Critical Threat
IP 36.50.54.13, allocated to INTERDIGI JOINT STOCK COMPANY in Vietnam under ASN AS151858, is assessed as a critical-risk address with a threat level of 10 out of 10, linked exclusively to automated SSH-based hacking activity detected by honeypot sensors in October 2025.
The abuse database contains 634 reports attributed to this address, with all detections originating from automated honeypot sensors over a single reporting window in October 2025. The report volume is significant and indicates sustained, systematic probing behaviour targeting SSH services, the dominant attack vector observed. The operator, INTERDIGI JOINT STOCK COMPANY, operates the AS151858 autonomous system within Vietnam, a country from which honeypot community reports have historically flagged elevated volumes of automated scanning activity. Despite the notably high report count, the activity frequency metric reads at zero out of ten, suggesting that the reported incidents are concentrated historical detections rather than an ongoing campaign at the time of assessment. The 66 percent confidence score reflects the single-threat-category nature of the reports and the geographic origin factors.
The threat classification of hacking encompasses automated intrusion attempts, exploitation probing, and unauthorised access attempts directed at network services. In this case the honeypot sensors captured SSH activity with command input, a pattern consistent with credential brute-forcing or dictionary-based login guessing against exposed SSH daemons. SSH services remain a primary initial-access vector for threat actors because they are internet-reachable by design and frequently protected only by password authentication. Successful authentication grants a foothold on the target system, potentially enabling lateral movement, data exfiltration, or the deployment of secondary payloads such as cryptocurrency miners or botnet agents.
Site operators should immediately block or rate-limit connections from 36.50.54.13 at the network perimeter firewall or web application firewall. Implementing automated brute-force detection tools such as fail2ban can dynamically ban source IPs after a configurable number of failed login attempts. SSH hardening measures including key-based authentication, disabling root login, and restricting authentication to known IP ranges will substantially reduce the attack surface. Continuous monitoring of authentication logs for attempts originating from this IP range is advisable, and any successful authentication should trigger an immediate security incident response procedure.
FR 
HK 
SE