This malicious IP was reported for attempting a Zero-day exploit, exploiting a software vulnerability before it's known or fixed by the vendor.

Our logs indicated an unusually high traffic volume originating from this IP address.

This IP belongs to Berkshire Hathaway.

Good

Signs of Clickjacking: You might observe layered multiple HTTP requests aiming to trick users into unintended interactions.

The IP attempted a race condition attack, aiming to execute unwanted sequences in the server.

The IP attempted to perform Cross-Site Scripting (XSS) attacks through the Apache server.

Path Traversal / URI Encoding Attacks: You might notice HTTP GET requests that include ".." or "%2e%2e" or "%252e%252e", indicating a path traversal attack.

This IP was found responsible for a session hijacking attempt on our network.

GET /cgi-bin/test.cgi: Could indicate the threat actor is trying to exploit older, less secure scripting interfaces.

Unusually high number of requests to the login page.

GET /server-status: Often an attempt to check Apache server status.

The IP attempted to perform HTTP Request Smuggling attacks on the Apache server.

This malicious IP was reported for attempting a FTP Bounce attack, exploiting the FTP protocol's proxy command to scan ports and networks.

The IP attempted to login to the Postfix server with an invalid username.

The IP attempted to perform a password spraying attack on the SSH server.

This IP belongs to Baidu.

The IP attempted to perform ARP Spoofing attacks on the Apache server.

Tried to carry out a rainbow table attack, attempting to crack hashed passwords.

This IP belongs to Apple.

It appears that this IP was initiating DNSChanger malware attacks on our network.

The IP attempted to perform a DNS amplification attack on the SSH server.

It attempted to login to the IMAP server with an invalid password.

It attempted to use the FTP server to distribute identity theft tools.

This IP belongs to Tech Data.