Ban Hackers

Back in the day, hackers were unemployed or unemployable programmers or teenagers with nothing to do.
Now days, it's criminal organizations and Programmers (with a capital P) with masters degrees hired by foreign (and not so foreign) governments to hack into every server they can find. They even try to scan every possible IP address for web servers. When they find one, somebody later tries to hack it.
So, I set up a website for them to visit. It says Coming Soon.
Then, it records their IP Address and bans it from the server with iptables. It also adds their IP Address and User Agent string to the database.

Here are the IP addresses I've banned over the last week:
BannedID IP User Agent String Date Hacked Banned Reason
53314186.33.122.95Mozilla/5.0 (Windows NT 10.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/51.0.2704.103 Saf6/4/2023 01:25:30 AMTried to access http ip directly.
5331335.203.210.177Expanse, a Palo Alto Networks company, searches across the global IPv4 space multiple times per day 6/4/2023 12:58:35 AMTried to access http ip directly.
53312102.129.249.70Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/81.0.4044.129 Safari/56/4/2023 12:17:24 AMEvil 404 .env (AWS vulnerability)
5331164.227.41.52Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.0.0 Sa6/3/2023 11:59:11 PMTried to access http ip directly.
53310210.178.253.212condi-bbos6/3/2023 10:35:21 PMEvil 404 /cgi-bin/luci/;stok=/locale?form=country
533092.57.122.71Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/81.0.4044.129 Safari/56/3/2023 09:55:19 PMEvil 404 .env (AWS vulnerability)
53308151.242.152.147Mozilla/5.0 (Windows NT 10.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/51.0.2704.103 Saf6/3/2023 08:19:19 PMTried to access http ip directly.
53307104.243.37.41Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:55.0) Gecko/20100101 Firefox/55.06/3/2023 05:46:26 PMTried to access http ip directly.
53306205.210.31.167Expanse, a Palo Alto Networks company, searches across the global IPv4 space multiple times per day 6/3/2023 02:57:27 PMTried to access http ip directly.
53305194.49.71.110Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/52.0.2743.116 Safa6/3/2023 02:13:54 PMTried to access http ip directly.
5330479.174.70.211Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/87.0.4280.666/3/2023 01:22:37 PMEvil 404 /wp-content/plugins/mstore-api/assets/js/mstore-in
53303165.227.182.161Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.0.0 Sa6/3/2023 01:10:12 PMTried to access http ip directly.
53302173.249.1.213Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/81.0.4044.129 Safari/56/3/2023 12:28:28 PMEvil 404 .env (AWS vulnerability)
53301159.203.208.9Mozilla/5.0 zgrab/0.x6/3/2023 11:40:04 AMTried to access http ip directly.
53300192.241.198.125Mozilla/5.0 zgrab/0.x6/3/2023 10:56:57 AMUser Agent Mozilla/5.0 zgrab/0.x
53299192.138.189.151Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:96.0) Gecko/20100101 Firefox/966/3/2023 09:51:19 AMEvil 404 /wp-login.php
53298206.132.63.239Mozilla/5.0 (Windows NT 10.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/51.0.2704.103 Saf6/3/2023 09:39:53 AMTried to access http ip directly.
53297139.5.223.23Mozilla/5.0 (Windows NT 10.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/51.0.2704.103 Saf6/3/2023 08:46:49 AMTried to access http ip directly.
5329664.62.197.161Mozilla/5.0 (X11; Linux x86_64; rv:102.0) Gecko/20100101 Firefox/102.06/3/2023 08:16:34 AMTried to access http ip directly.
53295162.243.136.12Mozilla/5.0 zgrab/0.x6/3/2023 07:22:02 AMUser Agent Mozilla/5.0 zgrab/0.x
53294162.216.149.206Expanse, a Palo Alto Networks company, searches across the global IPv4 space multiple times per day 6/3/2023 05:13:32 AMTried to access http ip directly.
53293162.215.214.86Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:96.0) Gecko/20100101 Firefox/966/3/2023 02:52:04 AMEvil 404 /wp-login.php
53292149.56.26.205Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:96.0) Gecko/20100101 Firefox/966/3/2023 02:44:42 AMEvil 404 /wp-login.php
5329191.105.96.229Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/51.0.2704.103 Safa6/3/2023 01:08:17 AMTried to access http ip directly.
53290167.172.176.101Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.0.0 Sa6/3/2023 12:43:57 AMTried to access http ip directly.
