Imagine this; ~40% of public websites run wordpress. (based on some AI-gen summary, even if fewer it is still an important percentage).

So you might be spinning up a new instance with 40% probability. It makes sense in mass vulnerability explotation and detection to aim for highest success rate first.

Especially when the IPv4 space is so easy to scan nowadays. And you have services like Shodan that do just that daily.