Severe Risk
IP 80.94.92.66 is a high-risk address associated with intensive SSH brute-force and intrusion activity, generating 1652 abuse reports with a critical 10/10 threat rating.
Located in Romania and routed through AS47890 (Unmanaged Ltd), this IP was first reported in January 2026 with continued activity through March 2026. All 1652 reports originated from automated honeypot sensors, with 20 of the most recent reports categorizing the activity as general hacking. Detection data shows the address attempting unauthorized connections and triggering Suricata alerts indicating SSH sessions on non-standard ports—a common technique used to evade basic network monitoring. Despite the elevated report volume, the activity frequency metric registers at 0/10, suggesting the heaviest activity may have occurred earlier in the detection window with reduced recent frequency.
The dominant threat category—hacking—encompasses sustained intrusion attempts targeting exposed SSH services. Attackers frequently leverage non-standard SSH ports as a rudimentary obfuscation method to bypass casual observation and automated scanning tools. The volume and persistence of connections from this address indicate an automated, opportunistic scanning campaign likely conducted by botnet infrastructure rather than isolated manual probes. For organizations with exposed SSH services, such activity represents a direct pathway to credential compromise, lateral movement, and subsequent network infiltration if weak credentials are present or unpatched vulnerabilities exist.
Organizations should immediately block or rate-limit connections from this address at the network perimeter. Enforcing key-based SSH authentication, disabling password authentication entirely, and moving SSH to a non-standard port or behind a VPN can substantially reduce exposure. Implementing fail2ban or similar intrusion prevention tools to automatically ban repeat offenders after failed attempts is strongly recommended. Continuous monitoring of authentication logs and enforcing strong credential policies will further mitigate the risk posed by automated scanning campaigns of this nature.
KR 
UA 
MX 
UG 
FR 
CA