IP Address

80.94.95.221

IPv4 Public
RO RO
AS204428
SS-Net
469 Reports
This IP is on the Blacklist High confidence threat - blocking recommended
10/10 Threat
82% Confidence
469 Reports

Threat Intelligence Analysis

AI-generated security assessment based on aggregated threat data

Top 5% Most Dangerous
RO
RO Location
SS-Net ASN 204428
469 Reports
Honeypot Data Source

Critical Threat

IP address 80.94.95.221 is a critical-risk address originating from Romania, assigned to network operator SS-Net (ASN AS204428), with a threat level of 10 out of 10 and 452 total abuse reports filed through automated honeypot sensors over approximately six months of sustained hostile activity.

The IP has been observed engaging in persistent intrusion attempts, with 452 reports accumulated between November 2025 and May 2026, yielding an activity frequency rating of 8 out of 10. Detection sources span 20 distinct automated honeypot sensors distributed across multiple monitoring points, indicating this address is systematically probing a wide range of targets. The overwhelming majority of recent reports — 18 of the 20 most recent categorizations — classify the activity as general hacking, encompassing unauthorized access attempts and exploitation vectors. The remaining two reports categorize the IP as an exploited host, suggesting the infrastructure itself may be compromised and operating under adversarial control without the owner's awareness.

The dominant hacking activity observed from 80.94.95.221 includes repeated connection attempts targeting exposed services, pattern-of-behaviour indicators consistent with reconnaissance and vulnerability probing, and Redis-directed attack sequences. Suricata intrusion detection systems flagged this address for stream-level anomalies featuring malformed acknowledgment packets, a technique commonly employed to evade detection or exploit stateful inspection weaknesses. This combination of vectors points to an attacker leveraging a possibly compromised Romanian host to conduct distributed probing and exploitation campaigns against services exposed to the internet.

Administrators with services accessible from this IP space should block 80.94.95.221 at the network perimeter and implement geolocation-based restrictions if Romanian source traffic is not expected. Deploy fail2ban or equivalent dynamic blockade tools to automatically reject repeated connection attempts targeting Redis or other observed attack surfaces. Enforce strong authentication, disable unnecessary services, and ensure all exposed software remains current with security patches. Providers operating within AS204428 should consider reaching out to SS-Net regarding the reported activity from this address.

More threatening than 95% of monitored IPs

Threat Categories

Hacking 23
Exploited Host 6
IoT Targeted 2

Technical Details

General hacking activity includes various intrusion attempts, exploitation of vulnerabilities, and unauthorized access attempts.

Recommended Mitigations

Keep systems patched, implement intrusion detection, and follow security best practices.

Behavioral Analysis

Activity Pattern: Consistent Activity

Steady malicious activity over 4 weeks indicates persistent threat actor operations.

First Observed 11. May 2026
Last Activity 9. June 2026
Recent (7 days) 17 incidents

High-Risk Network Association

This IP belongs to a network (ASN 204428) with elevated threat levels. The ISP SS-Net hosts multiple reported malicious addresses, suggesting systemic security issues or permissive policies.

Network-wide patterns may indicate this is part of a larger malicious infrastructure.

Security Recommendations

Long-term blocking recommended.

This analysis is automatically generated from aggregated, anonymized threat intelligence data. No personal information is displayed or stored. Assessment accuracy depends on available data volume and diversity.

Reputation Summary

Threat Level 10/10 Critical
Critical
Activity Frequency 8/10 High
Confidence Score 81% Verified

Confidence History

22. May 2026 - 9. Jun 2026
82% Current
Stable Trend

The confidence score shows the reliability of the threat assessment based on the number and quality of reports.

