Severe Risk
IP 80.94.92.65 is a maximum-threat-level address originating from Romania (AS47890, operated by Unmanaged Ltd) that has generated 904 independent abuse reports through automated honeypot sensors, indicating sustained and aggressive hacking activity including unauthorized SSH access attempts on non-standard ports.
Analysis of the supplied telemetry shows that all 904 reports were contributed exclusively by automated honeypot sensors over a three-month window between January and March 2026, yielding a confidence score of 74 percent. The dominant threat category across recent reports is Hacking, specifically flagged by Suricata rules detecting SSH sessions established on unusual ports rather than the standard TCP 22. This pattern, combined with the generic "attack connection" classification, strongly suggests the address is actively conducting SSH brute-force enumeration or establishing persistent shells through unconventional service ports to evade baseline firewall rules. The network operator designation "Unmanaged Ltd" is consistent with hosting infrastructure frequently associated with threat actors seeking minimal accountability.
The concrete risk posed by this address stems from its demonstrated focus on SSH-based intrusion vectors targeting exposed management interfaces. When attackers shift SSH to non-standard ports, they frequently bypass organisations that block port 22 at the perimeter while leaving alternate ports unguarded. Successful compromise of an SSH service grants the adversary a direct foothold on the target system, enabling lateral movement, data exfiltration or the establishment of persistent access backdoors. With 904 distinct detection events logged, this IP represents a persistent, automated threat rather than opportunistic scanning.
Site operators should treat 80.94.92.65 as a high-risk source and implement immediate blocking at the network perimeter firewall. Rate-limiting SSH authentication attempts and enforcing key-based authentication with disallow root login significantly raises the bar for brute-force success. Deploying tools such as fail2ban to dynamically ban repeat offenders and ensuring Suricata or equivalent IDS signatures covering non-standard SSH ports are up to date will strengthen detection coverage. Periodic review of authentication logs for source IP 80.94.92.65 and similar Romanian-addressed hosts in the AS47890 allocation remains advisable given the sustained volume of reported activity.
BG 
UA 
SE 
HK 
FR 
GB