Severe Risk
IP 88.80.148.118 is a critical-risk address operated by Belcloud LTD in Bulgaria that has generated 764 abuse reports from automated honeypot sensors, indicating sustained hostile activity targeting Internet of Things infrastructure. The IP carries a maximum threat score of 10 out of 10 with 94 percent confidence, and its last reported activity occurred in April 2026, placing it within a recent active window.
The volume of reports associated with this address far exceeds typical nuisance traffic, with 20 of the most recent reports specifically categorising the activity as IoT-targeted attacks. All detection signals have originated from automated honeypot sensors, suggesting the address is engaged in systematic scanning or exploitation attempts against connected devices rather than isolated manual probing. The IP resides on AS44901 operated by Belcloud LTD, a Bulgarian hosting provider, which situates this activity within a commercial infrastructure environment commonly leveraged for both legitimate and abusive purposes due to its relative anonymity and bandwidth capacity.
IoT-targeted attacks represent a concrete threat to any organisation operating smart devices, cameras, routers, or industrial control systems exposed to the internet. Attackers use automated tooling to identify misconfigured or unpatched IoT endpoints and exploit default credentials or known firmware vulnerabilities to gain persistent access. Compromised IoT devices can serve as entry points into broader networks, become part of botnets conducting distributed denial-of-service operations, or provide reconnaissance capabilities for further targeted intrusions. The sustained frequency of reports against IP 88.80.148.118 indicates an ongoing campaign rather than opportunistic drift.
Network defenders should immediately block or rate-limit traffic from 88.80.148.118 at the firewall or intrusion prevention level. Organisations with exposed IoT deployments should audit device firmware, change default credentials on all connected hardware, disable Universal Plug and Play where not required, and segment IoT traffic from critical systems using network zoning. Implementing fail2ban or equivalent log-analysis tools to auto-block repeated connection attempts from this source will reduce manual response burden. Ongoing monitoring of related subnets on AS44901 is advisable given the concentration of hostile activity observed.
CY 
RO 
FR 
SE 
TR