Http Thinkphp Invokefunction Call User Func Array Md5

HTTP query string targeting s=/index/\think\app/invokefunction with parameters function=call_user_func_array and vars[0]=md5 and vars[1][]=Hello. Represents a direct ThinkPHP invokefunction invocation attempt leveraging call_user_func_array to execute the md5 function with attacker-supplied arguments, commonly used as a proof-of-execution marker in remote code execution probes.

Observed IPs

1,310

Avg Confidence

85%

Protocol

HTTP

Top IPs by event count

IP Address	Risk	Events	Sessions	Country	ASN	Last Seen
82.165.66.87	100%	6,328	655	🇩🇪 DE	AS8560	2026-04-09
154.221.23.136	96%	3,776	3,746	🇸🇨 SC	AS142403	2026-04-06
101.36.104.242	100%	3,566	505	🇯🇵 JP	AS135377	2026-04-17
165.154.227.13	100%	2,993	196	🇹🇼 TW	AS142002	2026-02-25
61.245.11.87	100%	2,720	500	🇵🇭 PH	AS19970	2026-03-30
180.76.172.156	100%	2,658	1,013	🇨🇳 CN	AS38365	2026-04-17
103.40.61.98	100%	2,560	519	🇮🇳 IN	AS133700	2026-04-17
114.220.75.156	100%	2,420	989	🇨🇳 CN	AS4134	2026-04-17
128.199.103.139	100%	2,181	280	🇸🇬 SG	AS14061	2026-04-17
34.60.107.64	100%	2,151	151	🇺🇸 US	AS396982	2026-02-21
178.17.58.122	96%	2,037	1,995	🇩🇪 DE	AS215540	2026-02-18
217.154.69.208	100%	1,759	269	🇩🇪 DE	AS8560	2026-04-09
159.65.119.52	100%	1,724	336	🇩🇪 DE	AS14061	2026-03-17
47.85.49.48	99%	1,664	325	🇺🇸 US	AS45102	2026-02-26
103.232.121.71	100%	1,634	102	🇻🇳 VN	AS56150	2026-02-22
68.183.234.194	100%	1,578	610	🇺🇸 US	AS14061	2026-04-17
185.91.69.217	100%	1,565	727	🇬🇧 GB	AS201579	2026-04-09
101.36.107.228	100%	1,551	192	🇭🇰 HK	AS135377	2026-03-22
181.176.14.90	100%	1,508	190	🇵🇪 PE	AS262210	2026-04-06
222.89.169.98	100%	1,426	329	🇨🇳 CN	AS4134	2026-04-16