Notable Threat
IP 45.88.138.44 is a high-risk address operating from Ukraine that poses a significant threat to WordPress-based web infrastructure, with 193 abuse reports and a threat level of 8/10. The IP, routed through AS213737 (Ayosoft Ltd), demonstrates a persistent, high-frequency attack campaign that peaked during the March–June 2026 reporting window. Its activity pattern reflects a sophisticated, automated WordPress-targeting operation rather than opportunistic scanning.
Detection data from 16 automated honeypot sensors and 4 community reports confirms this IP's aggressive WordPress reconnaissance and exploitation activity. Fail2ban sensor logs document over 50 violations per rule trigger on wordpress-escalation filters, alongside repeated xml-rpc and wp-config access attempts. The honeypot evidence also captured path traversal probes, configuration file access attempts against .env files, and user enumeration scans. With 21 brute-force-related reports (WP Login, WP Admin, and XML-RPC variants), combined with web application attacks, plugin and version scanning, and attempted backdoor installations, the campaign reflects a coordinated, multi-stage WordPress compromise methodology.
The dominant WordPress brute-force activity represents a concrete credential-guessing threat to any exposed wp-login.php, wp-admin, and xmlrpc.php endpoints. When combined with wp-config exposure attempts and plugin vulnerability probing, this IP is not merely scanning but actively attempting to establish unauthorised access and potentially deploy malicious payloads. The presence of phishing and redirect-hijacking reports further indicates potential post-compromise abuse intentions targeting site visitors rather than just server control.
Site operators running WordPress should treat this IP as hostile and implement immediate defensive controls: block or rate-limit access to authentication endpoints and XML-RPC, enforce strong password policies with multi-factor authentication, and deploy fail2ban or equivalent rules to automatically ban repeated WordPress attack patterns. Regular plugin and core updates, restricting access to sensitive configuration files, and monitoring for user enumeration probes will reduce the attack surface. Periodic review of access logs for requests matching this IP's known patterns (path scanning, config access, brute-force signatures) is strongly advised.
LK 
BG 
AU 
LT 
JP 
VN