abuseip.org
- Reason
- scanning 10 domains
- Hits (last hour)
- 12
- Unique targets hit
- 15
- Unique paths probed
- 6
- Detection count
- 7
- First seen
- 2026-06-10 20:18:40 UTC
- Last seen
- 2026-06-10 21:52:27 UTC
- Block expires
- 2026-06-11 21:57:47 UTC
Sample paths probed
- /.aws/credentials
- /wp-admin/install.php
- /
- /.cursor/mcp.json
- /.env.bak
- /EatWisconsinCheese/media/content/hero images/hero-cheese.png
Sample User-Agents
- http://ctlog.dev/wp-admin/install.php?step=1
- Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.0.0 Safari/537.36
- Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/135.0.0.0 Safari/537.36
- http://36nu.cn/wp-admin/install.php?step=1
- http://ct-logs.dev/wp-admin/install.php?step=1
- XenForo/2.x (https://www.urban75.net/forums)
- http://borntodairy.com/wp-admin/install.php?step=1
- http://redirects.pizza/wp-admin/install.php?step=1
- http://wedgesoflove.com/wp-admin/install.php?step=1
- http://pjusqroup.com/wp-admin/install.php?step=1
- http://allegory.lol/wp-admin/install.php?step=1
- http://dagni.nl/wp-admin/install.php?step=1
- http://hdautormationus.com/wp-admin/install.php?step=1
- http://wicheese.com/wp-admin/install.php?step=1
- Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.117 Safari/537.36 FastmailUA/1.0
- Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/135.0.0.0 Safari/537.36
- Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:137.0) Gecko/20100101 Firefox/137.0
What does this mean?
This address sent traffic that the redirs.com edge classified as automated abuse โ typically WordPress/PHP exploit scanning, credential file probing (.env, .git, .aws/), or mass-domain enumeration. The block is automatic and time-limited (24 hours from last detection).
If you believe this is a false positive, contact [email protected] with the IP and the timestamps above.