Threat LevelCRITICAL72/1002 rule types across 2 attack categories
2 incidents on record · 2 rule types · active attack detected · seen 10h ago
| PTR | dsl-91-84-178-189-dynamic.prod-infinitum.com.mx |
| Org / ASN | Gestión de direccionamiento UniNet |
| Country | 🇲🇽 Mexico |
| City | Guadalajara, Jalisco |
| Timezone | America/Mexico_City |
Attack Analysis
SSH: Login Attempt — Non-Existent User
This IP attempted to authenticate via SSH using a username that does not exist on the system. This is characteristic of automated credential-stuffing attacks cycling through common username wordlists (admin, root, ubuntu, pi, etc.).
Suricata IDS Alert
Suricata intrusion detection flagged this IP for malicious network behaviour — including port scanning, exploit attempts, botnet activity, or known attack signatures. The specific signature is shown in the report list below.
Reports (2)
| Date | Severity | Description |
|---|---|---|
| 19 Jun 2026 - 06:55 | medium | IDS: Suricata alert — Honeypot: probe to closed SSH port 22 |
| 18 Jun 2026 - 14:25 | high | SSH: Login attempt using non-existent user |
EagleEye Intelligence