53289205.210.31.100Expanse, a Palo Alto Networks company, searches across the global IPv4 space multiple times per day 6/2/2023 09:08:34 PMTried to access http ip directly.
5328845.128.232.181Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:71.0) Gecko/20100101 Firefox/71.06/2/2023 07:49:28 PMEvil 404 /boaform/admin/formLogin
5328743.128.84.51Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.696/2/2023 06:50:15 PMEvil 404 /wp-includes/ID3/license.txt
53286175.113.91.220Mozilla/5.0 (Windows NT 10.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/51.0.2704.103 Saf6/2/2023 05:40:50 PMTried to access http ip directly.
5328520.199.9.204python-requests/2.31.06/2/2023 05:26:34 PMTried to access http ip directly.
53284202.28.120.40Mozilla/5.0 (Windows NT 6.2; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/29.0.1547.2 Safari6/2/2023 01:22:48 PMEvil 404 /wp-login.php
53283207.244.235.58Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:96.0) Gecko/20100101 Firefox/966/2/2023 12:28:04 PMEvil 404 /wp-login.php
5328285.217.144.35Mozilla/5.0 zgrab/0.x6/2/2023 11:08:47 AMTried to access http ip directly.
5328140.113.112.29python-requests/2.31.06/2/2023 10:57:25 AMUser Agent python-requests/2.31.0
53280113.119.57.24Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:96.0) Gecko/20100101 Firefox/966/2/2023 09:48:36 AMEvil 404 /wp-login.php
53279205.210.31.155Expanse, a Palo Alto Networks company, searches across the global IPv4 space multiple times per day 6/2/2023 07:46:04 AMTried to access http ip directly.
53278212.45.95.229condi-bbos6/2/2023 05:07:56 AMEvil 404 /cgi-bin/luci/;stok=/locale?form=country
5327780.85.86.71Mozilla/5.0 (Windows NT 6.1; WOW64; rv:8.0) Gecko/20100101 Firefox/8.06/2/2023 03:41:35 AMTried to access http ip directly.
5327631.197.219.246condi-bbos6/2/2023 02:13:27 AMEvil 404 /cgi-bin/luci/;stok=/locale?form=country
5327589.111.147.45Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.116/2/2023 12:49:07 AMEvil 404 /wp-content/plugins/essential-addons-for-elementor
5327445.137.242.203Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/81.0.4044.129 Safari/56/2/2023 12:46:55 AMEvil 404 .env (AWS vulnerability)
53273198.98.53.159Linux Gnu (cow)6/1/2023 11:20:26 PMTried to access http ip directly.
53272103.166.187.135Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/51.0.2704.103 Safa6/1/2023 11:03:49 PMTried to access http ip directly.
53271205.210.31.233Expanse, a Palo Alto Networks company, searches across the global IPv4 space multiple times per day 6/1/2023 10:53:17 PMTried to access http ip directly.
53270162.216.150.58Expanse, a Palo Alto Networks company, searches across the global IPv4 space multiple times per day 6/1/2023 09:02:08 PMTried to access http ip directly.
53269205.185.116.25Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.46/1/2023 08:32:43 PMTried to access http ip directly.
5326843.130.11.228curl/7.64.16/1/2023 08:32:04 PMTried to access http ip directly.
53267161.35.44.71Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/79.0 Safari/6/1/2023 05:05:20 PMEvil 404 /wp-includes/wlwmanifest.xml
53266185.177.57.157Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:76.0) Gecko/20100101 Firefox/76.06/1/2023 03:26:59 PMTried to access http ip directly.
53265103.116.52.89Linux Gnu (cow)6/1/2023 03:03:12 PMTried to access http ip directly.
53264178.128.171.130Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/79.0 Safari/6/1/2023 02:52:35 PMEvil 404 /wp-includes/wlwmanifest.xml
53263117.197.166.118Mozilla/5.0 (Windows NT 10.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/52.0.2743.116 Saf6/1/2023 02:00:43 PMTried to access http ip directly.
5326235.203.211.3Expanse, a Palo Alto Networks company, searches across the global IPv4 space multiple times per day 6/1/2023 12:11:16 PMTried to access http ip directly.
53261194.38.21.21Linux Gnu (cow)6/1/2023 10:33:43 AMTried to access http ip directly.
53260107.170.255.42Mozilla/5.0 zgrab/0.x5/31/2023 11:06:42 AMUser Agent Mozilla/5.0 zgrab/0.x
53259143.198.186.111Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.615/31/2023 09:31:50 AMTried to access http ip directly.
