Extreme Threat
IP 80.94.92.166 is a critical-risk address associated with 200 documented abuse reports and sustained hacking activity detected through automated honeypot sensors. Originating from Romania and operating within AS47890 under the Unmanaged Ltd network operator, this IP has been actively targeting vulnerable services since December 2025 with consistent detections continuing through January 2026.
The evidence base supporting this assessment is exceptionally robust, with a 94% confidence score and a threat level of 10/10. All 200 reports were generated across 20 separate automated honeypot sensors, averaging 10 confirmations per detection node. The activity frequency rating of 2/10 indicates that attacks are deliberate and targeted rather than high-volume scripted scans, a pattern often associated with persistent threat actors conducting methodical reconnaissance and intrusion attempts. The unmanaged network designation means this IP operates without any legitimate commercial hosting purpose, and the lack of abuse response contact significantly reduces the likelihood of voluntary mitigation.
The dominant threat classification of hacking encompasses multiple intrusion vectors including vulnerability exploitation, unauthorized access attempts, and general intrusion activity. This category represents the most severe risk category in the dataset because successful exploitation can result in complete system compromise, data breach, credential theft, and lateral movement within compromised networks. The sustained nature of the activity over a multi-month period indicates that this IP is not conducting opportunistic scanning but is actively engaged in persistent intrusion operations against exposed targets.
Site operators with exposed services should implement immediate defensive measures. Network-level blocking or aggressive rate-limiting targeting this IP address will prevent direct connection attempts. Strong authentication mechanisms, particularly multi-factor authentication, should be enforced across all accessible services to mitigate credential-based attack vectors. Deploying or strengthening intrusion detection and prevention systems will provide alerting and automatic blocking when this IP attempts connection. Maintaining current patch cycles and vulnerability management programs addresses the exploitation component of the hacking activity this address has demonstrated.
FR 
SE 
TR