abuseip.org
- Reason
- suspicious paths across 1 domains
- Hits (last hour)
- 891
- Unique targets hit
- 1
- Unique paths probed
- 71
- Detection count
- 14
- First seen
- 2026-06-18 13:43:53 UTC
- Last seen
- 2026-06-18 13:48:49 UTC
- Block expires
- 2026-06-19 14:44:07 UTC
Sample paths probed
- /wp-content/uploads/ai-engine/mconfig.php
- /wp-content/uploads/mconfig.php
- /wp-content/uploads/2026/mconfig.php
- /wp-content/uploads/masterstudy/mconfig.php
- /wp-content/uploads/2026/06/mconfig.php
- /wp-content/plugins/wp-pagenavi/mconfig.php
- /wp-json/wp/v2/media
- /mconfig.php
- /wp-content/uploads/backuply/mconfig.php
- /wp-content/uploads/metform/mconfig.php
- /wp-content/uploads/smart-slider/mconfig.php
- /wp-content/uploads/mwai/mconfig.php
- /wp-content/uploads/wp_dndcf7_uploads/mconfig.php
- /wp-content/uploads/instawp/mconfig.php
- /wp-content/uploads/updraft/mconfig.php
- /wp-content/uploads/give/mconfig.php
- /wp-content/uploads/everest-forms/mconfig.php
- /wp-content/mconfig.php
- /wp-content/uploads/simple-file-list/mconfig.php
- /wp-content/uploads/layerslider/mconfig.php
Sample User-Agents
- Mozilla/5.0 (X11; Ubuntu; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36
- Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.130 Safari/537.36
- Mozilla/5.0 (Windows NT 10.0; Win64; x64) Gecko/20100101 Firefox/119.0.1
- Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36
- Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.88 Safari/537.36
- Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15) Gecko/20100101 Firefox/122.0
- Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.130 Safari/537.36
- Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.57 Safari/537.36
- Mozilla/5.0 (Windows NT 10.0; Win64; x64) Gecko/20100101 Firefox/118.0.2
- Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.88 Safari/537.36
- Mozilla/5.0 (Macintosh; Intel Mac OS X 13_6_2) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.130 Safari/537.36
- Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15) Gecko/20100101 Firefox/120.0.1
- Mozilla/5.0 (Windows NT 11.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.88 Safari/537.36
- Mozilla/5.0 (X11; Linux x86_64) Gecko/20100101 Firefox/120.0.1
- Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.130 Safari/537.36
- Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15) Gecko/20100101 Firefox/118.0.2
- Mozilla/5.0 (X11; Linux x86_64) Gecko/20100101 Firefox/122.0
- Mozilla/5.0 (Windows NT 11.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.130 Safari/537.36
- Mozilla/5.0 (Windows NT 10.0; Win64; x64) Gecko/20100101 Firefox/120.0.1
- Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15) Gecko/20100101 Firefox/119.0.1
What does this mean?
This address sent traffic that the redirs.com edge classified as automated abuse โ typically WordPress/PHP exploit scanning, credential file probing (.env, .git, .aws/), or mass-domain enumeration. The block is automatic and time-limited (24 hours from last detection).
If you believe this is a false positive, contact [email protected] with the IP and the timestamps above.