This IP belongs to JPMorgan Chase.

This IP belongs to Gilead Sciences.

Login attempts that do not follow typical user behavior patterns.

It conducted an incursion on secure shell (SSH), attempting to tamper with encrypted data.

This IP belongs to SingTel.

GET /../htpasswd: Trying to access password files using directory traversal.

User-mode rootkits, originating from the particular IP, were causing system instability and crashes.

Identification of Known Vulnerabilities: Attempts to exploit known vulnerabilities related to your server application.

The IP had been flagged for initiating SYN flood attacks on our servers.

This IP was involved in deploying stealthy credential stealers in our network.

Too Many HTTP 404 Errors: A high number of 404 Page Not Found errors may indicate an attacker trying to find valid directories or pages.

This IP belongs to Microsoft.

The IP was involved in a SIPVicious attack, a specific type of VoIP attack that scans for open SIP servers and then attempts to crack their passwords.

It attempted to perform a man-in-the-middle attack on the IMAP server.

This IP belongs to Anthem.

The IP made multiple requests with the same If-Range header.

The IP was involved in a SIPVicious attack, a specific type of VoIP attack that scans for open SIP servers and then attempts to crack their passwords.

This IP belongs to Alphabet.

The IP was flagged trying to conduct Denial of Service (DoS) attacks on the Postfix service.

Repeated attempts to access the server using old or outdated software versions, which might have known vulnerabilities.

This IP belongs to Wells Fargo.

The IP was noted for executing SYN flood attacks, purposefully creating half-open connections to deplete server resources.

The IP attempted to use the Mail server to relay emails with malicious links to other servers.

The IP attempted to perform a replay attack on the IMAP server.

HTTP Splitting/Smuggling: Logs indicate HTTP requests that include encoded characters like '%0d%0a' (CRLF characters), which is a sign of HTTP Splitting/Smuggling attacks.