Threat LevelCRITICAL72/1003 rule types across 3 attack categories
3 incidents on record · 3 rule types · active attack detected · active over 3 days · last seen 2d ago
| PTR | vitrio.cl |
| Org / ASN | Digital Ocean |
| Country | 🇺🇸 United States |
| City | Clifton, New Jersey |
| Timezone | America/New_York |
Attack Analysis
SSH: Login Attempt — Non-Existent User
This IP attempted to authenticate via SSH using a username that does not exist on the system. This is characteristic of automated credential-stuffing attacks cycling through common username wordlists (admin, root, ubuntu, pi, etc.).
Suricata IDS Alert
Suricata intrusion detection flagged this IP for malicious network behaviour — including port scanning, exploit attempts, botnet activity, or known attack signatures. The specific signature is shown in the report list below.
IDS: SSH Port Scan
Suricata detected automated SSH port scanning from this IP. SSH scanners map targets before launching credential brute-force attacks. This is the reconnaissance phase of a larger attack campaign.
Reports (3)
| Date | Severity | Description |
|---|---|---|
| 12 Jun 2026 - 19:33 | high | IDS: SSH port scan — ET SCAN Potential SSH Scan |
| 12 Jun 2026 - 19:33 | medium | IDS: Suricata alert — Honeypot: probe to closed SSH port 22 |
| 9 Jun 2026 - 11:42 | high | SSH: Login attempt using non-existent user |
EagleEye Intelligence