Critical Alert
IP 91.202.233.33 is a Turkmenistan-based address operated by Prospero Ooo (AS200593) that represents one of the most prolific threat profiles documented in recent intelligence feeds, accumulating 4,992 independent abuse reports across automated honeypot sensors with a maximum threat rating of 10/10, driven predominantly by sustained SSH brute-force attack campaigns.
Analysis of the aggregated report data spanning October 2025 through March 2026 reveals a concentrated threat profile with SSH-related activity dominating the reported categories, supplemented by general hacking probes and brute-force credential attempts against exposed authentication endpoints. The detection network logged 20 separate honeypot sources reporting against this address, with associated fail2ban logs documenting a recidive pattern indicating repeated multi-jail offender status after the address accumulated multiple violation thresholds across sshd and recidive filters. Despite the extremely high report volume, the activity frequency metric of 0/10 suggests the most recent offensive operations concluded by March 2026, though the historical footprint indicates persistent, automated attacking infrastructure rather than isolated scanning activity.
SSH brute-force attacks systematically iterate authentication credentials against exposed sshd services, exploiting weak or default passwords to gain unauthorized server access. This address demonstrates the hallmarks of organized credential stuffing infrastructure, leveraging automation to scale password attempts across thousands of potential targets while evading detection through multi-source distribution patterns. An address with nearly five thousand independent reports represents a mature, established threat actor likely operating botnet-coordinated scanning operations rather than opportunistic individual probing.
Network defenders should treat IP 91.202.233.33 as a critical blocklist candidate given the volumetric threat history. Implementing automated blocking via intrusion-prevention tools such as fail2ban can proactively drop connections from known offenders. Exposed SSH services should enforce key-based authentication exclusively, disable root login, and consider non-standard port allocation to reduce surface area. Organizations with direct SSH exposure should review authentication logs for evidence of matching attack patterns and implement account lockout policies alongside multi-factor authentication to resiliently counter credential-guessing campaigns regardless of their originating source.
RU 
VN 
UA 
BE 
DZ