abuseip.org

Sample paths probed

• /lomjgjxfzvvpqkap
• /index.php/wp-json/wp/v2/posts/
• //_vti_inf.html
• /nmaplowercheck1778606244
• /?q=/user/login
• /?-d+allow_url_include%3d1+-d+auto_prepend_file%3dphp://input
• /index.php
• /messagebroker/http
• //cmdownloads/?CMDsearch=%22.base64_decode%28%22aHZuY3RxeHpjcmtnenls%22%29.%22
• /admin/views/ajax/autocomplete/user/a
• /?=PHPE9568F36-D428-11d2-A769-00AA001ACF42
• /
• /cgi-bin/authLogin.cgi
• /sdk/../../../../../..//etc/vmware/hostd/vmInventory.xml
• /robots.txt
• /mzubokvuqhju
• /index.php?option=com_fields&view=fields&layout=modal&list[fullordering]=updatexml(1,concat(1,user()),1)
• /CFIDE/administrator/enter.cfm?locale=..\..\..\..\..\..\..\..\ColdFusion8\lib\password.properties%00en
• /IPHTTPS
• /wp-login.php

Sample User-Agents

• Snoopy
• URI::Fetch
• AnyConnect Darwin_i386 3.1.05160
• Mozilla/5.0 (X11; Linux i686) AppleWebKit/537.17 (KHTML, like Gecko) Chrome/24.0.1312.57 Safari/537.17
• Mozilla/5.0 (compatible; Nmap Scripting Engine; https://nmap.org/book/nse.html)
• HTTP::Lite
• PHPCrawl
• Wget/1.13.4 (linux-gnu)
• MFC_Tear_Sample
• http client
• Zend_Http_Client
• PHP/
• Python-urllib/2.5
• lwp-trivial
• PECL::HTTP
• Mozilla/5.0 (compatible; MSIE 10.6; Windows NT 6.1; Trident/5.0; InfoPath.2; SLCC1;.NET CLR 3.0.4506.2152; .NET CLR 3.5.30729; .NET CLR 2.0.50727) 3gpp-gba UNTRUSTED/1.0
• libcurl-agent/1.0
• libwww
• GT::WWW

What does this mean?

This address sent traffic that the redirs.com edge classified as automated abuse — typically WordPress/PHP exploit scanning, credential file probing (.env, .git, .aws/), or mass-domain enumeration. The block is automatic and time-limited (24 hours from last detection).

If you believe this is a false positive, contact [email protected] with the IP and the timestamps above.