Notable Threat
IP address 102.88.137.80 is a high-risk address operating from MTN Nigeria Communication Limited (AS29465) that has been linked to sustained SSH brute-force attack activity, generating 175 independent abuse reports with an 88 percent confidence rating and a threat level of 8 out of 10. The volume and consistency of reporting, combined with automated honeypot sensor confirmations, leave little ambiguity about the malicious intent behind this address.
Community and automated honeypot sensors began flagging 102.88.137.80 in February 2026, with continuous activity recorded through June 2026, indicating a persistent, multi-month campaign rather than a brief opportunistic scan. The IP has accumulated 175 total reports across the five-month window, yielding an activity frequency rating of 7 out of 10 — well above the baseline for a standard scanning address. Detection data from honeypot sensors confirmed 25 brute-force violations per sensor, with consistent patterns pointing exclusively to SSH (port 22) as the target service. The geographic origin in Nigeria and the AS29465 network assignment provide contextual alignment with the operational profile of an attacker leveraging residential or mobile ISP infrastructure to conduct credential-guessing campaigns.
SSH brute-force attacks are a well-established initial access vector in which threat actors systematically attempt username and password combinations against exposed SSH daemons to gain unauthorized shell access to servers. Successful compromise grants the attacker a foothold on the target system, enabling data exfiltration, lateral movement across networked infrastructure, or deployment of secondary payloads such as cryptocurrency miners and backdoors. The repeated, high-frequency nature of the activity observed from 102.88.137.80 — confirmed across 20 independent honeypot sources — demonstrates an automated, likely bot-assisted campaign rather than manual probing, meaning the target service faces continuous, around-the-clock pressure until credentials are guessed or the source is blocked.
Operators with SSH services exposed to this address or others within this network block should take immediate defensive action. Enforce key-based authentication exclusively and disable password-based SSH login entirely to render credential-guessing attempts ineffective. Implement the fail2ban tool or an equivalent intrusion-prevention system to dynamically ban addresses generating repeated authentication failures. Restrict root login over SSH and consider moving the SSH daemon to a non-standard port to reduce the surface area of automated attacks. Finally, review authentication logs for any successful or near-successful connections from this address and monitor for lateral movement indicators across internal systems in the event that credentials may have been compromised.
RO 
PL