The attacker IP, 103.183.74.135, has been identified attempting to connect to our internal network at target IP, presumably using Remote Desktop Protocol (RDP). The suspicious activity appears to be an automated probing of usernames, specifically targeting the username "Cookie: mstshash=38.54..." through repeated connection attempts. Confidence level is unknown due to insufficient data.
READ FULL INVESTIGATIONThe attacker with IP address 45.205.1.20 is attempting to scan the target system with IP address [target IP], specifically probing port 443. This activity has been identified as automated probing and has a high confidence level of 90%.
VIEW ANALYSISThe attacker with IP address 45.205.1.8 has been attempting to access the target system with IP address unknown, through HTTPS connections. The suspicious activity appears to be an automated probing of the target system's login credentials, possibly via brute-force or scanning attempts. This activity is flagged with high confidence and warrants further investigation.
VIEW ANALYSISThe attacker IP 185.38.148.2 has been detected attempting to connect to the target IP using HTTPS, indicating possible scanning or automated probing activity. The connection attempts involve no specific usernames, suggesting a brute-force attack may be in progress. With a high confidence level of 30, further investigation is warranted to assess potential security risks.
VIEW ANALYSIS