Severe Risk
IP 14.98.67.210 is a high-risk address originating from Tata Teleservices ISP AS infrastructure in India that has been extensively linked to automated hacking activity, with a threat level of 10/10 and more than 1,600 abuse reports logged by honeypot sensors over a short observation window.
The detection data paints a clear picture of persistent automated threat activity. All 1,615 reports were submitted through automated honeypot sensors, indicating this is not isolated manual probing but systematic, tool-driven scanning. The activity frequency score of 8/10 and the 94% confidence rating confirm reliable, consistent detection of malicious behaviour across the reporting period. The IP's association with AS45820 (Tata Teleservices ISP AS) places it within a large Indian telecommunications provider's address space, which threat researchers frequently observe as source infrastructure for credential-based attacks due to its broad IP allocation footprint. The only reported threat category in recent submissions is Hacking, with the underlying detection including evidence of active SSH sessions on expected ports — a hallmark of brute-force or credential-stuffing campaigns.
The dominant hacking activity observed on this address represents a direct pathway for unauthorized system access if left unchecked. An attacker maintaining an active SSH session on a target port is typically the culmination of a successful brute-force or password-spray operation, granting initialfoothold into network infrastructure. From that position, threat actors can escalate privileges, move laterally across systems, exfiltrate sensitive data, or deploy further malicious tooling. The volume of reports and persistent activity level suggest this IP is part of an established automated attack infrastructure rather than a transient scanning event.
Site operators with publicly accessible SSH services should treat this IP address as a confirmed threat source and block it at the network perimeter. Implementing authentication hardening — such as enforcing key-based authentication, disabling root login, and applying aggressive lockout policies — significantly reduces the effectiveness of the brute-force techniques associated with this activity. Deploying tools such as fail2ban or equivalent dynamic blocking solutions can automatically respond to repeated authentication failures from this source. Continuous monitoring of authentication logs for patterns consistent with the observed scanning behaviour remains essential for early detection of any successful intrusion attempts.
RO 
FR 
SE 
TR