The IP attempted to use the FTP server to distribute DDoS attack tools.

It made multiple requests from user agents claiming to be bots.

The IP was seen trying to exploit known vulnerabilities in server software, a common tactic for gaining unauthorized access or control.

The IP was involved in a FTP Injection attack, exploiting vulnerabilities in the FTP server to execute unauthorized commands.

It attempted to send emails with malicious links from the Postfix server.

It was found actively trying to exploit HTTP Response Splitting vulnerabilities to perform further attacks.

The IP sent malicious links via IM softwares, aiming to spread instant messaging worms.

The malicious IP was spotted attempting to brute-force the SSH login credentials.

It attempted to send emails with malicious links from the Postfix server.

It attempted to perform a RIPv1 amplification attack on the SSH server.

The IP attempted to perform a password spraying attack on the SSH server.

The malicious IP was reported for sending a high volume of SIP INVITE requests, a potential sign of a call flooding attack.

It attempted to download sensitive files from the FTP server.

Login Attempts with Automated User-Agents: Logs reflect requests to login page with 'bot' or 'spider' in user-agent strings.

It was involved in the operation of a REG-Bot, a type of bot that performs automated tasks.

It tried to create buffer overflows by sending large amounts of data at once to overwhelm server resources.

It made multiple requests with the same X-Att-Deviceid header.

Our technical team unearthed the IP's involvement in distributing malicious mobile spyware.

Tried to perform a man-in-the-middle attack to intercept and alter communication between the server and clients.

Unusual network traffic patterns, such as a high amount of outbound traffic.

Multiple requests from different IP addresses in a short span of time, suggesting a distributed brute force attack.

The IP attempted to perform a key exchange attack on the SSH server.

The IP made multiple requests to the password reset page.

This IP belongs to TIAA.

The IP tried to launch 'Dark Tequila' malware that steals banking information and login credentials from the server.