Threat LevelHIGH44/1002 rule types across 2 attack categories
2 incidents on record · multi-vector: web scanning, WP reconnaissance · active over 4 days · last seen 2d ago
| PTR | vps-5035096.elevareodontologia.com.br |
| Org / ASN | Unified Layer |
| Country | US |
Attack Analysis
Reconnaissance Behind Browser Disguise
This IP generated repeated HTTP 4xx errors (404/403) while spoofing a legitimate browser User-Agent (Chrome, Firefox). Real browsers do not repeatedly trigger 4xx errors in rapid succession — this is an automated scanner disguised as human traffic to evade bot detection.
WordPress XML-RPC Abuse
This IP targeted xmlrpc.php, a legacy WordPress endpoint that has been abused for brute-force authentication attacks, credential stuffing, and DDoS amplification. Any direct access to xmlrpc.php is an attack or reconnaissance attempt; modern WordPress sites should disable it entirely.
Reports (2)
| Date | Severity | Description |
|---|---|---|
| 30 May 2026 - 22:07 | high | Rule 100308: Web: xmlrpc.php accessed |
| 26 May 2026 - 19:08 | high | Rule 100305: Web: 4xx error with browser-like UA |