Maximum Danger
IP 14.225.215.201 is a critical-risk address originating from Vietnam that has been repeatedly identified as a source of SSH brute-force intrusion attempts. With a threat level of 10/10, 236 total abuse reports, and an activity frequency rating of 8/10, this IP stands out as one of the most persistently hostile sources currently circulating in threat-intelligence feeds. The address was first and last reported within a single reporting window in January 2026, indicating concentrated, aggressive targeting behavior during that period.
The evidence base supporting this assessment is robust: all 236 reports consistently flag the same threat category—hacking activity—and were generated exclusively through automated honeypot sensors. Detection patterns show SSH command input activity directed at honeypot infrastructure, confirming that this address is actively conducting credential-guessing attacks against exposed SSH services. The 94% confidence score reflects the high reliability of this attribution. Geographically traced to Vietnam and operating under AS135905 (VIETNAM POSTS AND TELECOMMUNICATIONS GROUP), the source sits within a major national telecommunications operator's address space, which may indicate compromised residential connections, botnet-infected endpoints, or intentionally hosted attack tooling.
The dominant threat pattern—SSH brute-force activity—poses a concrete and immediate risk to any internet-facing server running the Secure Shell service with password authentication enabled. Automated attack toolkits hammer target systems with username and password combinations at scale, exploiting weak or default credentials. A successful intrusion can grant attackers persistent shell access, enabling lateral movement through internal networks, data exfiltration, cryptocurrency mining deployment, or establishment of long-term backdoor access. The volume and consistency of reports from this IP confirm that the activity is sustained and systematic rather than opportunistic single-probe scanning.
Organizations with exposed SSH services should block this IP immediately at the firewall or network perimeter if no legitimate traffic originates from Vietnamese address space. Switching to public-key authentication and disabling password-based login eliminates the primary attack vector these brute-force campaigns exploit. Implementing automated banning tools such as fail2ban or equivalent rate-limiting solutions will detect and block repeated authentication failures from this and similar hostile sources in real time. Regular audit of sudo configurations, monitoring of authentication logs for connections originating from untrusted ranges, and enforcement of strong credential policies collectively reduce exposure to this class of automated threat.
RO 
FR 
SE 
TR