abuseip.org
- Reason
- suspicious paths across 2 domains
- Hits (last hour)
- 84
- Unique targets hit
- 2
- Unique paths probed
- 151
- Detection count
- 6
- First seen
- 2026-06-13 05:46:04 UTC
- Last seen
- 2026-06-13 06:07:33 UTC
- Block expires
- 2026-06-14 06:45:28 UTC
Sample paths probed
- /api/.env.production
- /api/.env.local
- /app/.env.old
- /.env.old
- /dashboard/.env
- /frontend/.env.staging
- /.env.development
- /internal/.env.production
- /env
- /server/.env.local
- /backend/.env.production
- /admin/.env.backup
- /.env.backup.txt
- /web/.env
- /api/.env.backup
- /.env.sample
- /.env.uat
- /portal/.env
- /api/.env
- /api/.env.bak
Sample User-Agents
- Mozilla/4.8 [en] (Windows NT 5.1; U)
- Opera/9.25 (Windows NT 6.0; U; en)
- Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/72.0.3626.122 Safari/537.36
- Mozilla/5.0 (X11; U; Linux; i686; en-US; rv:1.6) Gecko Galeon/1.3.14
- Mozilla/5.0 (Linux; Android 6.0.1; SM-N915T) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/75.0.3770.143 Mobile Safari/537.36
- Mozilla/5.0 (Windows NT 10.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/73.0.3683.86 Safari/537.36
- Mozilla/5.0 (Linux; Android 9; SAMSUNG SM-G965F Build/PPR1.180610.011) AppleWebKit/537.36 (KHTML, like Gecko) SamsungBrowser/9.4 Chrome/67.0.3396.87 Mobile Safari/537.36
- Mozilla/5.0 (iPhone; CPU iPhone OS 12_1 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/12.0 Mobile/15E148 Safari/604.1
- Mozilla/5.0 (compatible; Konqueror/3.3; Linux 2.6.8-gentoo-r3; X11;
- Mozilla/5.0 (Linux; Android 9; Mi MIX 2S) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/76.0.3809.111 Mobile Safari/537.36
- Opera/9.80 (Windows NT 6.1; U; en) Presto/2.7.62 Version/11.01
- Mozilla/5.0 (Linux; Android 8.0.0; SAMSUNG-SM-G930A) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/76.0.3809.111 Mobile Safari/537.36
- Mozilla/5.0 (Linux; Android 9; SM-G950U1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/76.0.3809.111 Mobile Safari/537.36
- DoCoMo/2.0 SH901iC(c100;TB;W24H12)
- Opera/9.20 (Macintosh; Intel Mac OS X; U; en)
- Mozilla/5.0 (PLAYSTATION 3; 1.10)
- Mozilla/5.0 (Linux; Android 8.1.0; vivo 1807) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/71.0.3578.99 Mobile Safari/537.36
- Mozilla/1.22 (compatible; MSIE 5.01; PalmOS 3.0) EudoraWeb 2.1
- Mozilla/5.0 (Windows NT 6.1; WOW64; rv:7.0.1) Gecko/20100101 Firefox/7.0.1
- Mozilla/5.0 (Linux; Android 9; SM-A600G) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/76.0.3809.111 Mobile Safari/537.36
What does this mean?
This address sent traffic that the redirs.com edge classified as automated abuse โ typically WordPress/PHP exploit scanning, credential file probing (.env, .git, .aws/), or mass-domain enumeration. The block is automatic and time-limited (24 hours from last detection).
If you believe this is a false positive, contact [email protected] with the IP and the timestamps above.