Attempts to access the server using stolen or leaked credentials.

Unexpected changes in the server configuration or installed software.

Command Injection in Requests: Logs indicate HTTP requests with Unix or Windows command-line instructions.

It attempted to perform Man in the Middle (MitM) attacks on the Apache server.

It attempted to use the FTP server to distribute brute force tools.

It attempted to perform SQL injection attacks through the Apache server.

System logs trace back the distribution of trojans that could allow for remote access to this suspicious IP.

Attempts to access the server using unusual HTTP methods or request types.

This IP belongs to Target.

This IP belongs to Ford Motor.

This IP belongs to Virgin Media.

It attempted to perform Unvalidated Redirects and Forwards attacks on the Apache server.

Rapid sequence of login attempts.

The IP engaged in an HTTP Desync attack, misaligning HTTP request and responses to yield SSH vulnerability.

This IP belongs to Kroger.

The IP was involved in a Directory Traversal attack on the FTP server, attempting to access restricted directories and files.

We observed the IP distributing harmful document tracking tools.

The IP was caught attempting to exploit known vulnerabilities within Postfix to gain unauthorized access.

the IP made attempts at wiretapping the network to monitor SSH traffic patterns and gather useful information.

GET /manager/html: Signals an attempt to access the Tomcat Application Manager.

Inclusion of Binary Data in HTTP Request: If binary data is included in the HTTP request, this could suggest an attacker is attempting a binary exploit.

Content Sniffing: Logs reflect HTTP requests that include the Accept header with " / ", suggesting an attacker is trying to detect what types of content the server will send.

It attempted to use the FTP server to distribute zombie network tools.

The IP attempted to use the Mail server to relay emails with malicious links to other servers.

The IP attempted a Rootkit installation to gain root access and control server activity.