53258201.210.83.100Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/52.0.2743.116 Safa5/31/2023 09:16:44 AMTried to access http ip directly.
5325743.139.28.122Mozilla/5.0 (Windows NT 6.1; WOW64; rv:45.0) Gecko/20100101 Firefox/45.05/31/2023 08:37:35 AMEvil 404 /wp-login.php
53256192.241.206.100Mozilla/5.0 zgrab/0.x5/31/2023 07:21:26 AMUser Agent Mozilla/5.0 zgrab/0.x
53255138.197.47.114Mozilla/5.0 (X11; Linux x86_64; rv:73.0) Gecko/20100101 Firefox/73.05/31/2023 05:39:00 AMTried to access http ip directly.
53254167.172.103.184Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.0.0 Sa5/31/2023 05:07:26 AMTried to access http ip directly.
5325391.207.184.197Mozilla/5.0 (Windows NT 10.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/51.0.2704.103 Saf5/31/2023 01:44:20 AMTried to access http ip directly.
53252205.210.31.65Expanse, a Palo Alto Networks company, searches across the global IPv4 space multiple times per day 5/31/2023 12:28:00 AMTried to access http ip directly.
53251104.152.52.221masscan/1.3 (https://github.com/robertdavidgraham/masscan)5/30/2023 08:17:46 PMTried to access http ip directly.
5325035.203.210.221Expanse, a Palo Alto Networks company, searches across the global IPv4 space multiple times per day 5/30/2023 08:16:09 PMTried to access http ip directly.
53249213.149.7.178Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/52.0.2743.116 Safa5/30/2023 08:13:48 PMTried to access http ip directly.
5324820.226.35.216Mozilla/5.0 (Linux; U; Android 4.4.2; en-US; HM NOTE 1W Build/KOT49H) AppleWebKit/534.30 (KHTML, lik5/30/2023 07:50:52 PMEvil 404 .env (AWS vulnerability)
53247190.122.144.76Mozilla/5.0 (Windows NT 10.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/52.0.2743.116 Saf5/30/2023 07:39:49 PMTried to access http ip directly.
53246192.241.209.74Mozilla/5.0 zgrab/0.x5/30/2023 06:31:35 PMUser Agent Mozilla/5.0 zgrab/0.x
53245170.64.148.190Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.0.0 Sa5/30/2023 06:25:25 PMTried to access http ip directly.
5324480.94.92.24Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/81.0.4044.129 Safari/55/30/2023 05:42:53 PMEvil 404 .env (AWS vulnerability)
53243159.65.61.103Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.105/30/2023 04:43:24 PMEvil 404 /wp-admin/css/colors/coffee/index.php
53242174.138.187.154Go-http-client/1.15/30/2023 03:35:18 PMTried to access http ip directly.
53241185.224.128.27Mozilla/5.0 zgrab/0.x5/30/2023 03:20:26 PMTried to access http ip directly.
53240185.244.234.216Mozilla/5.0 (Windows NT 10.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/52.0.2743.116 Saf5/30/2023 01:18:21 PMTried to access http ip directly.
53239188.166.94.189Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.105/30/2023 12:14:13 PMEvil 404 /wp-content/themes/seotheme/mar.php
53238172.177.218.172Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:77.0) Gecko/20100101 Firefox/77.05/30/2023 11:57:27 AMEvil 404 .env (AWS vulnerability)
53237192.241.236.66Mozilla/5.0 zgrab/0.x5/30/2023 11:35:15 AMTried to access http ip directly.
5323645.156.129.7Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/60.0.3112.115/30/2023 05:19:51 AMTried to access http ip directly.
5323535.203.211.240Expanse, a Palo Alto Networks company, searches across the global IPv4 space multiple times per day 5/30/2023 01:40:04 AMTried to access http ip directly.
53234205.210.31.110Expanse, a Palo Alto Networks company, searches across the global IPv4 space multiple times per day 5/30/2023 01:20:10 AMTried to access http ip directly.
53233177.185.117.136curl/7.58.05/30/2023 12:36:39 AMTried to access http ip directly.
53232185.41.163.197Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.825/30/2023 12:26:55 AMEvil 404 /wp-content/plugins/mstore-api/assets/js/mstore-in
53231151.246.215.152Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/51.0.2704.103 Safa5/29/2023 10:01:00 PMTried to access http ip directly.
