Severe Risk
IP 193.46.255.99 is a critical-risk address that has been flagged for sustained hacking activity originating from Romanian network infrastructure, amassing 715 abuse reports over approximately five months of sustained offensive operations.
The address, allocated to AS47890 and operated by Unmanaged Ltd, was first reported in August 2025 and continued generating consistent incident reports through January 2026, indicating persistent rather than opportunistic malicious behavior. All 20 of the most recent threat reports specifically categorize the activity as hacking, encompassing intrusion attempts, vulnerability exploitation, and unauthorized access probes directed at exposed services. The 84% confidence score and activity frequency rating of 8 out of 10 reinforce that this is not isolated scanning but an organized campaign. The detection was facilitated entirely through automated honeypot sensors, which captured the attack patterns without attributing them to any specific defensive product or named infrastructure.
The dominant hacking classification encompasses a broad spectrum of intrusion techniques, including credential-guessing attacks, exploitation of unpatched software vulnerabilities, and probing for misconfigured services that could yield unauthorized system access. The sustained volume of reports and high activity frequency suggest this actor systematically enumerates target networks rather than relying on a single attack vector. For organizations exposing SSH, RDP, web applications, or administrative interfaces, such persistent probing creates a significant risk of compromise if vulnerabilities or weak credentials exist.
Site operators should immediately block or rate-limit this address at the firewall level and monitor authentication logs for any matching source traffic. Implementing fail2ban or equivalent log-analysis tools can automate the blocking of repeated login failures associated with credential-stuffing campaigns. All exposed services should enforce strong, unique passwords and disable default or administrative accounts where possible. Regular vulnerability scanning and prompt patching cycles reduce the effectiveness of exploitation attempts that this actor is known to deploy.
IR 
ES 
BG 
EE 
FR