80.94.92.184 — Unmanaged Ltd, RO — Very High (100%)

Check an IP Address, Domain Name, Subnet, or ASN

80.94.92.184 was found in our database!

Confidence Level

100%

Very High?

Geolocation

🇷🇴

Romania

ISPUnmanaged Ltd

ASNAS47890

Activity Timeline

First seenJan 23, 2026, 12:21 AM

Last seen1m ago

First reportedFeb 26, 2026, 12:36 PM

Last reported2d ago

12,048Sessions

48,509Events

3Reports

Protocol Breakdown

SSH

12048 / 48509

80.94.92.184 has a very high threat confidence level of 100%, originating from Romania, on the Unmanaged Ltd network (47890). It has been observed across 12,048 sessions targeting SSH, with detected attack patterns including dual source gpu validation with host context, pci and nvidia gpu identification with host metadata, First observed on January 23, 2026, most recently active March 3, 2026.

Behaviors

Classified behavioral patterns observed

Dual Source Gpu Validation With Host Context

high2213x

Combined execution of lspci (VGA and 3D controller extraction and device count) and nvidia-smi -q (product name extraction and non-empty count validation), together with kernel/architecture (uname -s -v -n -r -m) and uptime collection. This pattern reflects cross-validation of GPU presence using both PCI-level and NVIDIA driver-level queries, enriched with host system context.

Pci And Nvidia Gpu Identification With Host Metadata

high315x

Execution of uname -s -v -n -r -m to collect kernel and architecture details, uptime -p for system uptime, lspci queries to extract and count VGA-class PCI devices, and nvidia-smi -q filtering for product name to identify NVIDIA GPU models. This pattern reflects layered GPU identification using both PCI enumeration and NVIDIA driver-level queries, combined with basic host system metadata collection.

Ssh Host Kernel Uptime And Vga Profile

medium512x

Execution of uname -s -v -n -r -m to retrieve kernel and architecture details, uptime -p for human-readable system uptime, and lspci | grep VGA | cut -f5- -d ' ' to extract VGA-class PCI device information. This pattern reflects lightweight host profiling combined with basic GPU identification.

Ssh Host Kernel Uptime And Vga Device Count

medium475x

Execution of uname -s -v -n -r -m to collect kernel and architecture details, uptime -p for human-readable system uptime, and lspci queries to extract VGA-class PCI device descriptions and count the number of VGA devices. This pattern reflects PCI-level GPU identification combined with basic host system metadata collection.

Ssh Pci And Nvidia Gpu Count Cross Validation

medium69x

Identifies SSH sessions where the actor performs structured hardware reconnaissance including CPU core enumeration, GPU detection via nvidia-smi, VGA/3D controller inspection via lspci, system uptime queries, and kernel/architecture fingerprinting to assess computational capabilities of the compromised host.

Primitives

Individual actions observed

Unix Uname S V N R M Flags4256 Ssh Uptime Pretty Format Query4186 Unix Lspci Vga Field Extraction3793 Ssh Lspci Vga Count3282 Ssh Nvidia Smi Product Name Extraction2807 Ssh Lspci 3d Controller Field Extraction2492 Ssh Nvidia Smi Product Name Count2282 Ssh Nproc All Cpu Count Query69

User Reports

3 reports from 1 contributor

Date	Category	Protocol	Comment
Feb 28, 2026	Brute Force	SSH	SikkerGuard: 2 blocked packets
Feb 26, 2026	Brute Force	SSH	SikkerGuard: 2 blocked packets
Feb 26, 2026	Brute Force	SSH	SikkerGuard: 2 blocked packets

Related Threats

Explore related threat intelligence

🇷🇴More threats fromRomania ASMore threats fromUnmanaged Ltd SSHMore threats targetingSSH { }Browse allAttack Patterns

WHOIS Lookup

IP Address	Confidence	Events
80.94.92.177	100%	291,860
92.118.39.62	100%	347,905
193.32.162.82	99%	75,377
80.94.92.171	100%	28,103
80.94.92.183	100%	148,413

IP Address	Confidence	Events
80.94.92.177	100%	291,860
193.32.162.82	99%	75,377
80.94.92.171	100%	28,103
80.94.92.183	100%	148,413
80.94.92.182	100%	57,136