Good

The IP attempted to perform Cross-Site Scripting (XSS) attacks through the Apache server.

Path Traversal / URI Encoding Attacks: You might notice HTTP GET requests that include ".." or "%2e%2e" or "%252e%252e", indicating a path traversal attack.

This IP was found responsible for a session hijacking attempt on our network.

GET /cgi-bin/test.cgi: Could indicate the threat actor is trying to exploit older, less secure scripting interfaces.

Unusually high number of requests to the login page.

GET /server-status: Often an attempt to check Apache server status.

This malicious IP was reported for attempting a FTP Bounce attack, exploiting the FTP protocol's proxy command to scan ports and networks.

The IP attempted to login to the Postfix server with an invalid username.

This IP belongs to Baidu.

The IP attempted to perform ARP Spoofing attacks on the Apache server.

Tried to carry out a rainbow table attack, attempting to crack hashed passwords.

It appears that this IP was initiating DNSChanger malware attacks on our network.

The IP attempted to perform a DNS amplification attack on the SSH server.

It attempted to login to the IMAP server with an invalid password.

It attempted to use the FTP server to distribute identity theft tools.

This IP belongs to Tech Data.

It attempted to send emails from the Mail server to email addresses that have previously marked emails from the server as spam.

The IP address generated an unusual increase in network bandwidth usage.

udden increase in account lockouts due to multiple failed login attempts.

This IP belongs to Lockheed Martin.

POST /user/password?name[0,%20bypass]=dav&name[0]=loup&pass-reset-token-1=D&form_id=user_pass: Drupalgeddon2 exploit which allows remote code execution.

The IP address attempted to register as a SIP user with an invalid username.

The IP attempted to use the POP3 server to distribute malware.

This IP belongs to Dell Technologies.