Severe Risk
IP 14.18.190.138 is a high-risk address with a threat level of 10 out of 10, definitively linked to sustained SSH brute-force attacks against exposed servers. The IP has accumulated 433 abuse reports from 20 automated honeypot sensors over approximately eight months, from October 2025 through June 2026, with an activity frequency rated 7 out of 10. Originating from the Chinanet network (AS4134) in China, this address represents a persistent and active threat actor operating within one of the world's largest ISP networks.
The volume and consistency of reports paint a clear picture of automated, high-volume intrusion attempts. Detection systems logged multiple SSH brute-force patterns, with automated sensors recording 25 violations each from both standard and console-based SSH detection modules. Intrusion detection systems additionally flagged active SSH sessions being established on non-standard ports, indicating that the attacker's methods extend beyond simple password guessing to include reconnaissance and session establishment on unexpected infrastructure. The 433 total reports across an eight-month span, combined with a confidence score of 84%, establishes this IP's malicious intent with high reliability.
SSH brute-force attacks pose a direct and serious risk to any server with exposed SSH services. Attackers systematically attempt username and password combinations to gain unauthorized administrative access, after which they can deploy malware, exfiltrate data, or use the compromised host as a launchpad for further attacks. The activity frequency of 7 out of 10 confirms that this IP is actively and continuously scanning, not merely occasionally probing. Organizations with publicly accessible SSH services are the primary targets of this threat pattern.
Site operators should immediately block IP 14.18.190.138 at the firewall level to eliminate this threat vector entirely. Implementing automated banning tools such as fail2ban to detect and block repeated authentication failures provides an effective second layer of defense. Hardening SSH configurations by enforcing key-based authentication, disabling root login, and changing the default port significantly reduces vulnerability to credential-guessing campaigns. Regular review of authentication logs and consideration of IP allowlisting for administrative access further strengthen defenses against automated intrusion attempts of this nature.
RO 
IR