Threat LevelCRITICAL72/1002 rule types
8 incidents on record · 2 rule types · active attack detected · persistent 9-day campaign · seen 4h ago
| PTR | N/A |
| Org / ASN | AS57374 Company for communications services A1 Makedonija DOOEL Skopje |
| Country | 🇲🇰 North Macedonia |
| City | Struga, Struga |
| Timezone | Europe/Skopje |
Attack Analysis
Port 22 Honeypot Probe
This IP connected to a fake SSH honeypot — a port 22 listener that is not a real SSH server. This is an automated scanner fingerprinting targets before launching a brute-force campaign. Legitimate systems never probe port 22 without a specific reason; this activity is virtually 100% malicious.
Suricata IDS Alert
Suricata intrusion detection flagged this IP for malicious network behaviour — including port scanning, exploit attempts, botnet activity, or known attack signatures. The specific signature is shown in the report list below.
Reports (8)
| Date | Severity | Description |
|---|---|---|
| 13 Jun 2026 - 22:02 | medium | IDS: Suricata alert — Honeypot: probe to closed SSH port 22 |
| 13 Jun 2026 - 20:24 | medium | IDS: Suricata alert — Honeypot: probe to closed SSH port 22 |
| 12 Jun 2026 - 18:13 | medium | IDS: Suricata alert — Honeypot: probe to closed SSH port 22 |
| 8 Jun 2026 - 09:35 | medium | IDS: Suricata alert — Honeypot: probe to closed SSH port 22 |
| 7 Jun 2026 - 22:59 | medium | IDS: Suricata alert — Honeypot: probe to closed SSH port 22 |
| 7 Jun 2026 - 01:00 | medium | IDS: Suricata alert — Honeypot: probe to closed SSH port 22 |
| 5 Jun 2026 - 22:16 | medium | IDS: Suricata alert — Honeypot: probe to closed SSH port 22 |
| 5 Jun 2026 - 03:41 | high | IDS: Port 22 honeypot probe |
EagleEye Intelligence