; LG-L160L Build/IML74K) AppleWebkit/534.30 (KHTML, like Gecko) Version/4.0 Mobile Safari/534.306/26/2025 10:05:13 PMTried to access http ip directly.
6670564.62.156.10Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.0.0 Safari/537.36 Edg/110.0.1587.466/26/2025 09:09:31 PMTried to access http ip directly.
6670420.65.195.30Mozilla/5.0 zgrab/0.x6/26/2025 08:44:17 PMUser Agent Mozilla/5.0 zgrab/0.x
6670320.163.34.47Mozilla/5.0 zgrab/0.x6/26/2025 08:28:51 PMTried to access http ip directly.
66702159.65.152.66Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:85.0) Gecko/20100101 Firefox/91.06/26/2025 06:43:58 PMEvil 404 /www/wp-login.php
6670191.121.145.32Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:85.0) Gecko/20100101 Firefox/91.06/26/2025 06:11:22 PMEvil 404 /www/wp-login.php
6670045.156.128.79Mozilla/5.0 (Windows NT 10.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/66.0.3359.117 Safari/537.366/26/2025 04:16:28 PMTried to access http ip directly.
66699203.205.6.137Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:85.0) Gecko/20100101 Firefox/91.06/26/2025 04:02:40 PMEvil 404 /www/wp-login.php
6669883.23.152.168Mozilla/5.0 (Windows NT 10.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/51.0.2704.103 Safari/537.366/26/2025 04:01:02 PMTried to access http ip directly.
6669734.28.207.190Mozilla/5.0 (Fedora; Linux i686) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.0.0 Safari/537.366/26/2025 02:47:30 PMTried to access http ip directly.
66696205.209.114.190Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:85.0) Gecko/20100101 Firefox/91.06/26/2025 02:29:35 PMEvil 404 /www/wp-login.php
6669364.225.101.100Go-http-client/1.16/26/2025 02:28:33 PMEvil 404 /cgi-bin/authLogin.cgi
66695134.122.83.190Mozilla/5.0 (compatible; Odin; https://docs.getodin.com/)6/26/2025 02:28:33 PMTried to access http ip directly.
6669464.225.101.100Go-http-client/1.16/26/2025 02:28:33 PMEvil 404 /solr/admin/info/system
66692138.197.104.148Mozilla/5.0; Keydrop.io/1.0(onlyscans.com/about);6/26/2025 11:42:26 AMEvil 404 .env (AWS vulnerability)
6669194.23.61.165Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:85.0) Gecko/20100101 Firefox/91.06/26/2025 11:03:27 AMEvil 404 /wordpress/wp-login.php
66690192.250.235.158Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:85.0) Gecko/20100101 Firefox/91.06/26/2025 10:39:08 AMEvil 404 /wordpress/wp-login.php
66689107.170.1.63curl/8.1.26/26/2025 10:32:51 AMUser Agent curl/8.1.2
6668845.156.130.45Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/60.0.3112.113 Safari/537.366/26/2025 10:26:46 AMTried to access http ip directly.
66687148.72.214.194Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:85.0) Gecko/20100101 Firefox/91.06/26/2025 08:31:25 AMEvil 404 /wordpress/wp-login.php
666863.88.207.161Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/136.0.0.0 Safari/537.366/26/2025 05:46:31 AMTried to access http ip directly.
66685194.187.179.151Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:65.0) Gecko/20100101 Firefox/65.06/26/2025 04:04:28 AMTried to access http ip directly.
66684185.49.25.194Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/52.0.2743.116 Safari/537.366/26/2025 03:42:13 AMTried to access http ip directly.
66683150.109.230.210Mozilla/5.0 (iPhone; CPU iPhone OS 13_2_3 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/13.0.3 Mobile/15E148 Safari/604.16/26/2025 03:36:11 AMTried to access http ip directly.
66682143.110.135.118Mozilla/5.0; Keydrop.io/1.0(onlyscans.com/about);6/26/2025 01:45:43 AMEvil 404 .env (AWS vulnerability)
6668182.102.18.220Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.108 Safari/537.366/26/2025 01:42:22 AMEvil 404 /wp-includes/wlwmanifest.xml
66680110.0.126.133Mozilla/5.0 (Windows NT 10.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/51.0.2704.103 Safari/537.366/26/2025 12:47:43 AMTried to access http ip directly.
66679162.241.62.242Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:85.0) Gecko/20100101 Firefox/91.06/26/2025 12:34:37 AMEvil 404 /wp/wp-login.php
66678104.234.115.163'Mozilla/5.0 (compatible; GenomeCrawlerd/1.0; +https://www.nokia.com/genomecrawler)'6/26/2025 12:26:39 AMTried to access http ip directly.
66677147.185.133.240Expanse, a Palo Alto Networks company, searches across the global IPv4 space multiple times per day to identify customers' presences on the Internet. If you would like to be excluded from our scan6/25/2025 11:44:58 PMTried to access http ip directly.
66676185.250.38.17Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:85.0) Gecko/20100101 Firefox/91.06/25/2025 11:20:01 PMEvil 404 /wp/wp-login.php
6667587.121.84.212Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/90.0.4430.85 Safari/537.36 Edg/90.0.818.466/25/2025 11:08:44 PMTried to access http ip directly.
66674134.199.238.126curl/8.1.26/25/2025 10:13:40 PMUser Agent curl/8.1.2
6667345.56.103.154Mozilla/5.0 (Macintosh; Intel Mac OS X 11_2_2) AppleWebKit/605.1.15 (KHTML6/25/2025 09:50:17 PMTried to access http ip directly.
66672199.45.155.100Mozilla/5.0 (compatible; CensysInspect/1.1; +https://about.censys.io/)6/25/2025 09:34:09 PMTried to access http ip directly.