Security Reports (30)

Date Categories Source Confidence
New Hacking Honeypot 75%
New Hacking Honeypot 75%
New IoT Targeted Honeypot 75%
New Hacking Honeypot 75%
New Hacking IoT Targeted Honeypot x2 75%
Hacking Honeypot 75%
Exploited Host Honeypot 75%
Exploited Host Honeypot 75%
Hacking Honeypot 75%
Hacking Honeypot 75%
Exploited Host Honeypot 75%
Hacking Honeypot 75%
Exploited Host Honeypot 75%
Hacking Honeypot 75%
Hacking Honeypot 75%
Hacking Honeypot 75%
Hacking Honeypot 75%
Hacking Honeypot 75%
Hacking Honeypot 75%
Hacking Honeypot 75%
Hacking Honeypot 75%
Hacking Honeypot 75%
Hacking Honeypot 75%
Hacking Honeypot 75%
Hacking Honeypot 75%
Hacking Honeypot 75%
Hacking Honeypot 75%
Exploited Host Honeypot 75%
Hacking Honeypot 75%
Exploited Host Honeypot 75%
10 of 469 shown

Technical Details

Basic Information

IP Address
80.94.95.221
IP Version
IPv4
Network Type
Public
Tor Network
No
Network Class
Class A

Geolocation

Country
RO RO
ASN
AS204428
ISP
SS-Net

DNS Information

Reverse DNS
None
PTR Record
No
Connection Type
Static

Statistics

Total Reports
469
First Reported
6 Nov 2025
Last Reported
9 Jun 2026, 07:57

Network Reputation

Analysis of the entire network (ASN) that this IP address belongs to, providing context about the hosting provider and network-wide threat patterns.

Network Identity

AS204428
SS-Net
RO RO

Network Threat Assessment

8/10
This network has a high threat level with significant malicious activity reported across multiple IPs.

Network Statistics

43
Total IPs Monitored
36,130
Total Reports
840.2
Reports per IP

Network Context

This IP address belongs to SS-Net (AS204428), which manages 43 IP addresses in our monitoring system. Out of these, 36,130 have been reported for suspicious activities, resulting in a network-wide threat level of 8/10.

Network warning: This network has elevated threat levels. Exercise caution when interacting with IPs from this ASN.

Comparative Analysis

How this IP compares to others in our threat intelligence database

95 %

Global Threat Ranking

This IP is more threatening than 95% of all IPs in our database.

Top 10% Most Dangerous

Global Comparison

Compared against 199,716 reported IPs worldwide

Threat Level 10/10 avg: 5.3 ++
Total Reports 469 avg: 23 ++

Network Comparison

Compared against 43 IPs in ASN 204428

Threat Level 10/10 network avg: 7.7 +
Total Reports 469 network avg: 844 -
Network SS-Net has overall threat level 8/10

Geographic Comparison

Compared against 627 IPs in RO

Threat Level 10/10 country avg: 6.2 ++
Total Reports 469 country avg: 259 ++
Indicators:
++ Much Higher + Higher = Similar - Lower -- Much Lower

Geographic Threat Distribution

187,375 threat incidents tracked globally • Last 24h: 18,936 Logs

FEED

Top Threat Sources

  1. 01
    US
    United States US
    38,468 20.5%
  2. 02
    IN
    India IN
    29,136 15.5%
  3. 03
    CN
    China CN
    26,029 13.9%
  4. 04
    BR
    Brazil BR
    10,256 5.5%
  5. 05
    DE
    Germany DE
    7,144 3.8%
  6. 06
    SG
    Singapore SG
    6,476 3.5%
  7. 07
    ID
    Indonesia ID
    5,551 3%
  8. 08
    RU
    Russia RU
    4,703 2.5%
  9. 09
    PK
    Pakistan PK
    4,677 2.5%
  10. 10
    NL
    Netherlands NL
    4,358 2.3%

+40 more countries

THREAT LEVEL
LOW MED HIGH

Geographic data is aggregated and anonymized. No personal information displayed.

Map: simplemaps.com (MIT License)

Related IPs

Other IPs associated with this address through network or behavioral similarity

IPs from the same Autonomous System (AS) network provider.

