Severe Risk
IP 80.94.92.68 is a maximum-threat-level address originating from Romania, registered to the autonomous system AS47890 operated by Unmanaged Ltd, that has accumulated 1,485 abuse reports from automated honeypot sensors in a concentrated activity window spanning January through March 2026. With a threat level rated 10 out of 10 and a confidence score of 76 percent, this IP presents an unambiguous danger to any exposed network service and should be treated as definitively malicious based on the volume and consistency of hostile activity detected.
The detection data reveals sustained hostile engagement concentrated during the first quarter of 2026, with all 1,485 reports sourced exclusively from automated honeypot sensors. Despite a low ongoing activity frequency score of 0 out of 10, the sheer volume of historical reports indicates this address conducted a high-intensity campaign before its apparent cessation of activity. The network operator designation as "Unmanaged Ltd" suggests limited or no administrative accountability for abuse complaints, a common characteristic of infrastructure leveraged for malicious purposes. The Romanian geographic origin places this host within a jurisdiction that has seen variable cooperation with international abuse mitigation efforts, adding an additional layer of risk for any organization choosing to allow traffic from this address block.
The dominant reported threat category is general hacking activity, specifically characterized by automated honeypot detections noting active SSH session establishment attempts on non-standard ports. This pattern indicates the attacking host was attempting to establish unauthorized remote access by connecting to SSH daemons listening on ports other than the default TCP 22, a common evasion technique designed to bypass basic firewall rules and intrusion signatures that monitor only conventional service ports. The real-world risk posed by this activity includes potential unauthorized access to systems with misconfigured SSH configurations, lateral movement within compromised networks, credential harvesting, and deployment of secondary payloads. Organizations with exposed SSH services on any port face immediate risk of authentication brute-forcing or credential-stuffing attacks originating from this address.
MX 
CA 
UA 
UZ 
GB 
BD