WordPress wp-login.php brute-force. Active Mar 15 2026. AS51396 Pfcloud UG.
Logged via Apache acces ...
show moreWordPress wp-login.php brute-force. Active Mar 15 2026. AS51396 Pfcloud UG.
Logged via Apache access.log.
show less
WordPress wp-login.php brute-force, 100+ POST requests in ~90 seconds from a
DigitalOcean VPS. Acti ...
show moreWordPress wp-login.php brute-force, 100+ POST requests in ~90 seconds from a
DigitalOcean VPS. Active Feb 26 2026. AS14061 DigitalOcean. Logged via Apache access.log.
show less
WordPress wp-login.php brute-force, ~100 POST requests in 2 minutes.
Active Feb 22 2026. AS34343 BI ...
show moreWordPress wp-login.php brute-force, ~100 POST requests in 2 minutes.
Active Feb 22 2026. AS34343 BIP Backbone. Logged via Apache access.log.
show less
Aggressive WordPress wp-login.php brute-force, ~150 POST requests in under 2 minutes.
Active Feb 24 ...
show moreAggressive WordPress wp-login.php brute-force, ~150 POST requests in under 2 minutes.
Active Feb 24 2026. AS174 Cogent Communications. Logged via Apache access.log.
show less
Suspicious burst of POST /wp-admin/admin-ajax.php (probable plugin vulnerability
exploitation) on a ...
show moreSuspicious burst of POST /wp-admin/admin-ajax.php (probable plugin vulnerability
exploitation) on a compromised WordPress host. Active Mar 30 2026.
AS212238 Datacamp Limited. Part of Balada Injector compromise. Logged via Apache access.log.
show less
WordPress wp-login.php brute-force and user enumeration. Active Mar 5 2026.
AS197170 TechTies. Same ...
show moreWordPress wp-login.php brute-force and user enumeration. Active Mar 5 2026.
AS197170 TechTies. Same operator as 45.153.34.103 (same AS, identical behaviour).
Logged via Apache access.log.
show less
WordPress user enumeration (?author=N) and wp-login.php brute-force.
Active Mar 5-6 2026, hundreds ...
show moreWordPress user enumeration (?author=N) and wp-login.php brute-force.
Active Mar 5-6 2026, hundreds of POST /wp-login.php. AS213438 ColocaTel.
Same /24 and operator as 78.142.18.75 which ran a 17-day brute-force campaign.
Logged via Apache access.log.
show less
Sustained WordPress wp-login.php brute-force over 17 days (Apr 11 - Apr 28 2026),
tens of thousands ...
show moreSustained WordPress wp-login.php brute-force over 17 days (Apr 11 - Apr 28 2026),
tens of thousands of POST /wp-login.php attempts against a single admin account.
User-Agent: 2345Explorer/9.3.2.17331. Logged via Apache access.log.
AS213438 ColocaTel. Same /24 as 78.142.18.40 (same operator).
show less
WordPress wp-login.php brute-force / credential stuffing against Apache vhost.
80+ successful-patte ...
show moreWordPress wp-login.php brute-force / credential stuffing against Apache vhost.
80+ successful-pattern POST /wp-login.php (HTTP 302) in 5 minutes targeting admin account.
First confirmed unauthorized admin access on this host. Part of a Balada Injector
compromise campaign. Logged via Apache access.log. AS150895 EZ TECHNOLOGY (VN).
show less
Brute-Force
By clicking “Accept all”, you agree to the storing of cookies on your device to remember preferences and
analyze site usage.
Read more
- Required to log into your AbuseIPDB account, and store these cookie preferences.