Thank you for your helpful reply.

1b. What is most likely causing this torrent of connections?

2b. Are these only vty/ssh connections to this 4431 router? 

3b. Why would so many attempts be made to this device?

The literature instructs remediation by inserting an ACL. OK. 4b. What will the result be of this ACL?

5b. Might this ACL suddenly break a production critical process?

Thank you.

are you enable HTTP in Router ??

I know very little about this device. It lives between ASA-5525 and www.

I only know traffic is lost leaving LAN, somewhere between...

ASA-5525 inside interface after ACL permit statement is hit, and www VENDOR1= 2.2.2.2

(Traffic fails before reaching 2.2.2.2)

Hello,

I am not sure the SFTP to WWW problem you are experiencing is related to the log messages. The HTTP server functionality of the router is aimed at administering the router through a web interface. You could try and use a non-standard port, e.g.:

ip http server
ip http port 8001

to see if that reduces the log messages (and effectively the number of connections).

With regard to your issue:

-->  I am troubleshooting symptom of sftp communication from internal server not reaching www address.

Is the connection slow, are there timeouts ? In order to troubleshoot this, you would need access to the router. It might just be that the router (interface) is saturated.

I dont know troubleshooting, but you can use capture in ASA, to see if the packet is reach or not the ASA. 

The ASA LAN-interface-in ACL registers permit hits for this circuit.

There is no ACL on the outside interface.

Thus, is it still possible that traffic is not leaving this ASA for this circuit?

share 
show local-host x.x.x.x <<- x.x.x.x is the IP address of destination 

5525ASA# show local-host 2.2.2.2

Interface ONE: 1 active, 7 maximum active, 0 denied
Interface TWO: 1 active, 1 maximum active, 0 denied
Interface management: 0 active, 0 maximum active, 0 denied
Interface dmz: 24 active, 257 maximum active, 0 denied
Interface Inside: 378 active, 133543 maximum active, 0 denied
Interface Outside: 1798 active, 41512 maximum active, 0 denied
Interface FAILOVER: 1 active, 1 maximum active, 0 denied
Interface EIGHT: 0 active, 2 maximum active, 0 denied
Interface any: 0 active, 0 maximum active, 0 denied

5525ASA# show local-host 2.2.2.2 detail <<- please share the output after add detail 

"5525ASA# show local-host 2.2.2.2 detail <<- please share the output after add detail "

-output is identical to 5525ASA# show local-host 2.2.2.2

The only device left is an 4431 ISR between the ASA and the www.

4431#sh run | inc access-gr
4431#sh run | inc access gr
4431#

... tells me there are no ACLs on the interfaces. Yes there are ACLs on the device. I don't know what they map to.

What is the next troubleshoot step here?

Thank you!

there are two FW as I get from your previous comment 
one Zone Firewall <<- show policy-map type inpsect zone-pair <x-y>

one ASA <<- show local-host x.x.x.x detail (optional you can add connection keyword 
 show conn x.x.x.x <<- this give hint about tcp or udp traffic pass through ASA