This particular IP displayed behaviour typical of a ransomware-infected system, encrypting several files.

This IP belongs to Apple.

Initiated a Zero-day attack, exploiting unknown vulnerabilities in our Mail and Postfix services.

It was discovered illicitly scanning the server for potential vulnerabilities.

It attempted to use the FTP server to distribute intrusion detection system (IDS) evasion tools.

High Frequency POST Requests: Numerous or unusual POST requests in a short time span could indicate a dictionary or brute force attack on a login page.

This malicious IP was reported for attempting a Session Hijacking attack, exploiting a valid computer session to gain unauthorized access to information or services.

The IP launched HTTP tunnel attacks, attempting to wrap other protocols in HTTP to bypass network filters.

It actively attempted to employ session-splicing techniques, interacting with multiple SSH sessions simultaneously to smudge its attack trace.

The IP made multiple requests with the same X-UIDH header.

Attempts to access sensitive areas of the server, such as the admin page or user account information.

This IP belongs to Telkom SA.

The IP attempted a race condition attack, aiming to execute unwanted sequences in the server.

The IP attempted to perform Stack Overflow attacks on the Apache server.

Various incidents of unwanted installation of malicious gaming apps were traced back to this IP.

The IP was involved in a Caller ID Spoofing attack, falsifying the caller ID to deceive the receiver or hide the caller's identity.

The IP attempted to register with the VOIP server using an invalid username.

The IP sent malformed Asterisk requests, potentially indicating an attempt to crash the server.

This IP belongs to Softbank.

The malicious IP tried to depreciate the reputation of our mail server by sending out numerous spam mails.

Unusual activity in the server's error logs.

The IP attempted to send emails from the Mail server pretending to be from a different sender.

It detected attempting time-based blind SQL injection, observing the server's response time to extract data.

It made multiple requests with the same X-Forwarded-For header.

The IP was involved in a toll fraud attack, making long-distance calls without authorization, leading to high charges.