Report for IP: 188.68.49.235

Threat LevelHIGH59/1002 rule types across 2 attack categories
11 incidents · 2 rule types · confirmed on global blocklist · active over 5 days · last seen 2d ago
PTR NurembergTor57.quetzalcoatl-relays.org
Org / ASN NETCUP-GMBH
Country 🇩🇪 Germany
City Nuremberg, Bavaria
Timezone Europe/Berlin

Attack Analysis

🇩🇪 Germany · Karlsruhe · 197540 · Netcup GmbH
IDS: Tor Exit Node
This IP is a known Tor network exit node. Tor anonymizes user traffic by routing it through a series of relays; exit nodes are the final hop where traffic re-enters the public internet. While Tor has legitimate privacy uses, it is heavily abused for anonymous attacks, credential stuffing, and fraud — as the real attacker IP is concealed behind the exit node.
WordPress XML-RPC Abuse
This IP targeted xmlrpc.php, a legacy WordPress endpoint that has been abused for brute-force authentication attacks, credential stuffing, and DDoS amplification. Any direct access to xmlrpc.php is an attack or reconnaissance attempt; modern WordPress sites should disable it entirely.

Reports (11)

Date Severity Description
17 Jun 2026 - 18:05 high IDS: Tor exit node — known anonymization network — ET TOR Known Tor Exit Node Traffic group 51
17 Jun 2026 - 18:05 high IDS: Tor exit node — known anonymization network — ET TOR Known Tor Relay/Router (Not Exit) Node Traffic group 52
17 Jun 2026 - 09:43 high IDS: Tor exit node — known anonymization network — ET TOR Known Tor Exit Node Traffic group 51
17 Jun 2026 - 09:43 high IDS: Tor exit node — known anonymization network — ET TOR Known Tor Relay/Router (Not Exit) Node Traffic group 52
16 Jun 2026 - 01:16 high IDS: Tor exit node — known anonymization network — ET TOR Known Tor Exit Node Traffic group 51
16 Jun 2026 - 01:16 high IDS: Tor exit node — known anonymization network — ET TOR Known Tor Relay/Router (Not Exit) Node Traffic group 52
15 Jun 2026 - 20:39 high IDS: Tor exit node — known anonymization network — ET TOR Known Tor Relay/Router (Not Exit) Node Traffic group 52
15 Jun 2026 - 20:39 high Web: xmlrpc.php accessed
15 Jun 2026 - 20:39 high IDS: Tor exit node — known anonymization network — ET TOR Known Tor Exit Node Traffic group 51
12 Jun 2026 - 12:31 high IDS: Tor exit node — known anonymization network — ET TOR Known Tor Exit Node Traffic group 51
12 Jun 2026 - 12:31 high IDS: Tor exit node — known anonymization network — ET TOR Known Tor Relay/Router (Not Exit) Node Traffic group 52
Part of EagleEye Intelligence