Notable Threat
IP 74.91.224.220 is a high-risk address linked to sustained brute-force attacks, WordPress targeting, and credential stuffing activity originating from Oracle Corporation's network in Singapore, with 469 abuse reports and a threat level of 8/10 since April 2026.
The IP has generated significant alarm across 20 distinct detection sources including automated honeypot sensors and community reports between April and June 2026. The dominant threat categories include general hacking activity accounting for 15 recent reports, alongside coordinated brute-force attempts (8 reports), WordPress login brute-force campaigns (7 reports), and user enumeration probes targeting WordPress installations (3 reports). Additional concerning signals include DDoS participation indicators (8 reports), port scanning, web application attacks, and plugin exploitation attempts. The abstract attack-pattern data confirms systematic targeting of WordPress environments through authentication endpoint probing, REST API enumeration, sitemap-based reconnaissance, and server-side request forgery attempts, alongside credential submission patterns consistent with automated credential stuffing toolkits.
The sustained, multi-vector approach observed from this address suggests an automated bot or organized scanning infrastructure rather than opportunistic manual probing. WordPress remains one of the most widely deployed content management systems globally, making it a high-value target for attackers seeking to establish footholds, harvest user data, or deploy additional payloads. The combination of brute-force authentication attempts against login portals, enumeration of valid usernames via API endpoints, and vulnerability probing creates a layered exploitation pathway that could compromise poorly secured WordPress instances without requiring sophisticated zero-day exploits. The presence of DDoS indicators further suggests this infrastructure may participate in coordinated volumetric attack campaigns.
Site operators should implement immediate defensive measures: enforce multi-factor authentication on all administrative accounts, deploy rate-limiting rules or tools such as fail2ban to automatically block repeated authentication failures, and configure web application firewalls to detect and mitigate WordPress-specific attack signatures including REST API enumeration and credential stuffing submissions. Regularly audit exposed WordPress installations for outdated plugins and themes, restrict access to administrative endpoints where possible, and monitor access logs for the reconnaissance patterns associated with this address. Organizations experiencing sustained attention from this IP should consider blocking it at the network perimeter while maintaining enhanced logging to identify any successful compromise attempts.
ES 
AE 
JP 
LK 
BG 
AU 
LT 
VN 
FR