Attempts to access the server using outdated or insecure protocols, which can indicate an attacker is trying to exploit known vulnerabilities.

The IP attempted to perform a password spraying attack on the SASL server.

Multiple attempts to access the server using anonymous or generic user accounts.

The IP was seen attempting a FTP Smurf attack, flooding the FTP server with echo request packets to cause a denial of service.

GET /configuration.php.old: Trying to locate backup configuration files.

The IP attempted to manipulate data flowing to the server to cause arbitrary code execution.

GET /phpMyAdmin: This could be a threat actor looking for an unsecured phpMyAdmin page.

It attempted to exploit known vulnerabilities in the Mail protocol.

This malicious IP was reported for attempting to initiate a large number of simultaneous calls, a sign of a potential DDoS attack.

The IP attempted to perform a SNMP amplification attack on the SSH server.

This IP belongs to Amazon.

The IP attempted to send spam emails from the Postfix server.

GET //web-console/Invoker: Might be an attempt to access JBoss server's web console for exploitation.

The IP set off alarms for an attempted man-in-the-middle attack on our servers.

This IP belongs to Liberty Mutual Insurance Group.

The IP made multiple requests to the password reset page.

The IP was involved in a SIP Flooding attack, sending a large number of SIP messages in a short period to overwhelm the server.

The IP attempted to change file permissions on the SSH server.

The IP attempted to use the POP3 server to relay spam.

The IP was involved in a SIPVicious attack, a specific type of VoIP attack that scans for open SIP servers and then attempts to crack their passwords.

It attempted to perform Web Service attacks on the Apache server.

This IP belongs to Marathon Petroleum.

The IP was seen launching a DDoS attack on the Asterisk server, overwhelming it with traffic to disrupt its normal functioning.

The IP attempted to inject malicious scripts into the server hoping it would get executed.

Bursts of login attempts followed by periods of inactivity, suggesting an attacker is trying to avoid detection.