Its doing as you expected I believe and trying lots of different characters and strings. I found another example where its 1500 attempts in 5 mins so that seems malicious.
I have tried on threatminer site for the ip but doesnt seem to be a case for it. As part of my learning activity it advises the webserver was hit by spam and then a ddos attack so i kind of presumed it would been been a spam hit to try and get users to install some malware which was then performing the ddos attack. Im not sure if I can find out if the ip address is internal i had presumed was external.
Appreciate your reply Frank.
... View more