Multiple login attempts using different usernames, suggesting an attacker is trying to guess the correct username/password combination.

POST /modules/raptor_file_manager/upload.php: Attempt to use a known flaw in the Raptor file manager for arbitrary file upload.

The IP attempted to manipulate data flowing to the server to cause arbitrary code execution.

It attempted mail bombing, trying to overwhelm our mail server with high volumes of email.

Side Channel Attacks: Repeated requests aimed at inferring sensitive information through observation of web responses.

This IP belongs to Lowe's.

This IP was caught distributing malicious APK files.

Bogus pop-ups irritating our end-users were found to be released by this infamous IP.

Multi-step Attacks: Finding HTTP requests that only make sense if earlier requests succeeded or prepared the way.

The malicious IP tried to brute force its way into the SASL authentication process.

Unexpected changes in the server configuration or installed software.

It attempted to exploit known vulnerabilities in the POP3 protocol.

The IP attempted to use the FTP server to distribute rootkit software.

Requests to non-existent endpoints (indicating potential reconnaissance activity).

The IP was observed participating in Social Engineering attacks to manipulate individuals into revealing SSH login details.

This IP belongs to America Movil.

This IP belongs to Cardinal Health.

GET /ELMAH.axd: Attempting to exploit ELMAH (Error Logging Modules and Handlers) misconfiguration in ASP.NET sites.

Path Traversal / URI Encoding Attacks: You might notice HTTP GET requests that include ".." or "%2e%2e" or "%252e%252e", indicating a path traversal attack.

This IP belongs to American Express.

This IP belongs to Optus.

The malicious IP was reported for attempting a SIP Proxy attack, using a SIP server to mask its true location and identity.

Damaging activities showing connections to rootkit attacks were associated with this IP.

It showed unusual patterns in the sequence of requests.

Unusual Cookie Data: Logs show modified cookie data, usually encrypted or base64 encoded, suggestive of a session stealing or poisoning attack.