-
@robi Thanks for your explanation. Based on the abuse-mails and the information they shared, I'd assume it was a script trying to login to various sites/platforms, especially their Wordpress-instances. So I assume it is a worm, that tries to spread that way: But in the end: Yes: could be, that the traffic being generated then happened like this.
That is, why I asked for a more general monitoring solution, for network-activity, as this is the most obvious one.
I also found out about netdata, and think about installing it on our machine, as @imc67 and @fbartels already suggested. Not sure, though which way to use for the installation.
