abuseip.org

IP 3.249.187.219 is currently blocked by the redirs.com anycast edge.

Reason: suspicious paths across 6 domains
Hits (last hour): 205
Unique targets hit: 6
Unique paths probed: 755
Detection count: 20
First seen: 2026-06-17 07:18:57 UTC
Last seen: 2026-06-17 08:19:24 UTC
Block expires: 2026-06-18 08:19:36 UTC

Sample paths probed

/php-info.php
/phpinfo.php
/api/webdav/chatgpt-next-web/backup.json?endpoint=https://webdav.yandex.com.d8p40trjhc5c738jkdt0hxo5pfnt9h13c.oast.site/
/info.php
/xmlrpc.php
/cache/index.tpl.php
/php_info.php
/.env
/api/webdav/chatgpt-next-web/backup.json?endpoint=https://webdav.yandex.com.d8p40trjhc5c738jkdt07gnpap4gacd1b.oast.site/
/html/usr/share/doc/hostname/copyright%3f
/ajax-api/2.0/mlflow/experiments/create
/mdm/checkin
/bin/cron.php
/adminer.php
/api/webdav/chatgpt-next-web/backup.json?endpoint=https://webdav.yandex.com.d8p40trjhc5c738jkdt0yk1y1rgbfytnq.oast.site/
/api/webdav/chatgpt-next-web/backup.json?endpoint=https://webdav.yandex.com.d8p40trjhc5c738jkdt05gde9h79cf6gg.oast.site/
/api/webdav/chatgpt-next-web/backup.json?endpoint=https://webdav.yandex.com.d8p40trjhc5c738jkdt0tdtj3oaorrr5p.oast.site/
/api/webdav/chatgpt-next-web/backup.json?endpoint=https://webdav.yandex.com.d8p40trjhc5c738jkdt0wp3dd998d9wti.oast.site/
/admin.php
/cpanel.php

Sample User-Agents

Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/135.0.0.0 Safari/537.36 Edg/135.0.0.0
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/146.0.0.0 Safari/537.36
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/136.0.0.0 Safari/537.36 Edg/136.0.0.0
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.0.0 Safari/537.36
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/18.4 Safari/605.1.15
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/148.0.0.0 Safari/537.36
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.124 Safari/537.36
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) obsidian/1.8.10 Chrome/132.0.6834.196 Electron/34.2.0 Safari/537.36
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/132.0.0.0 Safari/537.36 OPR/117.0.0.0
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/136.0.0.0 Safari/537.36 Edg/136.0.0.0
Mozilla/5.0 (X11; Linux x86_64; rv:137.0) Gecko/20100101 Firefox/137.0
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/18.1 Safari/605.1.15
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/148.0.0.0 Safari/537.36 Edg/148.0.0.0

What does this mean?

This address sent traffic that the redirs.com edge classified as automated abuse — typically WordPress/PHP exploit scanning, credential file probing (.env, .git, .aws/), or mass-domain enumeration. The block is automatic and time-limited (24 hours from last detection).

If you believe this is a false positive, contact [email protected] with the IP and the timestamps above.