abuseip.org

Sample paths probed

• /typo3temp/assets/compressed/merged-302fd990b2e2b28f5a405a550ae423be-min.js.gzip?1738840946
• /typo3conf/ext/ndsbase/Resources/Public/Assets/Js/Base/svgLoader.min.js
• /backend/.env
• /%22/typo3conf/ext/ndsbase/Resources/Public/Assets/Js/Base/svgLoader.min.js%22
• /typo3conf/ext/ndsbase/Resources/Public/Assets/Js/Base/lazyimages.min.js
• /typo3temp/assets/compressed/merged-7202d9b66b2dea3fb8e492095ba80728-min.js.gzip?1738840946
• /typo3conf/ext/ndsbase/Resources/Public/Assets/Js/Base/moduleLoader.min.js
• /%22/typo3conf/ext/ndsbase/Resources/Public/Assets/Js/Base/background-focus.min.js%22
• /.env
• /%22/typo3temp/assets/compressed/merged-302fd990b2e2b28f5a405a550ae423be-min.js.gzip?1738840946"
• /
• /%22/typo3conf/ext/ndsbase/Resources/Public/Assets/Js/Base/lazyimages.min.js%22
• /%22/typo3temp/assets/compressed/merged-7202d9b66b2dea3fb8e492095ba80728-min.js.gzip?1738840946"
• /gtm.js
• /.env.backup
• /.env.save
• /typo3conf/ext/ndsbase/Resources/Public/Assets/Js/Base/background-focus.min.js
• /admin/.env
• /%22/typo3conf/ext/ndsbase/Resources/Public/Assets/Js/Base/moduleLoader.min.js%22
• /.env.bak

Sample User-Agents

• Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:133.0) Gecko/20100101 Firefox/133.0
• Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
• Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
• Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36

What does this mean?

This address sent traffic that the redirs.com edge classified as automated abuse — typically WordPress/PHP exploit scanning, credential file probing (.env, .git, .aws/), or mass-domain enumeration. The block is automatic and time-limited (24 hours from last detection).

If you believe this is a false positive, contact [email protected] with the IP and the timestamps above.