abuseip.org
Public registry of IP addresses currently blocked by the redirs.com anycast edge for automated abuse — credential scanning, WordPress/PHP exploit probing, and mass-domain enumeration.
- Blocked IPs
- 2,096
- Total recent hits
- 268,313
- Last refresh
- 2026-05-09 16:21:23 UTC
- Block duration
- 24 hours from last detection
How to look up an IP
Visit https://abuseip.org/ip/<address>. For example: https://abuseip.org/ip/85.203.21.20.
The full list of blocked IPs is in the sitemap.
Bulk export
Machine-readable feeds, regenerated hourly:
/blocklist.txt— one IP per line, suitable for firewalls / fail2ban / ipset/blocklist.json— full structured records (reason, hits, timestamps, sample paths)/blocklist.xml— same data as XML
Customer hostnames are intentionally omitted from all exports.
Recent detections
104.28.235.57— scanning 31 domains (992 hits)34.166.208.127— scanning 24 domains (24 hits)143.244.57.82— scanning 35 domains (385 hits)34.180.91.173— scanning 20 domains (20 hits)82.102.18.222— scanning 40 domains (430 hits)45.148.10.205— suspicious paths across 4 domains (131 hits)52.138.31.126— suspicious paths across 7 domains (128 hits)20.151.0.198— scanning 21 domains (2,235 hits)74.121.34.10— scanning 25 domains (50 hits)160.250.186.220— scanning 28 domains (115 hits)103.59.161.168— suspicious paths across 1 domains (520 hits)20.239.192.136— suspicious paths across 12 domains (325 hits)141.98.11.117— scanning 21 domains (62 hits)95.216.210.177— scanning 20 domains (65 hits)176.65.132.181— scanning 33 domains (64 hits)176.65.148.161— scanning 136 domains (192 hits)143.244.57.88— scanning 30 domains (330 hits)74.91.224.220— scanning 25 domains (70 hits)198.251.71.113— scanning 26 domains (61 hits)34.32.78.252— scanning 19 domains (19 hits)172.70.50.123— suspicious paths across 1 domains (274 hits)146.70.194.228— scanning 28 domains (298 hits)45.148.10.120— scanning 752 domains (756 hits)52.232.35.131— scanning 25 domains (81 hits)94.46.170.157— scanning 21 domains (52 hits)
Removal & contact
Blocks expire automatically 24 hours after the last detected hit. For false-positive reports email [email protected] with the IP and the relevant timestamps.