abuseip.org

Sample paths probed

• /rest/ofs/deleteUserRequestInfoByXml
• /defaultroot/download_old.jsp?path=..&name=x&FileName=WEB-INF/web.xml
• /mobile/plugin/CheckServer.jsp?type=mobileSetting
• /eam/vib?id=C:\ProgramData\VMware\vCenterServer\cfg\vmware-vpx\vcdb.properties
• /defaultroot/iWebOfficeSign/OfficeServer.jsp/../../public/iSignatureHTML.jsp/DocumentEdit.jsp?DocumentID=1';WAITFOR%20DELAY%20'0:0:7'--
• /file/fileNoLogin/%7B%7Bidname%7D%7D
• /weaver/org.springframework.web.servlet.ResourceServlet?resource=/WEB-INF/web.xml
• /eam/vib?id=C:\Documents+and+Settings\All+Users\Application+Data\VMware\VMware+VirtualCenter\vcdb.properties
• /wxjsapi/saveYZJFile?fileName=test&downloadUrl=file:///C:/&fileExt=txt
• /weaver/ln.FileDownload?fpath=../ecology/WEB-INF/web.xml
• /defaultroot/DownloadServlet?modeType=0&key=x&path=..&FileName=WEB-INF/classes/fc.properties&name=x&encrypt=x&cd&downloadAll=2
• /eam/vib?id=C:\ProgramData\VMware\VMware+VirtualCenter\vcdb.properties
• /eam/vib?id=/etc/passwd
• /defaultroot/iWebOfficeSign/OfficeServer.jsp/../../TeleConferenceService
• /E-mobile/App/Ajax/ajax.php?action=mobile_upload_save
• /page/exportImport/uploadOperation.jsp
• /defaultroot/download_ftp.jsp?path=/../WEB-INF/&name=aaa&FileName=web.xml
• /mobile/plugin/VerifyQuickLogin.jsp
• /cpt/manage/validate.jsp?sourcestring=validateNum
• /page/exportImport/fileTransfer/poc.jsp

Sample User-Agents

• Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/136.0.0.0 Safari/537.36
• Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:89.0) Gecko/20100101 Firefox/89.0

What does this mean?

This address sent traffic that the redirs.com edge classified as automated abuse — typically WordPress/PHP exploit scanning, credential file probing (.env, .git, .aws/), or mass-domain enumeration. The block is automatic and time-limited (24 hours from last detection).

If you believe this is a false positive, contact [email protected] with the IP and the timestamps above.