๐ซ๐ท
tecnicorioja
2026-07-01 22:01:28
(50 minutes ago)
wp-login attack [01/Jul/2026:06:37:21
Brute-Force
Web App Attack
๐ซ๐ท
SpaceHost-Server
2026-07-01 21:55:11
(57 minutes ago)
138.68.158.60 - - [01/Jul/2026:23:54:00 +0200] "POST /wp-login.php HTTP/1.1" 200 18033 "https://weib ...
show more
138.68.158.60 - - [01/Jul/2026:23:54:00 +0200] "POST /wp-login.php HTTP/1.1" 200 18033 "https://weiber.wp-knowhow.de/wp-login.php" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/18.3 Safari/605.1.15"
138.68.158.60 - - [01/Jul/2026:23:54:16 +0200] "POST /wp-login.php HTTP/1.1" 200 20728 "https://finsimple.de/wp-login.php" "Mozilla/5.0 (Windows NT 10.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/133.0.0.0 Safari/537.36"
138.68.158.60 - - [01/Jul/2026:23:55:09 +0200] "POST /wp-login.php HTTP/1.1" 200 15699 "https://urs-wittemann.de/wp-login.php" "Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:133.0) Gecko/20100101 Firefox/133.0"
show less
Hacking
Web App Attack
๐จ๐ญ
Origon
2026-07-01 19:05:14
(3 hours ago)
recidive - IP: 138.68.158.60 - 2026-07-01 11:23:58,938 fail2ban.actions [1829761]: NOTICE [plesk-wo ...
show more
recidive - IP: 138.68.158.60 - 2026-07-01 11:23:58,938 fail2ban.actions [1829761]: NOTICE [plesk-wordpress] Ban 138.68.158.60 2026-07-01 18:20:42,049 fail2ban.actions [1829761]: NOTICE [plesk-wordpress] Ban 138.68.158.60 2026-07-01 21:05:14,747 fail2ban.actions [1829761]: NOTICE [plesk-wordpress] Ban 138.68.158.60
show less
Web App Attack
๐ฉ๐ช
Marc
2026-07-01 18:42:44
(4 hours ago)
138.68.158.60 - - [01/Jul/2026:17:05:30 +0200] "POST /wp-login.php HTTP/2.0" 200 3370 "https://www.h ...
show more
138.68.158.60 - - [01/Jul/2026:17:05:30 +0200] "POST /wp-login.php HTTP/2.0" 200 3370 "https://www.heckmann-elektro.de/wp-login.php" "Mozilla/5.0 (Macintosh; Intel Mac OS X 11_7_10) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/133.0.0.0 Safari/537.36" 138.68.158.60 - - [01/Jul/2026:19:54:19 +0200] "GET /wp-login.php HTTP/2.0" 200 3455 "https://als-arnsberg.de/wp-login.php" "Mozilla/5.0 (Windows NT 10.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/133.0.0.0 Safari/537.36" 138.68.158.60 - - [01/Jul/2026:19:54:20 +0200] "GET /wp-login.php HTTP/2.0" 200 3151 "https://als-arnsberg.de/wp-login.php" "Mozilla/5.0 (Windows NT 10.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/133.0.0.0 Safari/537.36" 138.68.158.60 - - [01/Jul/2026:20:42:42 +0200] "GET /wp-login.php HTTP/2.0" 200 3470 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:133.0) Gecko/20100101 Firefox/133.0" 138.68.158.60 - - [01/Jul/2026:20:42:42 +0200] "POST /wp-login.php HTTP/2.0" 403 10691 "https://kurse.tortenatelier-schwanbeck.de/wp-
show less
Brute-Force
Web App Attack
๐บ๐ธ
ambor
2026-07-01 17:54:14
(4 hours ago)
L0ss Honeypot: WordPress login access attempt. Path: /wp-login.php
Brute-Force
Web App Attack
๐บ๐ธ
TPI-Abuse
2026-07-01 16:47:09
(6 hours ago)
(mod_security) mod_security (id:225170) triggered by 138.68.158.60 (dev.acw.website): 1 in the last ...
