abuseip.org

IP 108.130.29.69 is currently blocked by the redirs.com anycast edge.

Reason: scanning 12 domains
Hits (last hour): 107
Unique targets hit: 12
Unique paths probed: 51
Detection count: 7
First seen: 2026-06-08 05:53:56 UTC
Last seen: 2026-06-08 06:08:06 UTC
Block expires: 2026-06-09 06:42:17 UTC

Sample paths probed

/?nulnjfel=%3Cscript%3Ealert%28%22XSS%22%29%3B%3C%2Fscript%3E&bzezebmh=UNION+SELECT+ALL+FROM+information_schema+AND+%22+or+SLEEP%285%29+or+%22&wuxxjiac=..%2F..%2Fetc%2Fpasswd
/?bouougzx=%3Cscript%3Ealert%28%22XSS%22%29%3B%3C%2Fscript%3E
/?yntbcbhx=%3Cscript%3Ealert%28%22XSS%22%29%3B%3C%2Fscript%3E
/?ymbjbfym=UNION+SELECT+ALL+FROM+information_schema+AND+%22+or+SLEEP%285%29+or+%22
/?hiyhzhfk=%3Cscript%3Ealert%28%22XSS%22%29%3B%3C%2Fscript%3E&cktbhudt=UNION+SELECT+ALL+FROM+information_schema+AND+%22+or+SLEEP%285%29+or+%22&tufyzkjf=..%2F..%2Fetc%2Fpasswd
/?nssrayav=UNION+SELECT+ALL+FROM+information_schema+AND+%22+or+SLEEP%285%29+or+%22
/?vgrqfosy=%3Cscript%3Ealert%28%22XSS%22%29%3B%3C%2Fscript%3E&cptiqlse=UNION+SELECT+ALL+FROM+information_schema+AND+%22+or+SLEEP%285%29+or+%22&llognaha=..%2F..%2Fetc%2Fpasswd
/?neaodkfw=%3Cscript%3Ealert%28%22XSS%22%29%3B%3C%2Fscript%3E&ehmrcyqa=UNION+SELECT+ALL+FROM+information_schema+AND+%22+or+SLEEP%285%29+or+%22&ogjyffyg=..%2F..%2Fetc%2Fpasswd
/?afnaybrp=%3Cscript%3Ealert%28%22XSS%22%29%3B%3C%2Fscript%3E
/?vxrdzxsg=%3Cscript%3Ealert%28%22XSS%22%29%3B%3C%2Fscript%3E
/?wdfgecwf=%3Cscript%3Ealert%28%22XSS%22%29%3B%3C%2Fscript%3E
/?xdqiozwj=%3Cscript%3Ealert%28%22XSS%22%29%3B%3C%2Fscript%3E&tjxyytof=UNION+SELECT+ALL+FROM+information_schema+AND+%22+or+SLEEP%285%29+or+%22&mcjekmvl=..%2F..%2Fetc%2Fpasswd
/?nfrnakua=UNION+SELECT+ALL+FROM+information_schema+AND+%22+or+SLEEP%285%29+or+%22
/?xxubcmte=%3Cscript%3Ealert%28%22XSS%22%29%3B%3C%2Fscript%3E&jyzozeia=UNION+SELECT+ALL+FROM+information_schema+AND+%22+or+SLEEP%285%29+or+%22&jmzgdvnp=..%2F..%2Fetc%2Fpasswd
/
/?boeiywtx=%3Cscript%3Ealert%28%22XSS%22%29%3B%3C%2Fscript%3E
/?yunpsbog=UNION+SELECT+ALL+FROM+information_schema+AND+%22+or+SLEEP%285%29+or+%22
/?vqshqvzv=UNION+SELECT+ALL+FROM+information_schema+AND+%22+or+SLEEP%285%29+or+%22
/?ifgmypme=%3Cscript%3Ealert%28%22XSS%22%29%3B%3C%2Fscript%3E&pllotowc=UNION+SELECT+ALL+FROM+information_schema+AND+%22+or+SLEEP%285%29+or+%22&ghxqnpvt=..%2F..%2Fetc%2Fpasswd
/?qddzgibt=%3Cscript%3Ealert%28%22XSS%22%29%3B%3C%2Fscript%3E

Sample User-Agents

Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/145.0.0.0 Safari/537.36 OPR/129.0.0.0
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/135.0.0.0 Safari/537.36
python-requests/2.34.2
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.0.0 Safari/537.36
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/147.0.0.0 Safari/537.36 Edg/147.0.0.0
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/146.0.0.0 Safari/537.36
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.0.0 Safari/537.36
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/133.0.0.0 Safari/537.36
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/139.0.0.0 Safari/537.36
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36
Mozilla/5.0 (X11; Linux x86_64; rv:149.0) Gecko/20100101 Firefox/149.0
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/132.0.0.0 Safari/537.36
Mozilla/5.0 (X11; CrOS x86_64 14541.0.0) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/146.0.0.0 Safari/537.36
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.0.0 Safari/537.36
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/145.0.0.0 Safari/537.36
Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:130.0) Gecko/20100101 Firefox/130.0
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/139.0.0.0 Safari/537.36
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.132 Safari/537.36

What does this mean?

This address sent traffic that the redirs.com edge classified as automated abuse — typically WordPress/PHP exploit scanning, credential file probing (.env, .git, .aws/), or mass-domain enumeration. The block is automatic and time-limited (24 hours from last detection).

If you believe this is a false positive, contact [email protected] with the IP and the timestamps above.