Extreme Threat
IP 102.88.137.213 is a critical-risk address originating from MTN Nigeria Communication Limited (AS29465) that has generated 262 abuse reports across automated honeypot sensors between February and June 2026, with a threat level rated 10/10 and a 93% confidence score. The dominant activity is sustained SSH brute-force attacks, accounting for 19 of the most recent threat reports, supplemented by general hacking probes and indicators that this IP may itself function as an exploited attack platform. With an activity frequency of 8/10, this address demonstrates persistent, automated intrusion behaviour that poses a severe risk to any exposed SSH services.
The honeypot detection network logged repeated fail2ban violations triggered by sshd brute-force attempts, with some detection cycles recording 25 to 28 separate violations in single observation windows. Suricata alerts captured active SSH sessions being established on non-standard ports alongside brute-force patterns, suggesting the operator is running persistent automated tooling to systematically guess credentials against targeted servers. The combination of 20 independent honeypot sources reporting this activity, spanning a four-month window, indicates sustained intent rather than opportunistic scanning. The presence of "Exploited Host" classifications alongside the aggressive brute-force activity raises the possibility that this IP itself may be a compromised endpoint being weaponised by threat actors without the legitimate operator's knowledge.
SSH brute-force attacks remain one of the most common initial access vectors, with attackers cycling through credential dictionaries to compromise servers running exposed SSH daemons. Successful access grants adversaries a foothold for data exfiltration, lateral movement within networks, cryptomining deployment, or further exploitation as a staging point. The volume and repetition of attempts observed against IP 102.88.137.213 confirm an active, determined attacker infrastructure that will continue probing unless blocked at the network edge.
Site operators should immediately block IP 102.88.137.213 at the firewall or network perimeter to eliminate the threat vector entirely. SSH services should be hardened by disabling password-based authentication in favour of asymmetric key authentication, moving sshd from the default port, and disabling root login. Implementing fail2ban or similar intrusion-prevention tooling will automate temporary blocking of repeat offenders. If this activity persists after blocking, consider notifying the hosting provider, MTN Nigeria Communication Limited, so they can investigate whether the assigning IP is itself compromised. Regular monitoring of authentication logs and implementing intrusion detection signatures for brute-force patterns will further reduce exposure.
HK 
UA