abuseip.org
- Reason
- suspicious paths across 1 domains
- Hits (last hour)
- 47
- Unique targets hit
- 1
- Unique paths probed
- 279
- Detection count
- 1
- First seen
- 2026-05-06 12:56:49 UTC
- Last seen
- 2026-05-06 13:23:12 UTC
- Block expires
- 2026-05-07 13:57:46 UTC
Sample paths probed
- /thruk/cgi-bin/login.cgi
- /ueditor/net/controller.ashx?action=catchimage&encode=utf-8
- /lan.html
- /pacs/nocache.php?path=%5c%2e%2e%5c%2e%2e%5c%2e%2e%5c%2e%2e%5c%2e%2e%5c%2e%2e%5cWindows%5cwin.ini
- /tiki-5.2/tiki-edit_wiki_section.php?type=%22%3E%3Cscript%3Ealert(31337)%3C/script%3E
- /index.php?content=../../../../../../../../etc/passwd
- /index.php
- /spre/auth/login
- /cgi-bin/DownloadCfg/RouterCfm.jpg
- /index.php/Home/uploadify/fileList?type=.+&path=../../../
- /search?search_key=%7B%7B1337*1338%7D%7D
- /api/manager/submit?group=1&username=igcvls&password=N9bnAYQYTkkU
- /index.php?page=/etc/passwd
- /config/postProcessing/testNaming?pattern=%3Csvg/onload=alert(document.domain)%3E
- /login/forgetpswd.php?loginsys=1&loginname=%22%3E%3Cscript%3Ealert(document.domain)%3C/script%3E
- /brightmail/servlet/com.ve.kavachart.servlet.ChartStream?sn=../../WEB-INF/
- /installed_emanual_down.html?path=/manual/../../../etc/passwd
- /Solar_Image.php?mode=resize&fname=test%22%3E%3Cscript%3Ealert%28document.domain%29%3C%2Fscript%3E
- /tiki-edit_wiki_section.php?type=%22%3E%3Cscript%3Ealert(31337)%3C/script%3E
- /index.php?page=../../../../../../../../../../etc/passwd
Sample User-Agents
- Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/136.0.0.0 Safari/537.36
What does this mean?
This address sent traffic that the redirs.com edge classified as automated abuse โ typically WordPress/PHP exploit scanning, credential file probing (.env, .git, .aws/), or mass-domain enumeration. The block is automatic and time-limited (24 hours from last detection).
If you believe this is a false positive, contact [email protected] with the IP and the timestamps above.