20 Related IPs
9.5/10 Avg Threat
80% Avg Confidence
20 High Threat
High-risk network: Majority of related IPs are flagged
80.94.95.211 10/10
Confidence 100%
Reports 49
Location RO RO
8 Jun 2026
80.94.95.7 7/10
Confidence 96%
Reports 31
Location RO RO
16 May 2026
80.94.95.110 10/10
Confidence 94%
Reports 21
Location RO RO
20 Apr 2026
80.94.95.40 10/10
Confidence 94%
Reports 16
Location RO RO
30 Apr 2026
80.94.95.83 10/10
Confidence 93%
Reports 488
Location RO RO
9 Jun 2026
80.94.95.116 10/10
Confidence 91%
Reports 38
Location RO RO
8 Jun 2026
80.94.95.242 7/10
Confidence 91%
Reports 26
Location RO RO
27 May 2026
80.94.95.169 8/10
Confidence 88%
Reports 1,001
Location RO RO
24 Apr 2026
80.94.95.43 10/10
Confidence 87%
Reports 293
Location RO RO
7 Jun 2026
80.94.95.115 10/10
Confidence 78%
Reports 105
Location RO RO
2 Jun 2026
80.94.95.71 10/10
Confidence 78%
Reports 14
Location RO RO
16 Apr 2026
80.94.95.248 10/10
Confidence 77%
Reports 18
Location RO RO
4 Dec 2025
80.94.95.216 7/10
Confidence 76%
Reports 160
Location RO RO
15 Apr 2026
80.94.95.118 10/10
Confidence 73%
Reports 497
Location RO RO
9 Jun 2026
80.94.95.173 10/10
Confidence 66%
Reports 8
Location RO RO
29 May 2026
80.94.95.202 10/10
Confidence 65%
Reports 8
Location RO RO
4 Jun 2026
80.94.95.25 10/10
Confidence 63%
Reports 224
Location RO RO
2 Oct 2025
80.94.95.75 10/10
Confidence 62%
Reports 82
Location RO RO
27 Jan 2026
80.94.95.15 10/10
Confidence 61%
Reports 29,208
Location RO RO
30 Sep 2025
80.94.95.112 10/10
Confidence 61%
Reports 3,047
Location RO RO
1 Oct 2025

IPs from the same subnet range, likely same network segment.

20 Related IPs
9.5/10 Avg Threat
80% Avg Confidence
20 High Threat
High-risk network: Majority of related IPs are flagged
80.94.95.211 10/10
Confidence 100%
Reports 49
Location RO RO
8 Jun 2026
80.94.95.7 7/10
Confidence 96%
Reports 31
Location RO RO
16 May 2026
80.94.95.110 10/10
Confidence 94%
Reports 21
Location RO RO
20 Apr 2026
80.94.95.40 10/10
Confidence 94%
Reports 16
Location RO RO
30 Apr 2026
80.94.95.83 10/10
Confidence 93%
Reports 488
Location RO RO
9 Jun 2026
80.94.95.116 10/10
Confidence 91%
Reports 38
Location RO RO
8 Jun 2026
80.94.95.242 7/10
Confidence 91%
Reports 26
Location RO RO
27 May 2026
80.94.95.169 8/10
Confidence 88%
Reports 1,001
Location RO RO
24 Apr 2026
80.94.95.43 10/10
Confidence 87%
Reports 293
Location RO RO
7 Jun 2026
80.94.95.115 10/10
Confidence 78%
Reports 105
Location RO RO
2 Jun 2026
80.94.95.71 10/10
Confidence 78%
Reports 14
Location RO RO
16 Apr 2026
80.94.95.248 10/10
Confidence 77%
Reports 18
Location RO RO
4 Dec 2025
80.94.95.216 7/10
Confidence 76%
Reports 160
Location RO RO
15 Apr 2026
80.94.95.118 10/10
Confidence 73%
Reports 497
Location RO RO
9 Jun 2026
80.94.95.173 10/10
Confidence 66%
Reports 8
Location RO RO
29 May 2026
80.94.95.202 10/10
Confidence 65%
Reports 8
Location RO RO
4 Jun 2026
80.94.95.25 10/10
Confidence 63%
Reports 224
Location RO RO
2 Oct 2025
80.94.95.75 10/10
Confidence 62%
Reports 82
Location RO RO
27 Jan 2026
80.94.95.15 10/10
Confidence 61%
Reports 29,208
Location RO RO
30 Sep 2025
80.94.95.112 10/10
Confidence 61%
Reports 3,047
Location RO RO
1 Oct 2025

IPs from the same country with similar threat profiles.

