abuseip.org

IP 64.89.161.29 is currently blocked by the redirs.com anycast edge.

Reason: suspicious paths across 2 domains
Hits (last hour): 84
Unique targets hit: 2
Unique paths probed: 256
Detection count: 12
First seen: 2026-05-30 11:01:18 UTC
Last seen: 2026-05-30 11:04:22 UTC
Block expires: 2026-05-31 11:58:49 UTC

Sample paths probed

/.aws/credentials
/.cargo/credentials.toml
/.aws/config
/.docker/config.json
/.dbeaver/credentials-config.json
/.azure/accessTokens.json
/.chef/config.rb
/.config/gcloud/credentials.db
/_ignition/execute-solution
/.cache/huggingface/token
/.config/filezilla/recentservers.xml
/.config/gcloud/configurations/config_default
/.azure/azureProfile.json
/.cargo/credentials
/.config/gcloud/application_default_credentials.json
/.config/filezilla/filezilla.xml
/.composer-auth.json
/.aws/credentials.gpg
/.config/gcloud/access_tokens.db
/.boto

Sample User-Agents

Mozilla/5.0 (Windows NT 10.1; WOW64; en-US) AppleWebKit/602.36 (KHTML, like Gecko) Chrome/53.0.1663.290 Safari/534
Mozilla/5.0 (Windows; U; Windows NT 10.0; x64) AppleWebKit/535.21 (KHTML, like Gecko) Chrome/54.0.2459.171 Safari/537
Mozilla/5.0 (Windows; Windows NT 6.0; WOW64) AppleWebKit/534.48 (KHTML, like Gecko) Chrome/54.0.2054.148 Safari/537
Mozilla/5.0 (U; Linux x86_64; en-US) AppleWebKit/535.31 (KHTML, like Gecko) Chrome/51.0.2037.156 Safari/535
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_2_1) AppleWebKit/534.46 (KHTML, like Gecko) Chrome/47.0.1949.133 Safari/537
Mozilla/5.0 (Macintosh; Intel Mac OS X 9_5_5) AppleWebKit/536.29 (KHTML, like Gecko) Chrome/54.0.1080.126 Safari/535
Mozilla/5.0 (U; Linux i661 x86_64) AppleWebKit/600.10 (KHTML, like Gecko) Chrome/48.0.1807.124 Safari/602
Mozilla/5.0 (Linux x86_64; en-US) AppleWebKit/536.36 (KHTML, like Gecko) Chrome/52.0.3977.383 Safari/535
Mozilla/5.0 (Linux x86_64; en-US) AppleWebKit/533.13 (KHTML, like Gecko) Chrome/55.0.2825.180 Safari/600
Mozilla/5.0 (Windows NT 10.2; WOW64; en-US) AppleWebKit/603.48 (KHTML, like Gecko) Chrome/51.0.3811.357 Safari/533
Mozilla/5.0 (Linux; Linux x86_64) AppleWebKit/536.17 (KHTML, like Gecko) Chrome/55.0.3781.330 Safari/602
Mozilla/5.0 (Macintosh; U; Intel Mac OS X 9_8_2; en-US) AppleWebKit/602.30 (KHTML, like Gecko) Chrome/52.0.3001.358 Safari/536
Mozilla/5.0 (Macintosh; Intel Mac OS X 7_2_5; en-US) AppleWebKit/534.7 (KHTML, like Gecko) Chrome/47.0.1351.139 Safari/536
Mozilla/5.0 (Linux i684 ) AppleWebKit/537.4 (KHTML, like Gecko) Chrome/55.0.3817.298 Safari/535
Mozilla/5.0 (Linux; U; Linux x86_64; en-US) AppleWebKit/534.50 (KHTML, like Gecko) Chrome/50.0.1994.249 Safari/602
Mozilla/5.0 (Windows; U; Windows NT 6.3;; en-US) AppleWebKit/537.42 (KHTML, like Gecko) Chrome/54.0.2282.269 Safari/601
Mozilla/5.0 (Linux; U; Linux i553 ) AppleWebKit/602.18 (KHTML, like Gecko) Chrome/51.0.1860.156 Safari/601
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_7_6; en-US) AppleWebKit/600.2 (KHTML, like Gecko) Chrome/49.0.2982.254 Safari/537
Mozilla/5.0 (Windows; Windows NT 6.0; Win64; x64) AppleWebKit/601.1 (KHTML, like Gecko) Chrome/53.0.2618.268 Safari/534
Mozilla/5.0 (Macintosh; U; Intel Mac OS X 10_12_5) AppleWebKit/600.39 (KHTML, like Gecko) Chrome/48.0.2114.149 Safari/533

What does this mean?

This address sent traffic that the redirs.com edge classified as automated abuse — typically WordPress/PHP exploit scanning, credential file probing (.env, .git, .aws/), or mass-domain enumeration. The block is automatic and time-limited (24 hours from last detection).

If you believe this is a false positive, contact [email protected] with the IP and the timestamps above.