#1
After bruteforce( many POST requests - "wp-login.php" from host 10.0.1.85) there were a couple of requests admin-ajax.php followed by a response from the server( host - 10.0.1.88). Further Connection is conducted via SSH. Could this signal that the user guessed the admin password? Or is it not related at all?
[Image: MsNHIBpB.png]​​​​​​​
​​​​​​​[Image: bZaQACtU.png]​​​​​​​
​​​​​​​Then, after ssh connection some values appear in POST request to wp-admin-support, with subsequent request the values change.

[Image: fzEgx9W6.png]

Also I have a question with cookies, if I understand correctly, they are not from a normal user?

[Image: rUd3tOxk.png]