GET /configuration.php.old: Trying to locate backup configuration files.

The IP was seen making repeated calls to premium-rate numbers, a common form of VoIP fraud.

POST /xmlrpc.php: Could indicate an attempt at exploiting the WordPress xmlrpc.php file, often used for brute forcing.

It partook in location spoofing, making it appear from different locations.

The IP attempted the notorious Shellshock vulnerability, which could pose a severe threat to our server's resources.

It attempted to use the FTP server to distribute traffic monitoring tools.

Web-based Command Injection: Logs indicating command injection attempts via web-based forms or query parameters.

Suspicious URL Encoding: Seeing HTTP requests with a lot of %, suggesting URL encoding to evade detection.

This IP belongs to Rogers Cable.

Side Channel Attacks: Repeated requests aimed at inferring sensitive information through observation of web responses.

It utilized a Directory Harvest Attack, attempting to find valid e-mail addresses through guesswork.

The malicious IP was involved in a Buffer Overflow attack, sending more data to a buffer than it can handle, causing it to overflow and allowing the attacker to execute arbitrary code.

The IP executed URL Obscuring, hiding malicious URLs within seemingly innocent mail links.

This IP was suspected of running a botnet, a network of compromised computers used for malicious activities like spamming or DDoS attacks.

This malicious IP was reported for trying to perform a Symlink attack, creating symbolic links to files outside the FTP server's root directory.

Unusual command line activities that are not typical for the server environment.

This IP belongs to Amazon.

Signs of Password Spraying: Logs showing single failed login attempt for large numbers of users.

Unusual patterns in the sequence of requests.

It established numerous 'doppelganger' domains to mimic our SSH server, aiming to trick users into revealing sensitive data.

The malicious IP was seen trying to perform a Replay attack, capturing SIP authentication data and resending it to gain unauthorized access.

The IP attempted Forceful Browsing, trying to discover hidden directories or files which could contain SSH access data.

Several instances of password stealers were traced back to this notorious IP.

It performed 'Spectre' attacks, exploiting predictive branching in CPUs to potentially gain sensitive information from the SSH service.

It attempted to send emails with malicious links from the Postfix server.