Critical Threat
IP 80.94.92.69 is a high-risk address originating from Romania that has been linked to 795 abuse reports for hacking activity, including unauthorized SSH session establishment attempts on non-standard ports. The IP operates through AS47890 under the Unmanaged Ltd network and has demonstrated persistent threat behavior since first being reported in January 2026 through March 2026.
Automated honeypot sensors recorded all 795 reports associated with this address, yielding a threat level of 10 out of 10 with a 74% confidence score. The detected activity pattern included Suricata alerts flagging SSH sessions initiated on unusual network ports, a known technique used by threat actors to evade standard detection mechanisms and target improperly secured SSH services. The concentration of detection across multiple honeypot sensors confirms this is not an isolated incident but rather sustained, automated scanning and intrusion activity originating from this single source address. The network operator Unmanaged Ltd appears to provide services with limited security oversight, which may contribute to the prolific abuse observed.
Hacking activity involving SSH session attempts on non-standard ports represents a concrete risk to any exposed server running an unsecured SSH daemon. Attackers leverage non-standard port configurations to bypass basic firewall rules and automated blacklist filters that only monitor default port 22. Once an SSH session is successfully established through an unconventional port, adversaries can execute arbitrary commands, exfiltrate sensitive data, escalate privileges, or use the compromised host as a pivot point for deeper network intrusion. Organizations with SSH services accessible from the internet, particularly those relying solely on password authentication, face the highest exposure to this threat vector.
Site operators should immediately block IP 80.94.92.69 at the network perimeter firewall to eliminate all inbound connectivity from this source. Implement fail2ban or similar dynamic blocklist tools to automatically harden SSH access by rate-limiting authentication attempts and banning repeat offenders. Enforce key-based authentication exclusively and disable password authentication entirely for all SSH access. Audit exposed services listening on non-standard ports, apply the principle of least privilege, and maintain continuous network monitoring to detect anomalous session behaviors matching the patterns associated with this malicious address.
BG 
UA 
SE 
HK 
FR 
GB