Elevated Risk
IP 185.177.72.49 is a high-risk French address associated with WordPress credential-guessing campaigns and web application probing, with 519 abuse reports filed across automated honeypot sensors over a five-month window. The threat level of 8/10 reflects a persistent, multi-vector attacker operating from infrastructure owned by Bucklog SARL (AS211590), whose activity is dominated by brute-force attempts against WordPress login and administrative interfaces alongside broader web application exploitation attempts.
The volume of reports from 20 distinct honeypot sources indicates that this address is not a fleeting or opportunistic scanner but rather part of an organized, sustained campaign targeting web-facing services. Detected attack patterns include repeated attempts to access WordPress configuration files, probing of Drupal administrative endpoints, and HTTP protocol anomalies consistent with automated tooling designed to evade basic detection. While the nominal activity frequency is rated low (2/10), the sheer number of independent reports across diverse sensor types demonstrates that this IP repeatedly probes multiple targets rather than concentrating on a single victim. The May 2026 last-reported date places this activity squarely within recent observation windows.
WordPress credential-guessing attacks remain one of the most prevalent initial-access vectors on the internet because compromised admin accounts provide attackers with code-execution capabilities and backdoor deployment options. The combination of login-form brute-forcing, administrative interface targeting, and config-file probing suggests an adversary seeking to establish persistent web-shell access rather than merely disrupt services. IoT targeting noted in the reports indicates this actor may also diversify toward embedded-device vulnerabilities when web-application surfaces are hardened.
Organizations running WordPress or similar CMS platforms should immediately ensure that administrative interfaces are not directly internet-accessible, implementing VPN or IP allowlist controls where remote access is required. Deploying rate-limiting mechanisms such as fail2ban on SSH and web-authentication endpoints substantially raises the cost of brute-force campaigns against this class of threat. Enforcing strong, unique passwords alongside two-factor authentication on all administrative accounts eliminates the attacker's primary vector. Regular patch management for WordPress core, plugins, and associated web frameworks closes the exploitation pathways revealed by the probing activity documented against this address.
RO 
GB 
CO 
JP 
LV 
KR 
TH 
PL 
SE