Maximum Danger
IP 88.80.148.93 is a critical-risk address originating from Bulgaria, operated by Belcloud LTD through AS44901, that has been linked to 773 documented abuse reports over a concentrated period in April 2026, with automated honeypot sensors flagging it primarily for IoT-targeted attack activity against smart devices, cameras, routers and connected infrastructure.
The volume and consistency of reports against this address are substantial, placing it among the more actively monitored threats in recent community intelligence feeds. All reported activity falls within a single month window in April 2026, indicating a focused, sustained campaign rather than opportunistic scanning. The confidence score of 94 percent reflects strong corroboration across the 20 independent honeypot sensors that logged the malicious traffic, leaving little ambiguity about the nature of the activity. The network operator Belcloud LTD provides hosting services from Bulgarian infrastructure, a geography that appears frequently in threat actor infrastructure due to its hosting economics. With an activity frequency rated at 5 out of 10, the IP demonstrates persistent rather than bursty behaviour, suggesting automated tooling configured for continuous probing of IoT endpoints over time.
IoT-targeted attacks represent a distinct threat category focused on exploiting the notoriously weak security posture of internet-connected devices that often ship with default credentials, unpatched firmware and exposed management interfaces. An IP flagged for this category is actively scanning for vulnerable cameras, routers, sensors and other smart devices that lack proper hardening, attempting to gain unauthorised access or enlist them in botnet activity. The real-world risk extends beyond the targeted device itself, as compromised IoT hardware frequently becomes a pivot point for lateral movement, a source of distributed denial-of-service traffic, or a persistence mechanism for further network intrusion.
Site operators should immediately block or rate-limit traffic from 88.80.148.93 at the network perimeter, audit inbound connections for IoT device management interfaces, and enforce strong unique credentials alongside regular firmware updates on all connected devices. Implementing network segmentation for IoT systems, disabling unnecessary services such as UPnP, and deploying monitoring rules to detect anomalous scanning patterns from this source will reduce exposure. Tools such as fail2ban or equivalent intrusion-prevention systems can automate the blocking response based on observed attack signatures.
CY 
RO 
FR 
SE 
TR