abuseip.org

IP 34.250.228.111 is currently blocked by the redirs.com anycast edge.

Reason: suspicious paths across 14 domains
Hits (last hour): 235
Unique targets hit: 14
Unique paths probed: 749
Detection count: 12
First seen: 2026-05-11 05:54:25 UTC
Last seen: 2026-05-11 06:50:18 UTC
Block expires: 2026-05-12 07:06:10 UTC

Sample paths probed

/?kumtygsm=%3Cscript%3Ealert%28%22XSS%22%29%3B%3C%2Fscript%3E&zmvjwmch=UNION+SELECT+ALL+FROM+information_schema+AND+%22+or+SLEEP%285%29+or+%22&jjrsfxnd=..%2F..%2Fetc%2Fpasswd
/?axuzpgeo=%3Cscript%3Ealert%28%22XSS%22%29%3B%3C%2Fscript%3E&ewybncyt=UNION+SELECT+ALL+FROM+information_schema+AND+%22+or+SLEEP%285%29+or+%22&fapieqtc=..%2F..%2Fetc%2Fpasswd
/?gncccuoi=%3Cscript%3Ealert%28%22XSS%22%29%3B%3C%2Fscript%3E
/?twrbpeaw=%3Cscript%3Ealert%28%22XSS%22%29%3B%3C%2Fscript%3E
/?laszuezm=%3Cscript%3Ealert%28%22XSS%22%29%3B%3C%2Fscript%3E&yxyfpnka=UNION+SELECT+ALL+FROM+information_schema+AND+%22+or+SLEEP%285%29+or+%22&lyyaglss=..%2F..%2Fetc%2Fpasswd
/?nzjghhgo=%3Cscript%3Ealert%28%22XSS%22%29%3B%3C%2Fscript%3E
/?kequfoal=UNION+SELECT+ALL+FROM+information_schema+AND+%22+or+SLEEP%285%29+or+%22
/?rqjkmjgr=%3Cscript%3Ealert%28%22XSS%22%29%3B%3C%2Fscript%3E&aoptdwby=UNION+SELECT+ALL+FROM+information_schema+AND+%22+or+SLEEP%285%29+or+%22&yeorhyna=..%2F..%2Fetc%2Fpasswd
/?udwcndyx=%3Cscript%3Ealert%28%22XSS%22%29%3B%3C%2Fscript%3E
/?owlysjoq=%3Cscript%3Ealert%28%22XSS%22%29%3B%3C%2Fscript%3E
/?pqveqrsy=UNION+SELECT+ALL+FROM+information_schema+AND+%22+or+SLEEP%285%29+or+%22
/
/?ntvvsvqo=%3Cscript%3Ealert%28%22XSS%22%29%3B%3C%2Fscript%3E&qzjlafzw=UNION+SELECT+ALL+FROM+information_schema+AND+%22+or+SLEEP%285%29+or+%22&qltiwqoq=..%2F..%2Fetc%2Fpasswd
/?orubdzvv=%3Cscript%3Ealert%28%22XSS%22%29%3B%3C%2Fscript%3E
/?mkglykwc=%3Cscript%3Ealert%28%22XSS%22%29%3B%3C%2Fscript%3E
/?whflceba=UNION+SELECT+ALL+FROM+information_schema+AND+%22+or+SLEEP%285%29+or+%22
/?itjmpvwf=%3Cscript%3Ealert%28%22XSS%22%29%3B%3C%2Fscript%3E
/?lhjjcvvq=%3Cscript%3Ealert%28%22XSS%22%29%3B%3C%2Fscript%3E&ncviwera=UNION+SELECT+ALL+FROM+information_schema+AND+%22+or+SLEEP%285%29+or+%22&twoeykvq=..%2F..%2Fetc%2Fpasswd
/?ifcvzwrq=%3Cscript%3Ealert%28%22XSS%22%29%3B%3C%2Fscript%3E&lywdmqej=UNION+SELECT+ALL+FROM+information_schema+AND+%22+or+SLEEP%285%29+or+%22&cjqgczmm=..%2F..%2Fetc%2Fpasswd
/?rlejrxfe=%3Cscript%3Ealert%28%22XSS%22%29%3B%3C%2Fscript%3E&ziahqvwy=UNION+SELECT+ALL+FROM+information_schema+AND+%22+or+SLEEP%285%29+or+%22&scbuqqpv=..%2F..%2Fetc%2Fpasswd

Sample User-Agents

Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/145.0.0.0 Safari/537.36 OPR/129.0.0.0
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/146.0.0.0 Safari/537.36
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.0.0 Safari/537.36
python-requests/2.33.1
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/138.0.0.0 Safari/537.36
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/147.0.0.0 Safari/537.36 Edg/147.0.0.0
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.0.0 Safari/537.36
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/145.0.0.0 Safari/537.36 OPR/129.0.0.0
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/145.0.0.0 Safari/537.36
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/144.0.0.0 YaBrowser/26.3.0.0 Safari/537.36
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/140.0.0.0 Safari/537.36
Mozilla/5.0 (X11; CrOS x86_64 14541.0.0) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/146.0.0.0 Safari/537.36
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.0.0 Safari/537.36
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36
Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:130.0) Gecko/20100101 Firefox/130.0
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/26.2 Safari/605.1.15
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/26.4 Safari/605.1.15
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/144.0.0.0 Safari/537.36

What does this mean?

This address sent traffic that the redirs.com edge classified as automated abuse — typically WordPress/PHP exploit scanning, credential file probing (.env, .git, .aws/), or mass-domain enumeration. The block is automatic and time-limited (24 hours from last detection).

If you believe this is a false positive, contact [email protected] with the IP and the timestamps above.