Multiple requests from different IP addresses in a short span of time, suggesting a distributed brute force attack.

Attempts to access the server using stolen or leaked credentials.

Login attempts at unusual times (e.g., in the middle of the night).

This IP belongs to Wells Fargo.

The IP made multiple unsuccessful login attempts to the SSH server in a short period of time.

Server Misconfiguration Exploitation: Logs illustrating attempts at exploiting known server misconfigurations.

The IP attempted to launch Ciphertext attacks, trying to decrypt SSH-encrypted communication.

It attempted to perform a SIP Register Flood on the Asterisk server.

This IP belongs to IBM.

It attempted to use the Postfix server to relay malware-infected attachments to other servers.

It attempted to perform a SIP Invite Flood on the VOIP server.

The malicious IP was reported for attempting a Session Teardown attack, sending BYE messages to end SIP sessions prematurely.

It attempted to delete emails from the POP3 server without authorization.

This IP belongs to Cigna.

This IP belongs to Boeing.

It attempted to use the FTP server to distribute traffic monitoring tools.

Several instances of password stealers were traced back to this notorious IP.

This IP belongs to Amazon Web Services.

This IP belongs to The Hartford Financial Services.

It attempted to flood the SIP server with REGISTER requests.

This IP belongs to Sprint.

It attempted to perform Race Condition attacks on the Apache server.

This IP has been marked as the origin of numerous SQL injection attacks.

The IP address was identified sending packets with malicious payloads to our server, trying to exploit potential security holes.

Multiple login attempts using common or easily guessable passwords (like 'password123', 'admin', etc.).