I noticed once on some servers with WordPress sites a large number of calls to the file xmlrpc.php and wp-login.php