abuseip.org
- Reason
- suspicious paths across 1 domains
- Hits (last hour)
- 105
- Unique targets hit
- 1
- Unique paths probed
- 702
- Detection count
- 12
- First seen
- 2026-05-02 05:47:00 UTC
- Last seen
- 2026-05-02 06:47:19 UTC
- Block expires
- 2026-05-03 06:47:39 UTC
Sample paths probed
- /members/?uwp_sort_by=display_name,(SELECT+SLEEP(6))_asc
- /internal/v2/config/mps_secret/ADM_SESSIONID
- /user/login
- /open_file
- /all-users/?uwp_sort_by=display_name,(SELECT+SLEEP(6))_asc
- /logo/3D9ekxjkD3xiRlriyxuw1KOZNsP.txt
- /wp-content/plugins/wc-multivendor-marketplace/readme.txt
- /wp-admin/admin-ajax.php
- /cgi-bin/logo_extra_upload.cgi
- /users/?uwp_sort_by=display_name,(SELECT+SLEEP(6))_asc
- /user-list/?uwp_sort_by=display_name,(SELECT+SLEEP(6))_asc
- /
- /php/server/util.php
- /chat/completions
- /asispanel/
- /?rest_route=/pvc/v1/increase/1&post_ids=0)%20union%20select%20md5(999999999),null,null%20--%20g
- /member-directory/?uwp_sort_by=display_name,(SELECT+SLEEP(6))_asc
- /directory/?uwp_sort_by=display_name,(SELECT+SLEEP(6))_asc
- /-/media/doo-doo.ashx
- /api/open_file
Sample User-Agents
- Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/14.1.2 Safari/605.1.15
- Mozilla/5.0 (Macintosh; Intel Mac OS X 10_8_2) AppleWebKit/536.26.17 (KHTML, like Gecko) Version/6.0.2 Safari/536.26.17
- Mozilla/5.0 (ZZ; Linux x86_64; rv:135.0) Gecko/20100101 Firefox/135.0
- Mozilla/5.0 (CentOS; Linux x86_64; rv:121.0) Gecko/20100101 Firefox/121.0
- Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
- Mozilla/5.0 (Knoppix; Linux x86_64; rv:120.0) Gecko/20100101 Firefox/120.0
- Mozilla/5.0 (X11; Linux i686; rv:120.0) Gecko/20100101 Firefox/120.0
- Mozilla/5.0 (Macintosh, Intel Mac OS X 10_15_7) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/17.4.1 Safari/605.1.15
- Mozilla/5.0 (Knoppix; Linux i686; rv:124.0) Gecko/20100101 Firefox/124.0
- Mozilla/5.0 (Knoppix; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.0.0 Safari/537.36
- Mozilla/5.0 (Kubuntu; Linux x86_64; rv:132.0) Gecko/20100101 Firefox/132.0
- Mozilla/5.0 (X11; Linux i686; rv:123.0) Gecko/20100101 Firefox/123.0
- Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/85.0.4183.127 Safari/537.36
- Mozilla/5.0 (Ubuntu; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.0.0 Safari/537.36
- Mozilla/5.0 (Mac OS X 13_2) AppleWebKit/537.36 (KHTML, like Gecko) Safari/128.0 Safari/537.36
- Mozilla/5.0 (Macintosh; Intel Mac OS X 10_10) AppleWebKit/537.16 (KHTML, like Gecko) Version/8.0 Safari/537.16
- Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:128.0) Gecko/20100101 Firefox/128.0
- Mozilla/5.0 (Macintosh; Intel Mac OS X 10_16) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/14.0.3 Safari/605.1.15
- Mozilla/5.0 (ZZ; Linux i686; rv:134.0) Gecko/20100101 Firefox/134.0
- Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/17.0 Safari/605.1.1
What does this mean?
This address sent traffic that the redirs.com edge classified as automated abuse โ typically WordPress/PHP exploit scanning, credential file probing (.env, .git, .aws/), or mass-domain enumeration. The block is automatic and time-limited (24 hours from last detection).
If you believe this is a false positive, contact [email protected] with the IP and the timestamps above.