Substantial Risk
IP 199.195.249.231 is a high-risk address associated with WordPress-targeted attacks, primarily brute-force authentication attempts and unauthorized WP-Cron execution, registered across 20 community sources with 203 total abuse reports filed over a two-month window. The IP's activity frequency rated at 8 out of 10 combined with a threat level of 7 out of 10 indicates persistent, automated scanning behaviour originating from the PONYNET network (ASN AS53667) in the United States, with a confidence score of 53 percent attributing malicious activity to this specific address. Automated honeypot sensors and community reports together documented the address repeatedly hammering web servers, with WordPress login portals and cron job handlers serving as the dominant vectors.
Analysis of the 203 reports filed between January and February 2026 shows a roughly even split across three primary categories: 17 reports each for standard brute-force login attempts and WordPress-specific login brute-force attacks, 16 reports documenting abuse of the WP-Cron scheduling mechanism, and 16 reports flagging distributed denial-of-service activity. The breadth of attack types—spanning authentication guessing, unauthorized scheduled-task execution, and volumetric disruption—suggests this address participates in a coordinated toolkit rather than a single-purpose scanner. The PONYNET ASN, known for hosting diverse cloud infrastructure, provides the network context in which this behaviour was observed, though the address itself may represent compromised hosting rather than intentionally malicious infrastructure.
WordPress brute-force attacks exploit the predictable admin login endpoint by cycling through credential combinations until authentication succeeds, potentially granting attackers full site control, database access, or a pivot point into surrounding infrastructure. Unauthorized WP-Cron execution consumes server resources and can be weaponised to schedule malicious payloads, propagate malware, or probe backend services without triggering standard HTTP request logs. When combined with DDoS capability, this IP poses a multi-vector threat capable of both infiltrating and disrupting targeted WordPress installations simultaneously. The 53 percent confidence score reflects the inherent uncertainty in attributing shared infrastructure activity, but the volume and consistency of reports across independent sources substantially increase confidence in the assessment.
LU 
CH 
CZ 
VN 
JP 
MM 
BW