Extreme Threat
IP 103.69.189.95 is a critical-risk address originating from Vietnam, operated by Maxserver Company Limited under ASN AS135921, with a documented history of 760 abuse reports from automated honeypot sensors indicating sustained hacking activity. With a threat level of 10/10 and a confidence score of 73 percent, this IP represents a persistent intrusion threat that warrants immediate blocking or strict access controls on any exposed services.
The reporting data shows concentrated malicious activity detected exclusively in November 2025, with all 760 reports attributing the behavior to general hacking attempts including unauthorized access vectors and vulnerability exploitation attempts. Automated honeypot sensors across multiple locations registered these incidents, establishing a clear pattern of sustained hostile scanning and connection attempts targeting exposed network endpoints. The network is registered to Maxserver Company Limited, a Vietnamese hosting provider, and the geographic origin suggests the infrastructure may be part of a broader threat campaign utilizing regional hosting to obfuscate attribution. Despite the high volume of historical reports, current activity frequency metrics indicate limited recent engagement, suggesting the IP may be temporarily dormant or repositioning.
The dominant threat category of hacking encompasses a broad spectrum of intrusion techniques, including automated vulnerability probes, brute-force authentication attempts, and exploitation of unpatched services. For an organization with exposed SSH, RDP, web applications, or database interfaces, this IP poses a concrete risk of unauthorized access, credential compromise, or remote code execution. Attackers leveraging such infrastructure typically conduct widespread scanning campaigns, meaning the presence of this IP in logs does not necessarily indicate a targeted attack but rather opportunistic exploitation attempts against any vulnerable entry point.
Site operators should implement immediate defensive measures including adding this IP to network-level blocklists and configuring fail2ban or equivalent dynamic firewall rules to automatically drop connections after failed authentication attempts. Enforcing strong credential policies, disabling password-based authentication in favor of SSH key pairs, and applying multi-factor authentication across all remote access services significantly reduces the impact of intrusion attempts. Regular patching of exposed services and implementation of intrusion detection monitoring will help identify and block ongoing exploitation attempts. Continuous monitoring of authentication logs for source IP 103.69.189.95 is recommended to assess whether the address resumes hostile activity.
UA 
GB 
CO 
CA