abuseip.org
- Reason
- suspicious paths across 6 domains
- Hits (last hour)
- 163
- Unique targets hit
- 6
- Unique paths probed
- 244
- Detection count
- 16
- First seen
- 2026-05-06 04:00:08 UTC
- Last seen
- 2026-05-06 04:56:14 UTC
- Block expires
- 2026-05-07 05:16:45 UTC
Sample paths probed
- /pma/index.php?pma_servername=d7tbghvuhkbs73dq0fbgryajfsm4zcban.oast.me&pma_username=3DKkJpKBJUgEev5k1uirjBWO8a9&pma_password=3DKkJpKBJUgEev5k1uirjBWO8a9&server=1
- /_phpmyadmin/index.php?pma_servername=d7tbghvuhkbs73dq0fbgnhc1fg41hodqp.oast.me&pma_username=3DKkJpKBJUgEev5k1uirjBWO8a9&pma_password=3DKkJpKBJUgEev5k1uirjBWO8a9&server=1
- /cs/Satellite?pagename=OpenMarket/Xcelerate/Admin/WebReferences
- /pma/index.php?pma_servername=d7tbghvuhkbs73dq0fbgq5ha8a5qmytn3.oast.me&pma_username=3DKkJpKBJUgEev5k1uirjBWO8a9&pma_password=3DKkJpKBJUgEev5k1uirjBWO8a9&server=1
- /masthead/masthead.axfm
- /_phpmyadmin/index.php?pma_servername=d7tbghvuhkbs73dq0fbgsudxkumnmot8y.oast.me&pma_username=3DKkJpKBJUgEev5k1uirjBWO8a9&pma_password=3DKkJpKBJUgEev5k1uirjBWO8a9&server=1
- /phpmyadmin/index.php?pma_servername=d7tbghvuhkbs73dq0fbgqcuxmnmqwsnoz.oast.me&pma_username=3DKkJpKBJUgEev5k1uirjBWO8a9&pma_password=3DKkJpKBJUgEev5k1uirjBWO8a9&server=1
- /login
- /index.php?pma_servername=d7tbghvuhkbs73dq0fbghfwbq73jhy6h1.oast.me&pma_username=3DKkJpKBJUgEev5k1uirjBWO8a9&pma_password=3DKkJpKBJUgEev5k1uirjBWO8a9&server=1
- /phpMyAdmin/index.php?pma_servername=d7tbghvuhkbs73dq0fbgqdzadohoresq9.oast.me&pma_username=3DKkJpKBJUgEev5k1uirjBWO8a9&pma_password=3DKkJpKBJUgEev5k1uirjBWO8a9&server=1
- /wp-admin/admin-ajax.php
- /pma/index.php?pma_servername=d7tbghvuhkbs73dq0fbg5zgyu9tip5gtj.oast.me&pma_username=3DKkJpKBJUgEev5k1uirjBWO8a9&pma_password=3DKkJpKBJUgEev5k1uirjBWO8a9&server=1
- /wp-admin/admin.php?page=EWD-UFAQ-Options&DisplayPage=ImportPosts&Action=EWD_UFAQ_ImportFaqsFromSpreadsheet
- /pmd/index.php?pma_servername=d7tbghvuhkbs73dq0fbga7g611tpt18bs.oast.me&pma_username=3DKkJpKBJUgEev5k1uirjBWO8a9&pma_password=3DKkJpKBJUgEev5k1uirjBWO8a9&server=1
- /phpmyadmin/index.php?pma_servername=d7tbghvuhkbs73dq0fbgmfgzh58k4d6zw.oast.me&pma_username=3DKkJpKBJUgEev5k1uirjBWO8a9&pma_password=3DKkJpKBJUgEev5k1uirjBWO8a9&server=1
- /phpMyAdmin/index.php?pma_servername=d7tbghvuhkbs73dq0fbgkfma9jodi5jfi.oast.me&pma_username=3DKkJpKBJUgEev5k1uirjBWO8a9&pma_password=3DKkJpKBJUgEev5k1uirjBWO8a9&server=1
- /index.php?pma_servername=d7tbghvuhkbs73dq0fbgrmxcbcyt9gtm7.oast.me&pma_username=3DKkJpKBJUgEev5k1uirjBWO8a9&pma_password=3DKkJpKBJUgEev5k1uirjBWO8a9&server=1
- /index.php?pma_servername=d7tbghvuhkbs73dq0fbg4846iiyyxiy1n.oast.me&pma_username=3DKkJpKBJUgEev5k1uirjBWO8a9&pma_password=3DKkJpKBJUgEev5k1uirjBWO8a9&server=1
- /logincheck
- /pmd/index.php?pma_servername=d7tbghvuhkbs73dq0fbguhgjucuca5g4k.oast.me&pma_username=3DKkJpKBJUgEev5k1uirjBWO8a9&pma_password=3DKkJpKBJUgEev5k1uirjBWO8a9&server=1
Sample User-Agents
- Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/143.0.0.0 Safari/537.36
- Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/144.0.0.0 Safari/537.36 OPR/128.0.0.0
- Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/135.0.0.0 Safari/537.36
- Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/143.0.0.0 Safari/537.36
- Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:140.0) Gecko/20100101 Firefox/140.0
- Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
- Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:149.0) Gecko/20100101 Firefox/149.0
- Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:148.0) Gecko/20100101 Firefox/148.0
- Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/145.0.0.0 Safari/537.36 Edg/145.0.0.0
- Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.0.0 Safari/537.36
- Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
- Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.0.0 Safari/537.36
- Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) tikplays/3.3.7 Chrome/122.0.6261.156 Electron/29.4.0 Safari/537.36
- Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/145.0.0.0 Safari/537.36
- Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/144.0.0.0 Safari/537.36 OPR/128.0.0.0
- Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/133.0.0.0 Safari/537.36
- Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:149.0) Gecko/20100101 Firefox/149.0
- Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) obsidian/1.5.12 Chrome/120.0.6099.283 Electron/28.2.3 Safari/537.36
- Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/144.0.0.0 Safari/537.36
- Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/135.0.0.0 Safari/537.36
What does this mean?
This address sent traffic that the redirs.com edge classified as automated abuse โ typically WordPress/PHP exploit scanning, credential file probing (.env, .git, .aws/), or mass-domain enumeration. The block is automatic and time-limited (24 hours from last detection).
If you believe this is a false positive, contact [email protected] with the IP and the timestamps above.