The attacker from 185.173.39.145 established 275 SSH sessions over approximately 15 minutes using th ...
show moreThe attacker from 185.173.39.145 established 275 SSH sessions over approximately 15 minutes using the credential support/support and a Go-based SSH client, with no commands executed but consistent port forwarding attempts to 178.20.45.148:80, suggesting reconnaissance or preparation for lateral movement or data exfiltration.
show less
Attacker from 185.173.39.145 conducted 109 SSH sessions over approximately 3.5 minutes using weak cr ...
show moreAttacker from 185.173.39.145 conducted 109 SSH sessions over approximately 3.5 minutes using weak credentials (support/support) with a Go-based SSH client, making repeated port forwarding attempts to 178.20.45.148:80 likely for proxying malicious traffic or establishing command and control infrastructure. No commands were executed within the honeypot sessions and no artifacts were recovered.
show less
IP 185.173.39.145 established 3 SSH sessions using support/support credentials over a 12-minute peri ...
show moreIP 185.173.39.145 established 3 SSH sessions using support/support credentials over a 12-minute period with a Go-based SSH client, but executed no shell commands. The attacker attempted port forwarding to 178.20.45.148 on port 80 twice, suggesting reconnaissance or preparation for lateral movement or data exfiltration. No malware, scripts, or artifacts were recovered during this activity.
show less
Attacker from 185.173.39.145 established 7 SSH sessions using weak credentials (support/support) wit ...
show moreAttacker from 185.173.39.145 established 7 SSH sessions using weak credentials (support/support) with a Go-based SSH client, making 5 port forwarding attempts to 178.20.45.148:80, likely for proxying or lateral movement purposes. No commands were executed and no malware was downloaded during the attack window.
show less
Attacker at 185.173.39.145 established 9 SSH sessions using default credentials support/support with ...
show moreAttacker at 185.173.39.145 established 9 SSH sessions using default credentials support/support with a Go-based SSH client, attempting repeated port forwarding to 178.20.45.148:80 across multiple sessions within a 15-minute window. No command execution or malware payloads were observed; this appears to be reconnaissance activity focused on establishing tunneling capabilities.
show less
Attacker at 185.173.39.145 conducted 8 SSH sessions over approximately 13 minutes using default cred ...
show moreAttacker at 185.173.39.145 conducted 8 SSH sessions over approximately 13 minutes using default credentials (support/support) via a Go-based SSH client, with no interactive commands executed. The attack focused exclusively on establishing port forwarding tunnels to 178.20.45.148 on port 80, attempted at least 5 times, suggesting reconnaissance or preparation for proxying traffic through the compromised host.
show less
Attacker using Go-based SSH client conducted 8 sessions over approximately 13 minutes with support/s ...
show moreAttacker using Go-based SSH client conducted 8 sessions over approximately 13 minutes with support/support credentials, establishing 5 port forwarding attempts to external host on port 80. No commands were executed and no malware or artifacts were recovered during the intrusion attempts.
show less
Attacker from 185.173.39.145 established 7 SSH sessions using Go-based SSH client software and crede ...
show moreAttacker from 185.173.39.145 established 7 SSH sessions using Go-based SSH client software and credentials support/support, executing no interactive commands but performing repeated port forwarding attempts to external host 178.20.45.148 on port 80, suggesting reconnaissance or lateral movement testing. No malware, scripts, or binaries were recovered from the sessions. The activity pattern indicates automated scanning behavior focused on establishing tunneling capabilities rather than command execution or persistence installation.
show less
Attacker from 185.173.39.145 established 6 SSH sessions over a 10-minute period using credentials su ...
show moreAttacker from 185.173.39.145 established 6 SSH sessions over a 10-minute period using credentials support/support via Go-based SSH client, with no command execution recorded but multiple port forwarding attempts directed to 178.20.45.148 on port 80, suggesting reconnaissance or lateral movement setup.
show less
Single SSH session from 185.173.39.145 using weak credentials support/support with a Go-based SSH cl ...
show moreSingle SSH session from 185.173.39.145 using weak credentials support/support with a Go-based SSH client, no commands executed but an active port forwarding attempt to 178.20.45.148:80 was initiated, suggesting reconnaissance or setup for lateral movement or traffic tunneling.
show less