abuseip.org
- Reason
- suspicious paths across 1 domains
- Hits (last hour)
- 76
- Unique targets hit
- 1
- Unique paths probed
- 233
- Detection count
- 11
- First seen
- 2026-05-04 01:16:43 UTC
- Last seen
- 2026-05-04 01:23:31 UTC
- Block expires
- 2026-05-05 02:15:33 UTC
Sample paths probed
- /1337_DATA/alfacgiapi/perl.alfa
- /wp-content/plugins/dzs-zoomsounds/alfacgiapi/perl.alfa
- /css/alfacgiapi/perl.alfa
- /wp-admin/includes/alfacgiapi/perl.alfa
- /images/ALFA_DATA/alfacgiapi/perl.alfa
- /wp-admin/js/alfacgiapi/perl.alfa
- /wp-content/plugins/contact-form-7/alfacgiapi/perl.alfa
- /ALFA_DATA/alfacgiapi/perl.alfa
- /wp-content/plugins/wp-file-manager/alfacgiapi/perl.alfa
- /tmp/alfacgiapi/perl.alfa
- /uploads/alfacgiapi/perl.alfa
- /wp-content/uploads/alfacgiapi/perl.alfa
- /assets/ALFA_DATA/alfacgiapi/perl.alfa
- /upload/alfacgiapi/perl.alfa
- /ALONE-FOR-LIFE/alfacgiapi/perl.alfa
- /SEOBARBAR_DATA/alfacgiapi/perl.alfa
- /img/alfacgiapi/perl.alfa
- /public_html/alfacgiapi/perl.alfa
- /files/ALFA_DATA/alfacgiapi/perl.alfa
- /inc/alfacgiapi/perl.alfa
Sample User-Agents
- Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/115.0
- Mozilla/5.0 (compatible; Googlebot/2.1; +http://www.google.com/bot.html)
- Wget/1.21.2
- Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.0.0 Safari/537.36
- Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.0.0 Safari/537.36
- curl/7.81.0
- Mozilla/5.0 (compatible; Bingbot/2.0; +http://www.bing.com/bingbot.htm)
- Mozilla/5.0 (iPhone; CPU iPhone OS 14_7_1 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/14.1.2 Mobile/15E148 Safari/604.1
- python-requests/2.28.1
- Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.0.0 Safari/537.36
- Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.124 Safari/537.36
- curl/7.68.0
What does this mean?
This address sent traffic that the redirs.com edge classified as automated abuse โ typically WordPress/PHP exploit scanning, credential file probing (.env, .git, .aws/), or mass-domain enumeration. The block is automatic and time-limited (24 hours from last detection).
If you believe this is a false positive, contact [email protected] with the IP and the timestamps above.