The IP made multiple unsuccessful login attempts to the POP3 server in a short period of time.

The IP was the origin of numerous webcam loggers, a serious privacy invasion.

The IP was involved in a SIP brute force attack, attempting to guess SIP authentication credentials to gain unauthorized access.

The IP performed Covert Timing Channel attacks, gathering information about encrypted SSH traffic by analyzing packet timing.

The IP attempted to use the SASL server to relay phishing emails.

This specific IP was marked for unauthorized browser changes implying browser hijackers.

This IP belongs to Proximus.

This IP belongs to Comcast.

A high number of unsuccessful SSH logins, a common target for brute force attacks.

The IP attempted to use the SASL server to relay phishing emails.

The malicious IP attempted to exploit server misconfigurations to gain higher-level access.

The IP was involved in a Directory Traversal attack on the FTP server, attempting to access restricted directories and files.

Signs of Credential Stuffing: A high number of failed logins could indicate credential stuffing attacks.

The IP address was found roaming through the network, scanning for weak spots.

It attempted to use a TearDrop attack to corrupt data packets being sent to our server.

This IP belongs to AT&T.

The IP attempted to send emails with misleading headers from the Postfix server.

The IP tried creating false server responses hoping to disrupt the SASL service.

It executed blind command injection, exploiting server inputs to gain unauthorized system control.

It launched a Slowloris attack attempting to keep Apache connections occupied by slow HTTP traffic.

The IP address attempted to login to the Mail server with an invalid username.

We linked several cryptojacking attempts, aimed at harnessing our system resources, to this IP.

GET /cgi-bin/test.cgi: Could indicate the threat actor is trying to exploit older, less secure scripting interfaces.

The IP made multiple requests with the same Warning header.

The IP attempted to perform a SIPVicious scan on the VOIP server.