Maximum Danger
IP 197.5.145.102 is a critical-risk address linked to SSH brute-force attacks, originating from Tunisie-Telecom's AS327934 network infrastructure in Tunisia, with a 10/10 threat level and 83% confidence based on 207 total abuse reports logged across a seven-month window from November 2025 to May 2026.
The detection profile shows concentrated hostile activity detected by 20 automated honeypot sensors, with 20 recent reports indicating sustained engagement against SSH services despite the activity frequency rating of only 3/10, suggesting targeted rather than opportunistic scanning behaviour. The high report volume relative to the moderate activity frequency signals persistent automated exploitation attempts rather than casual probing.
SSH brute-force attacks systematically cycle through credential combinations to gain unauthorized shell access to servers, and the violation pattern documented against this address reflects repeated coordinated authentication attacks. Any publicly accessible SSH daemon receiving traffic from this IP faces immediate risk of compromise, with successful authentication potentially granting attackers root-level control over dependent systems and enabling data exfiltration, cryptomining deployment, or lateral movement through the compromised infrastructure.
Site operators should immediately block this IP at the network perimeter or implement aggressive rate-limiting on SSH daemons reachable from this address. Deploying fail2ban or equivalent intrusion prevention tooling to automatically ban IPs exhibiting brute-force patterns provides an additional automated defensive layer. Hardening measures including disabling password-based authentication in favour of public key authentication, changing the default SSH port, and enforcing strict idle timeout policies will substantially reduce exposure to credential-guessing campaigns of this nature.
RO 
IR