Severe Risk
IP 88.80.148.129 is a critical-risk address operated by Belcloud LTD in Bulgaria that has generated 796 abuse reports from automated honeypot sensors, with the overwhelming majority targeting Internet of Things infrastructure. This IP presents an extreme threat level of 10/10, and its near-perfect 94% confidence score reflects consistent, deliberate scanning and exploitation behavior observed across multiple detection systems over a concentrated timeframe in April 2026.
Threat intelligence gathered from 20 distinct automated honeypot sensors confirms 796 total incident reports, all attributed to IoT-targeted activity during April 2026. The AS44901 network operated by Belcloud LTD in Bulgaria has been flagged for this sustained malicious behavior, indicating that the hosting infrastructure is being actively leveraged for campaigns targeting smart devices, cameras, routers and other connected equipment. The activity frequency score of 5/10 suggests regular, persistent engagement rather than sporadic bursts, and the concentration of identical report types across numerous independent sensors strongly corroborates the authenticity and severity of this threat profile.
IoT-targeted attacks exploit the historically weak security posture of networked devices, many of which ship with default credentials, unpatched firmware and exposed management interfaces. When an IP like 88.80.148.129 is actively scanning for and probing these devices, the real-world risk extends beyond mere reconnaissance — compromised IoT endpoints become botnet drones, surveillance platforms or pivot points for deeper network intrusion. The scale of 796 reports signals an aggressive, methodical campaign rather than opportunistic sampling, making any exposed IoT device on adjacent network ranges a potential target for credential stuffing, firmware exploits or UPnP abuse.
Organizations with IoT deployments should immediately audit device inventories and isolate smart device subnets from critical infrastructure using VLAN segmentation. Firmware across all connected devices must be verified as current, default administrative credentials must be replaced with strong unique passwords, and Universal Plug and Play should be disabled at the network edge to prevent lateral propagation. Implementing rate-limiting and geo-based access controls on management interfaces, combined with monitoring tools such as fail2ban to block repeated connection attempts from this address, will substantially reduce exposure to the exploitation patterns associated with IP 88.80.148.129.
CY 
RO 
FR 
SE 
TR