Attacker at 198.54.135.87 conducted 2 SSH sessions using weak credentials (administrator/1234) with ...
show moreAttacker at 198.54.135.87 conducted 2 SSH sessions using weak credentials (administrator/1234) with OpenSSH 10.0-hpn14v15 client. No commands were executed, but the attacker attempted port forwarding to four distinct external hosts across ports 80 and 443, suggesting reconnaissance or setup for potential data exfiltration or command and control communications.
show less
Attacker conducted 2 SSH sessions using credentials administrator/1234, attempting port forwarding t ...
show moreAttacker conducted 2 SSH sessions using credentials administrator/1234, attempting port forwarding to 4 external hosts across ports 80 and 443, consistent with reconnaissance or lateral movement preparation. No commands were executed and no malware artifacts were recovered during the intrusion window.
show less
Two SSH sessions were established using weak credentials (administrator/1234) from an OpenSSH 10.0-h ...
show moreTwo SSH sessions were established using weak credentials (administrator/1234) from an OpenSSH 10.0-hpn14v15 client. The attacker attempted port forwarding to four external addresses across ports 80 and 443, including infrastructure associated with major content delivery and cloud service providers, indicating potential reconnaissance or proxying activity. No commands were executed and no malware artifacts were recovered during the sessions.
show less
Attacker conducted 2 SSH sessions using weak credentials (administrator/1234) with OpenSSH 10.0-hpn1 ...
show moreAttacker conducted 2 SSH sessions using weak credentials (administrator/1234) with OpenSSH 10.0-hpn14v15 client over a 2-minute period. No commands were executed, but multiple port forwarding attempts were made to external destinations on ports 80 and 443, suggesting reconnaissance or attempted lateral movement to external services.
show less
Attacker established 2 SSH sessions using weak default credentials (administrator/1234) via OpenSSH ...
show moreAttacker established 2 SSH sessions using weak default credentials (administrator/1234) via OpenSSH 10.0-hpn14v15, but executed no shell commands. The session focused entirely on port forwarding attempts to 4 external hosts across ports 80 and 443, suggesting reconnaissance or preparation for tunneling traffic for command and control or lateral movement purposes.
show less