abuseip.org

Sample paths probed

• /static/css//../../../../../../../../etc/passwd
• /direct/polling/CommandsPolling.php
• /dolphinscheduler/actuator/env
• /keymanager-operations/dcr/register/
• /reviewInput.php?pid=1
• /pub/bscw.cgi/30?op=theme&style_name=../../../../../../../../etc/passwd
• /services/Version
• /admin/cert_download.php?file=pqpqpqpq.txt&certfile=cert_download.php
• /cs/career/getSurvey.jsp?fn=../../../../../../../../../../../../../../../../../../../../../../../../../../../../../../../../../../../../../../../../../../../../../../../../../etc/passwd
• /opensis/ajax.php?modname=misc/../../../../../../../../../../../../../etc/passwd&bypass=Transcripts.php
• //netcore_get.cgi
• /css_parser.php?css=css_parser.php
• /ajax.php?modname=misc/../../../../../../../../../../../../../etc/passwd&bypass=Transcripts.php
• /pacsone/nocache.php?path=..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2fetc%2f.%2fzpx%2f..%2fpasswd
• /client/cdnfile/C/etc/passwd?linux
• /client/cdnfile/1C/Windows/win.ini?windows
• /keymanager-operations/dcr/register
• /carbon/server-admin/memory_info.jsp;.jar
• /admin/cert_download.php?file=pqpqpqpq.txt&certfile=../../../../../../../../etc/passwd
• /h/rest?javax.servlet.include.servlet_path=/WEB-INF/web.xml

Sample User-Agents

• Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/136.0.0.0 Safari/537.36
• Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:89.0) Gecko/20100101 Firefox/89.0

What does this mean?

This address sent traffic that the redirs.com edge classified as automated abuse — typically WordPress/PHP exploit scanning, credential file probing (.env, .git, .aws/), or mass-domain enumeration. The block is automatic and time-limited (24 hours from last detection).

If you believe this is a false positive, contact [email protected] with the IP and the timestamps above.