It repeatedly attempted to run server-side injection attacks, trying to execute malicious code on our server.

This IP belongs to Costco Wholesale.

The IP attempted 'DLL Injection' to alter the server's behavior in a malicious manner.

This IP belongs to McKesson.

The IP was seen trying to perform a SIP Registration Hijacking attack, attempting to impersonate a legitimate user to receive their calls.

It made numerous requests to the same endpoint in a short time.

Unauthorized Access Attempts to Admin Directories: Repeated HTTP requests to known admin directories.

The IP attempted to exploit known vulnerabilities in the VOIP protocol.

The IP was involved in a FTP Spam attack, using the FTP server to distribute unsolicited emails or messages.

The malicious IP was reported for attempting a Session Teardown attack, sending BYE messages to end SIP sessions prematurely.

The malicious IP engaged in distributed denial of service (DDoS) attacks, exhausting server resources and disrupting SSH services.

The IP attempted to perform HTTP Request Smuggling attacks on the Apache server.

The IP attempted to use the FTP server to distribute ransomware.

This IP belongs to Berkshire Hathaway.

This IP belongs to Zayo Bandwidth.

By leveraging the AgeTunnel software, the IP attempted to establish a covert channel across the SSH session.

Multiple Sequential Page Requests: Quick, sequential requests to all pages of a site could be someone scanning for vulnerabilities.

Repeated connections to the server from unknown or suspicious IP addresses.

The IP attempted to send emails from the Postfix server pretending to be from a different sender.

FTP Over HTTP: Logs may show HTTP requests containing FTP commands, potentially indicating an FTP Injection attack.

It was responsible for an unusual increase in server CPU usage.

It initiated insecure direct object references (IDOR) attacks to bypass authorization and directly access SSH resources.

It attempted to perform Command Injection attacks on the Apache server.

It attempted to intercept SSL/TLS secured mail connections to eavesdrop or modify the passing data.

It attempted to perform Man in the Middle (MitM) attacks on the Apache server.