It attempted logins using outdated protocols.

The IP made numerous attempts at SMTP Relay abuse by trying to send emails not meant for or from local users.

This malicious IP attempted a brute force attack, trying to crack login credentials to gain unauthorized access to a system or account.

Requests to non-existent endpoints (indicating potential reconnaissance activity).

It appeared to be taking part in SSL Stripping attacks, downgrading secure HTTPS connections to facilitate eavesdropping.

The IP was seen trying to upload files to the FTP server, possibly with the intent of distributing malware.

Suspicious URL Encoding: Seeing HTTP requests with a lot of %, suggesting URL encoding to evade detection.

This IP belongs to Telstra.

This malicious IP was involved in a Clickjacking attack, tricking users into clicking on something different from what the user perceives, potentially leading to confidential information disclosure or takeover of their computer.

This IP belongs to Ziggo.

The IP address attempted to login to the Mail server with an invalid username.

This IP belongs to Reliance Jio.

It detected attempting time-based blind SQL injection, observing the server's response time to extract data.

POST /wp-admin/admin-ajax.php: The Actor may be trying to exploit some vulnerable WordPress theme or plugin.

This IP belongs to IBM Cloud Services.

Repeated requests for the same file or page, indicating an attempt to crack a password or exploit a vulnerability.

The IP attempted to send emails from the Mail server pretending to be from a different sender.

It attempted to login to the SSH server with an invalid password.

Excessive traffic from a single IP address.

We linked several cryptojacking attempts, aimed at harnessing our system resources, to this IP.

The IP attempted to use the Mail server to relay emails with malicious links to other servers.

The IP attempted to exploit known vulnerabilities in the SIP protocol.

The malicious IP was reported for engaging in port scanning, probing the server for open ports to discover potential vulnerabilities for exploitation.

Actively performed packet spoofing, obscuring the origin point of its own malicious packets.

The IP address initiated attacks using DDoS, impacting our server response times.