This was 6+ months ago. Suspicious is that i had 16+ character random password that was not shared with anyone, nor had I actually connected to it yet.
Within 5 days there was an open connection on it. Granted, there was no record of any activity other than holding open the connection.
If brute forced, that seemed oddly quick, plus there were not any login failures in the logs.
This occurred three times with different passwords. I disabled after that.
It was not from the same ip range
While nothing came of these connections. Given a large number of open tenet sessions. A coordinated attack could be staged against the hosting company.