abuseip.org
- Reason
- suspicious paths across 12 domains
- Hits (last hour)
- 576
- Unique targets hit
- 12
- Unique paths probed
- 2,079
- Detection count
- 13
- First seen
- 2026-06-22 06:40:43 UTC
- Last seen
- 2026-06-22 06:45:03 UTC
- Block expires
- 2026-06-23 07:43:13 UTC
Sample paths probed
- /remote.php/dav/files/admin?OC-Expires=991200&OC-Verb=PROPFIND&OC-Credential=admin&OC-Date=2026-06-22T06%3A40%3A47Z&OC-Signature=aa8ab36f4bc8348ff561bd7ff691a5dcd008c2b5661eb9bc9970d41ba459632a
- /remote.php/dav/files/admin?OC-Expires=991200&OC-Verb=PROPFIND&OC-Credential=admin&OC-Date=2026-06-22T06%3A40%3A48Z&OC-Signature=bb743f5b1ee0993e5c3a9b6858cfd3c01441b51bcf4ea6ac266e2359155945c9
- /?wcal_action=checkout_link&user_email=test&validate=oQJRIPDYOGoRSh1OYG0CXJ9NRpwWfQ3kTg+ddgrDv5V24MbcVWuRuSHz5ZOpwz9K8C3BCfFOnBSVREv6xlPi
- /axis2-admin/login
- /footprints/servicedesk/passwordreset/request/
- /remote.php/dav/files/admin?OC-Expires=991200&OC-Verb=PROPFIND&OC-Credential=admin&OC-Date=2026-06-22T06%3A40%3A48Z&OC-Signature=543f8d43dd1d1602085db75b0a4fa06c857927e830e84b04883a74053652d802
- /remote.php/dav/files/admin?OC-Expires=991200&OC-Verb=PROPFIND&OC-Credential=admin&OC-Date=2026-06-22T06%3A40%3A49Z&OC-Signature=de24f6f4264b203bf0b4a0b467f44930e73e0306e1cd2868d81e52daca4bcc5f
- /login
- /?wcal_action=checkout_link&user_email=test&validate=UgGVKu7YOGoKJgWAa/G/dnKwoM5Q3LCI2DZ8CTxQqh6vdyl2eQikmlButoitJmVIK9t7ILBogTmRcAaZ
- /users/auth/saml/callback
- /axis2/axis2-admin/login
- /?wcal_action=checkout_link&user_email=test&validate=QgLnUOzYOGpRLDJIV8mHEYltUZLDXhF9dNmjZ7SVl64VnOZKnxa/wiwPL81aZ36/O8099AM=
- /resetPassword.action
- /
- /?wcal_action=checkout_link&user_email=test&validate=KAO6We7YOGqWoiBqtFSufJ//NvxLaVFNpN78LJErJZG5yd3ygbcp5Q+/cKaOsk8XrFAw6DLNmZXIuR0K
- /?wcal_action=checkout_link&user_email=test&validate=0wM2WO/YOGpgiKKuLoSRqZBoQ8EEpUDYIeKoLlw7zMNAOxCWn+Y67Js12XGdPGIE54Dv21HUPHAU
- /?wcal_action=checkout_link&user_email=test&validate=TQIWoOzYOGpUmJGZQNxCXzp5eUde9OPlVz5XVOfjK21i1Anau3VSO2ColBjBcdRoiCZ3w5ulpXa6diV5PQ==
- /dana-na/auth/url_default/welcome.cgi
- /?wcal_action=checkout_link&user_email=test&validate=7gK/he3YOGozEgGchESVH9kk5NZhX+MzAN3n4Ppv0VCOOVyAYgxsNfQsMfCrNPV+HLfzzxEY
- /?wcal_action=checkout_link&user_email=test&validate=RgOKAuzYOGq7NN6b0dpa1/U9wxyT8u657McdOg/NsTByL5dzAm815LfX8ate0RTaq2I6zl2omuE2YO5OwQw=
Sample User-Agents
- Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/146.0.0.0 Safari/537.36
- Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) obsidian/1.6.5 Chrome/124.0.6367.243 Electron/30.1.2 Safari/537.36
- Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
- Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:128.0) Gecko/20100101 Firefox/128.0
- Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36
- Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/135.0.0.0 Safari/537.36
- Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36
- Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) obsidian/1.8.4 Chrome/130.0.6723.191 Electron/33.3.2 Safari/537.36
- Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.0.0 Safari/537.36
- Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/26.5 Safari/605.1.15
- Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/136.0.0.0 Safari/537.36
- Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
- Mozilla/5.0 (X11; Linux x86_64; rv:128.0) Gecko/20100101 Firefox/128.0
- Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) obsidian/1.6.5 Chrome/124.0.6367.243 Electron/30.1.2 Safari/537.36
- Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/136.0.0.0 Safari/537.36 Edg/136.0.0.0
- Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/18.3.1 Safari/605.1.15
- Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/148.0.0.0 Safari/537.36
- Mozilla/5.0 (X11; Linux x86_64; rv:137.0) Gecko/20100101 Firefox/137.0
- Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36
- Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:138.0) Gecko/20100101 Firefox/138.0
What does this mean?
This address sent traffic that the redirs.com edge classified as automated abuse โ typically WordPress/PHP exploit scanning, credential file probing (.env, .git, .aws/), or mass-domain enumeration. The block is automatic and time-limited (24 hours from last detection).
If you believe this is a false positive, contact [email protected] with the IP and the timestamps above.