abuseip.org
- Reason
- suspicious paths across 1 domains
- Hits (last hour)
- 78
- Unique targets hit
- 1
- Unique paths probed
- 1,767
- Detection count
- 14
- First seen
- 2026-06-14 18:42:43 UTC
- Last seen
- 2026-06-14 19:41:11 UTC
- Block expires
- 2026-06-15 19:41:20 UTC
Sample paths probed
- /index.action?redirect:http://www.dns.watchtowr-oob.com/
- /telaen/redir.php?https://dns.watchtowr-oob.com
- /remotereporter/load_logfiles.php?server=127.0.0.1&url=https://dns.watchtowr-oob.com/
- /tiki-featured_link.php?type=f&url=https://dns.watchtowr-oob.com
- /redir.php?https://dns.watchtowr-oob.com
- /167.172.5.31.7z
- /vsaPres/Web20/core/LocalProxy.ashx?url=http://dns.watchtowr-oob.com
- /orchard/Users/Account/LogOff?ReturnUrl=%2f%2fhttp://dns.watchtowr-oob.com%3f
- /inc/supportLoad.asp?urlToLoad=http://dns.watchtowr-oob.com
- /go.php?http://dns.watchtowr-oob.com
- /openwin.php?redirurl=http://dns.watchtowr-oob.com
- /167.172.7z
- /cgi-bin/awstats/awredir.pl?url=dns.watchtowr-oob.com
- /CMSPages/GetDocLink.ashx?link=https://dns.watchtowr-oob.com/
- /novius-os/admin/nos/login?redirect=http://dns.watchtowr-oob.com
- /2026.7z
- /red2301.html?RedirectUrl=http://dns.watchtowr-oob.com
- /assets/login?a=https://dns.watchtowr-oob.com
- /awstats/awredir.pl?url=dns.watchtowr-oob.com
- /5.31.7z
Sample User-Agents
- Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/136.0.0.0 Safari/537.36
What does this mean?
This address sent traffic that the redirs.com edge classified as automated abuse โ typically WordPress/PHP exploit scanning, credential file probing (.env, .git, .aws/), or mass-domain enumeration. The block is automatic and time-limited (24 hours from last detection).
If you believe this is a false positive, contact [email protected] with the IP and the timestamps above.