15 Related IPs
9.5/10 Avg Threat
96% Avg Confidence
15 High Threat
High-risk network: Majority of related IPs are flagged
80.94.95.211 10/10
Confidence 100%
Reports 49
ISP SS-Net
8 Jun 2026
82.152.132.24 10/10
Confidence 100%
Reports 36
ISP X-zone It Srl
6 Jun 2026
193.32.162.192 7/10
Confidence 100%
Reports 31
ISP Unmanaged Ltd
25 Dec 2025
193.32.162.35 10/10
Confidence 98%
Reports 992
ISP Unmanaged Ltd
2 Jun 2026
2.57.122.192 10/10
Confidence 98%
Reports 19
ISP Unmanaged Ltd
18 May 2026
89.44.137.240 8/10
Confidence 97%
Reports 30
ISP ROMARG SRL
26 Feb 2026
193.32.162.104 10/10
Confidence 96%
Reports 150
ISP Unmanaged Ltd
24 May 2026
80.94.95.7 7/10
Confidence 96%
Reports 31
ISP SS-Net
16 May 2026
2.57.122.189 10/10
Confidence 95%
Reports 19
ISP Unmanaged Ltd
6 Jun 2026
193.32.162.28 10/10
Confidence 94%
Reports 5,435
ISP Unmanaged Ltd
25 May 2026
193.32.162.34 10/10
Confidence 94%
Reports 1,819
ISP Unmanaged Ltd
2 Jun 2026
80.94.92.187 10/10
Confidence 94%
Reports 811
ISP Unmanaged Ltd
13 Jan 2026
193.32.162.82 10/10
Confidence 94%
Reports 682
ISP Unmanaged Ltd
5 Jun 2026
45.142.193.6 10/10
Confidence 94%
Reports 553
ISP Skynet Network Ltd
23 May 2026
193.46.255.86 10/10
Confidence 94%
Reports 393
ISP Unmanaged Ltd
3 Jun 2026

IPs with similar threat level and confidence scores.

15 Related IPs
8.4/10 Avg Threat
82% Avg Confidence
15 High Threat
High-risk network: Majority of related IPs are flagged
207.90.244.3 8/10
Confidence 82%
Reports 13,315
Location US US
9 Jun 2026
207.90.244.2 8/10
Confidence 82%
Reports 13,205
Location US US
9 Jun 2026
147.182.225.86 8/10
Confidence 82%
Reports 9,096
Location US US
9 Jun 2026
130.12.181.104 8/10
Confidence 82%
Reports 3,340
Location DE DE
6 Jun 2026
137.184.95.216 8/10
Confidence 82%
Reports 2,212
Location US US
9 Jun 2026
101.36.107.103 8/10
Confidence 82%
Reports 890
Location HK HK
27 Feb 2026
60.254.111.212 8/10
Confidence 82%
Reports 588
Location IN IN
16 Dec 2025
64.62.197.212 8/10
Confidence 82%
Reports 571
Location US US
9 Jun 2026
65.49.1.66 8/10
Confidence 82%
Reports 568
Location US US
9 Jun 2026
204.76.203.213 10/10
Confidence 82%
Reports 561
Location NL NL
7 Jun 2026
184.105.247.254 8/10
Confidence 82%
Reports 552
Location US US
9 Jun 2026
216.218.206.67 10/10
Confidence 82%
Reports 522
Location US US
8 Jun 2026
65.49.1.52 8/10
Confidence 82%
Reports 521
Location US US
8 Jun 2026
95.110.231.151 8/10
Confidence 82%
Reports 397
Location IT IT
15 Dec 2025
37.148.132.99 10/10
Confidence 82%
Reports 275
Location BR BR
28 May 2026

Export & Firewall Rules

Download threat data or generate firewall rules to block this IP

JSON Report

Structured data format for integration with security tools and SIEM systems.

{
    "ip_address": "80.94.95.221",
    "threat_level": 10,
    "confidence_score": 82,
    "total_reports": 469,
    "country_code": "RO",
    "isp_name": "SS-Net",
    "asn": "204428",
    "first_reported": "2025-11-06 12:52:00",
    "last_reported": "2026-06-09 07:57:45",
    "exported_at": "2026-06-09T10:46:10+02:00",
    "source": "https://reportedip.de/ip/80.94.95.221/"
}
Download JSON

GDPR Compliant: Exports contain only IP-related threat data. No personal information or reporter details are included.

Analyzed high-risk IP addresses