Report for IP: 39.129.41.254

Threat LevelHIGH57/1001 rule type
1 incident on record · active attack detected · last seen 2d ago
PTR N/A
Org / ASN China Mobile
Country 🇨🇳 China
City Guangzhou, Guangdong
Timezone Asia/Shanghai

Attack Analysis

🇨🇳 China · Kunming · 9808 · China Mobile
Slow SSH Preauth Scan
This IP repeatedly connected to SSH, collected the server banner and host key, then disconnected before authenticating — multiple times over 30 minutes. This slow scan pattern maps SSH versions and keys while staying below rate-limit thresholds. It is used exclusively by botnet scanners preparing for brute-force attacks.

Reports (1)

Date Severity Description
17 Jun 2026 - 17:44 high SSH: Slow preauth scan — 5+ disconnects in 30 min
Part of EagleEye Intelligence