abuseip.org
- Reason
- suspicious paths across 1 domains
- Hits (last hour)
- 114
- Unique targets hit
- 2
- Unique paths probed
- 2,146
- Detection count
- 16
- First seen
- 2026-07-08 03:20:00 UTC
- Last seen
- 2026-07-08 03:51:32 UTC
- Block expires
- 2026-07-09 04:19:59 UTC
Sample paths probed
- /opencms/cmisatom/cmis-online/query
- /api/sys/login
- /index.php
- /CFIDE/wizards/common/utils.cfc?method=wizardHash%20inPassword=bar%20_cfclient=true
- /ad-list-search?keyword&keyword&lat&lat&long&long&location&category
- /cgi-bin/vitogate.cgi
- /modules/ndk_steppingpack/search-result.php
- /api/2.0/preview/mlflow/experiments/list
- /rest/xxxxxxxxxxxxxxx/xxxxxxx?executeAsync
- /models?url=http%3a//d96qpdf2ep4c7te6qvu0kzjiwxtqfm4xw.dns.wt-oob-server.com
- /api/Image/withpath/C:%5CWindows%5Cwin.ini
- /api/sys/set_passwd
- /api/server/version
- /cmisatom/cmis-online/query
- /index.php?controller=pjAdminOrders%26action%3dpjActionGetNewOrder%26column%3d(SELECT+(CASE+WHEN+(4213%3d4213)+THEN+0x63726561746564+ELSE+(SELECT+7877+UNION+SELECT+7153)+END))%26direction%3dASC%26page%3d1%26rowCount%3d50%26q%3d%e2%80%99%e2%80%99%26type%3d
- /app/rest/users/id:1/tokens/RPC2
- /api/users
- /lang/log/httpd.log
- /app/sys1.php
- /downloader.php?file=../../../../../../../../../../etc/passwd%00.jpg
Sample User-Agents
- Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/136.0.0.0 Safari/537.36
- Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:89.0) Gecko/20100101 Firefox/89.0
What does this mean?
This address sent traffic that the redirs.com edge classified as automated abuse โ typically WordPress/PHP exploit scanning, credential file probing (.env, .git, .aws/), or mass-domain enumeration. The block is automatic and time-limited (24 hours from last detection).
If you believe this is a false positive, contact [email protected] with the IP and the timestamps above.