Threat LevelHIGH49/1002 rule types across 2 attack categories
5 incidents on record · 2 rule types · confirmed on global blocklist · active over 3 days · last seen 3d ago
| PTR | tor-exit-004.stormycloud.org |
| Org / ASN | StormyCloud Inc |
| Country | 🇺🇸 United States |
| City | Austin, Texas |
| Timezone | America/Chicago |
Attack Analysis
IDS: Tor Exit Node
This IP is a known Tor network exit node. Tor anonymizes user traffic by routing it through a series of relays; exit nodes are the final hop where traffic re-enters the public internet. While Tor has legitimate privacy uses, it is heavily abused for anonymous attacks, credential stuffing, and fraud — as the real attacker IP is concealed behind the exit node.
WordPress XML-RPC Abuse
This IP targeted xmlrpc.php, a legacy WordPress endpoint that has been abused for brute-force authentication attacks, credential stuffing, and DDoS amplification. Any direct access to xmlrpc.php is an attack or reconnaissance attempt; modern WordPress sites should disable it entirely.
Reports (5)
| Date | Severity | Description |
|---|---|---|
| 16 Jun 2026 - 17:56 | high | IDS: Tor exit node — known anonymization network — ET TOR Known Tor Relay/Router (Not Exit) Node Traffic group 73 |
| 16 Jun 2026 - 17:56 | high | Web: xmlrpc.php accessed |
| 16 Jun 2026 - 17:56 | high | IDS: Tor exit node — known anonymization network — ET TOR Known Tor Exit Node Traffic group 73 |
| 14 Jun 2026 - 05:15 | high | IDS: Tor exit node — known anonymization network — ET TOR Known Tor Relay/Router (Not Exit) Node Traffic group 73 |
| 14 Jun 2026 - 05:15 | high | IDS: Tor exit node — known anonymization network — ET TOR Known Tor Exit Node Traffic group 73 |
EagleEye Intelligence