Severe Risk
IP address 80.94.92.64 is a critical-risk address associated with SSH-based intrusion activity, accumulating 1,206 abuse reports from automated honeypot sensors between January and April 2026. The Romanian-hosted IP within AS47890 (Unmanaged Ltd) carries a maximum threat level of 10 out of 10, with a 74% confidence score indicating strong evidentiary support for malicious classification. The volume of community and sensor reports over this four-month window confirms sustained hostile intent rather than incidental scanning.
The detection data reveals concentrated SSH session activity on non-standard ports, with honeypot sensors flagging 20 distinct hacking-category incidents attributed to this address. Despite an activity frequency rated at 0 out of 10, the sheer report count demonstrates persistent automated probing originating from this infrastructure. The network operator's designation as "Unmanaged Ltd" suggests limited accountability, typical of hosting environments frequently exploited for attack infrastructure. Geographic placement in Romania situates this source within a jurisdiction where abuse response times may vary.
SSH sessions on unusual ports represent a well-established tactic used to bypass naive security controls that monitor only default port 22. Attackers leverage non-standard ports to disguise command-and-control communications, conduct credential brute-forcing with reduced detection risk, and establish persistent backdoor access to compromised systems. This approach specifically targets exposed SSH services running on misconfigured or overlooked servers, enabling unauthorized entry, data exfiltration, and lateral movement within networks lacking robust traffic inspection.
Network defenders should immediately block or rate-limit inbound connections from 80.94.92.64 at the perimeter firewall, implement fail2ban or equivalent authentication hardening solutions to automatically block repeated SSH login failures, and enforce key-based authentication over password authentication. Monitoring infrastructure should be configured to alert on SSH traffic traversing any non-standard port, and administrators should restrict SSH access to known trusted IP ranges using allowlist controls wherever feasible.
BG 
UA 
SE 
HK 
FR 
GB