Substantial Risk
IP 195.178.110.109, allocated to Techoff Srv Limited in Bulgaria (AS48090), is a high-risk threat actor with a threat level of 8/10, presenting a multifaceted risk profile dominated by WordPress credential attacks, scanning activity, and distributed denial-of-service indicators. The address generated 296 total abuse reports with an activity frequency rated 8/10, indicating sustained and aggressive hostile behavior over approximately five months from October 2025 through February 2026. The confidence score of 77% reflects credible, multi-source attribution across automated honeypot sensors and community reporting channels.
Detection data confirms this IP conducted WordPress-focused exploitation at scale, with 11 reports each for login brute-force attempts and admin interface brute-force attacks, alongside 7 incidents of unauthorized WordPress cron execution and 7 config file scanning detections. Additional reports document CPU exhaustion attempts, resource exhaustion behavior, general hacking activity, DDoS indicators, and port scanning. Automated honeypot sensors contributed 12 distinct detection events while community sources filed 8 additional reports, validating the hostile intent through independent observation. The attack patterns consistently employed standard desktop user-agent strings and targeted common WordPress installation structures, suggesting automated exploitation toolkits rather than manual probing.
WordPress credential attacks pose direct account-compromise risks, enabling threat actors to install malicious plugins, exfiltrate database content, or establish persistent backdoor access. Config file scanning attempts indicate reconnaissance for exposed database credentials or authentication secrets stored in configuration files. CPU and resource exhaustion techniques aim to degrade server performance or trigger instability, while DDoS indicators suggest the IP has been utilized in traffic-based attack campaigns against external infrastructure. Combined, these techniques enable both targeted website compromise and participation in broader volumetric attack operations.
Site operators running WordPress should immediately block or heavily rate-limit traffic from this address at the firewall or network edge. Implementing authentication hardening measures such as two-factor authentication, login attempt throttling, and non-standard admin URL paths significantly reduces brute-force success probability. Deploying tools such as fail2ban or equivalent intrusion prevention systems can automatically detect and block the observed attack patterns. Continuous traffic monitoring and log analysis will help identify any follow-up activity or related scanning from adjacent address ranges within AS48090.
FR 
MA 
GB 
UA