Severe Risk
IP 88.80.148.153, registered to Belcloud LTD in Bulgaria through autonomous system AS44901, is a high-risk threat actor with a maximum threat level score of 10/10 and 781 abuse reports indicating sustained malicious activity targeting internet-of-things infrastructure. The elevated IP reputation concern stems from consistent IoT and ICS-targeted attack patterns detected across automated honeypot sensors, presenting a concrete danger to exposed smart devices, cameras, routers and industrial control systems that lack adequate security hardening.
The 781 total reports filed against 88.80.148.153 originate exclusively from 20 automated honeypot sensors, with all recent activity logged in April 2026 according to available community reports. The 94% confidence score and 6/10 activity frequency indicate persistent, high-volume scanning and exploitation attempts rather than isolated probes. The geographic location in Bulgaria and the hosting provider Belcloud LTD provide network context, but the threat profile is defined by the consistent IoT-targeted attack pattern rather than the specific infrastructure used.
IoT-targeted attacks exploit the well-documented security weaknesses common to connected devices, including unchanged default credentials, unpatched firmware and exposed management interfaces. When threat actors systematically scan for these vulnerabilities, they can rapidly compromise large numbers of devices for botnet recruitment, data exfiltration or disruption of physical processes in industrial environments. The ICS component raises stakes further, as successful exploitation of industrial control systems can interrupt manufacturing, utilities or critical infrastructure operations with potentially severe real-world consequences.
Site operators should immediately block or rate-limit traffic from 88.80.148.153 at the network perimeter and monitor logs for any authentication attempts originating from this address. Network segmentation isolating IoT and ICS systems from core infrastructure limits the blast radius of any successful compromise. Updating device firmware, changing all default credentials and disabling unnecessary services such as UPnP on connected devices removes the attack surface this IP targets. Deploying automated blocking tools such as fail2ban alongside continuous monitoring provides layered defense against continued probing.
CY 
RO 
FR 
SE 
TR