Path Traversal / URI Encoding Attacks: You might notice HTTP GET requests that include ".." or "%2e%2e" or "%252e%252e", indicating a path traversal attack.

This IP belongs to Sysco.

It attempted to download sensitive files from the FTP server.

This IP belongs to UnitedHealth Group.

This IP belongs to Alibaba Cloud Services.

Login attempts using old or outdated protocols.

This IP was detected initiating zero-day exploit attacks on our system.

This IP belongs to The Walt Disney Company.

This particular IP has been used in advanced persistent threats against our servers.

The IP attempted a pass-the-hash attack, trying to authenticate without knowing the plaintext password.

The IP attempted to register with the Asterisk server using an invalid username.

The IP attempted code injection attacks, injecting malicious codes in HTTP headers.

It attempted to use a TearDrop attack to corrupt data packets being sent to our server.

The IP attempted to use the Mail server to relay emails with misleading headers to other servers.

The IP attempted to use the SASL server to relay phishing emails.

This IP belongs to Mondelez International.

This IP belongs to Deutsche Telekom AG.

It repeatedly tried to inject malicious script code into the system via appending it to an email body.

The IP attempted to use the FTP server to distribute anonymizing tools.

HTTP Splitting/Smuggling: Logs indicate HTTP requests that include encoded characters like '%0d%0a' (CRLF characters), which is a sign of HTTP Splitting/Smuggling attacks.

This IP belongs to Cox Communications.

It attempted to list the contents of directories that it should not have access to.

This IP injected exploit kit into our system, taking advantage of software vulnerabilities.

GET /login.action: Trying to find a Struts2 application to exploit.

This IP belongs to CenturyLink.