Maximum Danger
IP 103.98.149.80 is a critical-risk address operating from Vietnam that has been directly linked to active hacking activity, including intrusion attempts, vulnerability exploitation and unauthorized access operations, according to automated honeypot sensors and community-based reporting. With a threat level of 10 out of 10 and a total of 201 abuse reports filed against this address, the IP presents a severe and ongoing risk to any exposed services on the internet.
Analysis of available reporting data shows that all 20 of the most recent reports attributed to 103.98.149.80 were classified under the hacking category, with every detection originating from automated honeypot sensors rather than passive community submissions. The address is registered to Maxserver Company Limited and routes through ASN 135921, placing it within Vietnamese network infrastructure. The IP was first reported in November 2025 and remained active through the same month, indicating a concentrated burst of malicious activity over a short timeframe. The 73% confidence score reflects substantial corroborating evidence across multiple sensor sources, though a small margin of uncertainty remains in attribution. Despite the high report volume, the activity frequency metric of 0 out of 10 suggests the attacks may be intermittent or targeted rather than continuous.
The dominant hacking classification encompasses a broad spectrum of intrusion activity, including scanning for vulnerable services, brute-force authentication attempts, remote code execution exploitation and lateral movement within compromised networks. This pattern means that any exposed service running on a target system, particularly those with default or weak credentials, misconfigured access controls or known software vulnerabilities, is at risk of compromise. The real-world consequence of such activity ranges from data exfiltration and service disruption to the establishment of persistent backdoor access for future operations.
Site operators should treat IP 103.98.149.80 as hostile and block all ingress traffic from this address at the firewall or network perimeter level immediately. Deploying rate-limiting rules on authentication endpoints such as SSH, RDP and web login portals significantly reduces the effectiveness of brute-force and credential-stuffing campaigns. Keeping all systems patched and hardened against known vulnerabilities denies attackers the foothold they seek. Implementing an intrusion detection or prevention system alongside tools such as fail2ban can automatically identify and neutralize repeated attack patterns originating from this or similar addresses.
UA 
GB 
CO 
CA