Elevated Risk
IP 72.167.150.128 is a high-risk address assessed at 8/10 threat level with 429 total abuse reports, exhibiting a clear pattern of automated credential attacks and exploitation attempts against web-facing authentication systems.
Analysis of the 429 reports filed between January and May 2026 reveals a sustained, high-frequency campaign originating from this GoDaddy-operated US IP address across AS398101. Automated honeypot sensors and community reports converged on three dominant threat vectors: general hacking and intrusion attempts (14 reports), traditional brute-force authentication attacks (12 reports), and WordPress-specific login brute-force attempts (11 reports), alongside a smaller cluster of distributed denial-of-service activity (5 reports). The detection footprint spans both honeypot infrastructure and real-world community networks, indicating the IP has been observed attacking production systems across diverse targets. Fail2ban logs referenced in community submissions document multiple WordPress attack waves, including instances where a single target accumulated over 60 violations within the escalation jail, and the recidive jail flagged repeat offenders demonstrating persistence across multiple defensive blocks.
Brute-force and credential-stuffing activity of this volume represents a systematic attempt to compromise authentication on web portals and content management systems by cycling through common username-password combinations against exposed login endpoints. The WordPress-specific attacks observed target the ubiquitous wp-login.php interface, which remains one of the most frequently scanned and attacked URLs on the internet due to its prevalence across millions of websites. When successful, such attacks grant adversaries initial access that can enable data exfiltration, further lateral movement, or deployment of secondary payloads. The concurrent DDoS activity suggests this IP may participate in coordinated attack infrastructure capable of both credential compromise and service disruption.
Site operators with publicly accessible login pages or content management systems should implement immediate mitigations: enforce multi-factor authentication on all administrative accounts to eliminate the value of compromised passwords; apply strict rate-limiting rules at the firewall or load-balancer level to throttle repeated authentication attempts from any single source; configure fail2ban or equivalent host-based intrusion prevention to automatically ban IPs demonstrating brute-force patterns; and ensure all web applications, particularly WordPress instances and their associated plugins, receive timely security patches on a defined schedule independent of release cadence.
LK 
BG 
AU 
LT 
JP 
VN 
FR