Critical Alert
IP 45.119.212.99 is a critical-risk address originating from Vietnam that has been repeatedly linked to SSH brute-force intrusion attempts, with 515 total abuse reports logged by automated honeypot sensors over a six-month observation window from December 2025 through May 2026. The IP operates within AS131423, assigned to Branch of Long Van System Solution JSC in Hanoi, and carries a threat-level score of 10 out of 10 based on the volume and persistence of malicious activity detected.
Detection data reveals a sustained campaign of automated SSH authentication attacks. The 515 reports were generated across 20 distinct automated honeypot sensors, with the dominant threat category being SSH brute-force attempts responsible for 20 of the 24 most recent categorised reports. Supporting honeypot evidence shows multiple fail2ban violation clusters, each capturing between 25 and 33 blocked authentication failures in a single enforcement cycle. Additional Suricata alerts have flagged SSH sessions initiating on unexpected ports and stream-level retransmission anomalies consistent with coordinated credential-guessing toolkits. The combination of high report volume, repeated detection clusters, and the presence of exploited-host indicators suggests this address may be running attacker-controlled infrastructure rather than representing an unwitting compromised host.
SSH brute-force attacks pose a direct threat to any internet-exposed server running the SSH protocol, attempting to gain shell access through systematic password guessing or exploitation of authentication weaknesses. A successful intrusion grants attackers persistent command-level access, enabling data theft, malware deployment, lateral movement through internal networks, or recruitment into botnets. The attack pattern observed here, characterised by sustained high-frequency authentication failures and tool-detected session anomalies, indicates professional-grade automation capable of testing thousands of credential combinations against poorly protected SSH endpoints.
Operators should block 45.119.212.99 at the network perimeter immediately and monitor for any correlated scanning activity from adjacent address space. For exposed SSH services, enforcing key-based authentication exclusively, moving SSH to a non-standard port, and deploying fail2ban to automatically ban sources after a small number of failed attempts will substantially reduce exposure. Disabling root login over SSH and implementing intrusion-detection monitoring will further harden target systems against the attack patterns documented against this IP address.
UA 
RO 
GB 
BG 
KZ 
FR 
PS