Maximum Danger
IP 88.80.148.104, registered to Belcloud LTD in Bulgaria under autonomous system AS44901, presents a maximum threat level of 10/10 based on 757 total abuse reports submitted through automated honeypot sensors, making it one of the highest-risk addresses currently flagged in public threat intelligence feeds for IoT reconnaissance activity.
The detection profile shows 20 recent IoT-targeted reports, all originating from automated honeypot sensors during April 2026, indicating concentrated and purposeful scanning behavior rather than opportunistic traffic. The activity frequency rating of 5/10 and the sheer volume of accumulated reports over a compressed timeframe suggest this address has been systematically probing internet-connected devices at scale. Geographically anchored to Bulgaria and routed through Belcloud LTD's infrastructure, this IP exhibits classic patterns of infrastructure used for persistent scanning campaigns against exposed IoT and ICS endpoints worldwide.
The dominant IoT-targeted threat category reflects systematic reconnaissance and exploitation attempts against smart devices, cameras, routers, and industrial control systems that are frequently deployed with weak security configurations. Attackers exploiting these patterns attempt to identify devices with unpatched firmware, default credentials, or exposed management interfaces, enabling unauthorized access and potential lateral movement into broader networks. The real-world risk includes complete device compromise, botnet recruitment, data exfiltration, and pivoting from IoT entry points into protected corporate or operational technology environments.
Site operators should immediately block or rate-limit traffic from this address at the network perimeter and implement strict firewall policies limiting exposure of IoT devices to untrusted networks. Deploying network segmentation to isolate IoT and ICS devices from critical infrastructure reduces the blast radius of any successful intrusion. Regularly updating device firmware, replacing default credentials with strong unique passphrases, and disabling universal plug-and-play protocols on routers are essential hardening measures. Security teams should monitor for authentication failures and unusual device behavior while considering defensive tools such as fail2ban to automatically block repeated probe attempts.
CY 
RO 
FR 
SE 
TR