5323045.155.204.17Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:71.0) Gecko/20100101 Firefox/71.05/29/2023 09:05:55 PMEvil 404 /boaform/admin/formLogin
53229159.223.17.143Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.0.0 Sa5/29/2023 07:21:12 PMTried to access http ip directly.
5322845.134.144.212libwww-perl/6.705/29/2023 04:59:19 PMTried to access http ip directly.
53227152.32.135.231Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/49.0.2623.112 Safari/537.5/29/2023 02:35:52 PMTried to access http ip directly.
53226177.131.125.164Mozilla/5.0 (Windows NT 10.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/51.0.2704.103 Saf5/29/2023 02:13:18 PMTried to access http ip directly.
53225107.170.231.15Mozilla/5.0 zgrab/0.x5/29/2023 11:35:02 AMTried to access http ip directly.
53224150.95.110.128Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:96.0) Gecko/20100101 Firefox/965/29/2023 09:47:51 AMEvil 404 /wp-login.php
5322388.99.59.245Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:96.0) Gecko/20100101 Firefox/965/29/2023 09:03:14 AMEvil 404 /wp-login.php
5322285.143.221.122Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.195/29/2023 06:42:27 AMEvil 404 /wp-content/plugins/mstore-api/assets/js/mstore-in
53221171.37.57.39Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/49.0.2623.112 Safari/537.5/29/2023 03:41:57 AMTried to access http ip directly.
53220172.173.187.93Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:77.0) Gecko/20100101 Firefox/77.05/29/2023 01:24:03 AMEvil 404 .env (AWS vulnerability)
53219157.97.105.189Linux Gnu (cow)5/28/2023 11:21:21 PMTried to access http ip directly.
5321835.92.127.243Mozilla/5.0 (Macintosh; Intel Mac OS X 10_11_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/50.0.25/28/2023 10:15:02 PMTried to access http ip directly.
5321743.156.39.167Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/88.0.4240.195/28/2023 09:01:34 PMEvil 404 /wp-includes/wlwmanifest.xml
5321654.234.128.108Mozilla/5.0 (Windows NT 6.2;en-US) AppleWebKit/537.32.36 (KHTML, live Gecko) Chrome/56.0.3070.64 Saf5/28/2023 06:49:23 PMTried to access http ip directly.
53215162.216.150.191Expanse, a Palo Alto Networks company, searches across the global IPv4 space multiple times per day 5/28/2023 06:26:04 PMTried to access http ip directly.
5321450.54.141.13Mozilla/5.0 (Windows NT 6.2) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/28.0.1464.0 Safari/537.365/28/2023 04:39:27 PMEvil 404 /wp-login.php
53213172.171.207.50Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:77.0) Gecko/20100101 Firefox/77.05/28/2023 04:02:52 PMEvil 404 .env (AWS vulnerability)
53212198.235.24.2545/28/2023 10:34:58 AMSomeone tried to connect to port 21
532114.154.33.84Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:77.0) Gecko/20100101 Firefox/77.05/28/2023 08:49:53 AMEvil 404 .env (AWS vulnerability)
5321068.178.201.184Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:96.0) Gecko/20100101 Firefox/965/28/2023 08:42:48 AMEvil 404 /wp-login.php
5320940.77.111.208Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:96.0) Gecko/20100101 Firefox/965/28/2023 08:06:22 AMEvil 404 /wp-login.php
53208192.241.196.43Mozilla/5.0 zgrab/0.x5/28/2023 07:20:39 AMUser Agent Mozilla/5.0 zgrab/0.x
5320737.247.104.30python-requests/2.31.05/28/2023 07:02:14 AMUser Agent python-requests/2.31.0
5320687.236.176.119Mozilla/5.0 (compatible; InternetMeasurement/1.0; +https://internet-measurement.com/)5/28/2023 06:56:32 AMTried to access http ip directly.
53205117.242.117.225Mozilla/5.0 (Windows NT 10.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/51.0.2704.103 Saf5/28/2023 03:37:22 AMTried to access http ip directly.
53204162.216.150.184Expanse, a Palo Alto Networks company, searches across the global IPv4 space multiple times per day 5/28/2023 03:25:09 AMTried to access http ip directly.
5320389.135.190.241Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.0.0 Sa5/28/2023 03:16:10 AMEvil 404 /phpmyadmin3/index.php?lang=en
53202198.235.24.1075/28/2023 01:52:00 AMSomeone tried to connect to port 21