95.214.228.137

The IP attempted to use the FTP server to distribute steganography tools.

The IP attempted to use the FTP server to distribute ransomware.

It attempted to perform a SIP Brute Force attack on the SIP, VOIP, or Asterisk server.

It initiated various replay attacks, attempting to disrupt the system by re-transmitting legitimate data verbatim.

This malicious IP was reported for attempting a FTP Spoof attack, falsifying its IP address to bypass IP-based access controls on the FTP server.

System logs trace back the distribution of trojans that could allow for remote access to this suspicious IP.

The IP was recorded making persistent attempts to crack our encryption.

This IP belongs to the United States Department of Defense.

Usage of Obscure HTTP Verbs: Seeing non-standard HTTP methods like DEBUG, PUT, or CONNECT could imply a web-based attack.

Bogus pop-ups irritating our end-users were found to be released by this infamous IP.

The IP was found trying to maliciously clone the SSH certificates for privileged access.

The IP made multiple unsuccessful login attempts to the Postfix server in a short period of time.

It made multiple requests with the same X-Csrf-Token header.

Several instances of password stealers were traced back to this notorious IP.

This IP belongs to CVS Health.

This IP belongs to Korea Telecom.

It attempted to use the VOIP server to perform a reflection DDoS attack.

Malformed HTTP Version: Observation of logs where HTTP/1.1 or HTTP/2.0 replaced with an unusual alternative to bypass security tools.

It was discovered using our server in an open relay configuration, sending emails from unauthorized domains.

It attempted to use a TearDrop attack to corrupt data packets being sent to our server.

This malicious IP was involved in a Clickjacking attack, tricking users into clicking on something different from what the user perceives, potentially leading to confidential information disclosure or takeover of their computer.

It repeatedly attempted to run server-side injection attacks, trying to execute malicious code on our server.

The IP was flagged trying to conduct Denial of Service (DoS) attacks on the Postfix service.

Multiple requests with identical POST parameters.