show more
(mod_security) mod_security (id:225170) triggered by 138.68.158.60 (dev.acw.website): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Wed Jul 01 12:47:03.429585 2026] [security2:error] [pid 18014:tid 18014] [client 138.68.158.60:56832] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||www.babylontravelone.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] [hostname "www.babylontravelone.com"] [uri "/wp-json/wp/v2/users/me"] [unique_id "akVEhy8G4gVLQ_TKoOTPigAAAA4"]
show less
Brute-Force
Bad Web Bot
Web App Attack
๐ฉ๐ช
4server
2026-07-01 16:17:15
(6 hours ago)
[WedJul0118:17:11.9286142026][security2:error][pid1753896:tid1753958][client138.68.158.60:0]ModSecur ...
show more
[WedJul0118:17:11.9286142026][security2:error][pid1753896:tid1753958][client138.68.158.60:0]ModSecurity:Accessdeniedwithcode403\(phase2\).OperatorGEmatched5atTX:anomaly_score.[file\"/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf\"][line\"94\"][id\"949110\"][msg\"InboundAnomalyScoreExceeded\(TotalScore:5\)\"][severity\"CRITICAL\"][ver\"OWASP_CRS/3.3.9\"][tag\"application-multi\"][tag\"language-multi\"][tag\"platform-multi\"][tag\"attack-generic\"][hostname\"ecosuber.com\"][uri\"/wp-login.php\"][unique_id\"akU9hwIojrll0IG_p1CEtgAAAFU\"]\,referer:https://ecosuber.com/wp-login.php
show less
Port Scan
Brute-Force
Web App Attack
๐ซ๐ท
Yepngo
2026-07-01 14:33:47
(8 hours ago)
138.68.158.60 - - [01/Jul/2026:16:33:46 +0200] "POST /wp-login.php HTTP/2.0" 200 11371 "https://dev. ...
show more
138.68.158.60 - - [01/Jul/2026:16:33:46 +0200] "POST /wp-login.php HTTP/2.0" 200 11371 "https://dev.yepngo.com/wp-login.php" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/133.0.0.0 Safari/537.36"
...
show less
Brute-Force
Web App Attack
๐ฉ๐ช
tentwentyfour
2026-07-01 14:30:35
(8 hours ago)
Blocked for brute-forcing WordPress log-in
Brute-Force
Web App Attack
๐ซ๐ท
ingroscart.it
2026-07-01 14:22:37
(8 hours ago)
(PERMBLOCK) 138.68.158.60 (GB/United Kingdom/England/Slough/dev.acw.website/[redacted]) has had more ...
show more
(PERMBLOCK) 138.68.158.60 (GB/United Kingdom/England/Slough/dev.acw.website/[redacted]) has had more than 4 temp blocks
show less
Hacking
๐ฆ๐บ
FireGuard Server
2026-07-01 14:10:09
(8 hours ago)
Blocked by os-abuseipdb; 8 hits, proto=tcp, ports=443
Port Scan
Hacking
Anonymous
2026-07-01 14:05:00
(8 hours ago)
WordPress Brute Force
Brute-Force
๐ฉ๐ช
FeG Deutschland
2026-07-01 13:49:40
(9 hours ago)
Looking for CMS/PHP/SQL vulnerablilities/excessive crawling - 12457
Exploited Host
Web App Attack
๐บ๐ธ
integrantservices.com
2026-07-01 12:32:58
(10 hours ago)
(PERMBLOCK) 138.68.158.60 (GB/United Kingdom/dev.acw.website) has had more than 4 temp blocks
Hacking
Anonymous
2026-07-01 11:19:56
(11 hours ago)
Web attack blocked by Wordfence on vestingstadvalkenburg.nl (1 hit). Reported by CRMON.
Web App Attack