Critical Threat
IP 194.180.49.34 is a high-risk address with a threat level of 10 out of 10 that has been linked to 175 abuse reports, predominantly involving automated hacking activity detected by honeypot sensors in October 2025. This IP originates from Bulgaria and operates through AS201814, managed by MEVSPACE sp. z o.o., representing a significant and concentrated source of intrusion activity targeting exposed services.
Analysis of the available intelligence indicates that all 175 reports were generated by automated honeypot sensors, with 20 recent reports specifically categorising the activity as general hacking attempts. The threat was first and most recently reported during October 2025, suggesting that the malicious activity from this source is relatively contained within a narrow timeframe. The network operator MEVSPACE sp. z o.o. operates AS201814, and while the activity frequency metric registers at zero, the sheer volume of abuse reports combined with the maximum threat classification underscores that this IP has been systematically engaging in reconnaissance and exploitation attempts against internet-facing systems. The 63% confidence score reflects the assessment of data reliability, accounting for the automated nature of the detection sources.
Hacking activity in this context encompasses a broad range of intrusion behaviours, including vulnerability exploitation, brute-force authentication attempts, and scanning for entry points into target networks. Even though the activity frequency appears low according to the metric used, the report volume demonstrates persistent targeting behaviour that poses a tangible risk to any exposed service. Attackers leveraging such IPs typically attempt to compromise systems for data theft, botnet recruitment, or further lateral movement within networks. Services left exposed to the internet without adequate hardening become prime targets for these automated campaigns.
Site operators should implement immediate defensive measures, including blocking or rate-limiting traffic from this IP at the firewall or web application firewall level. Deploying monitoring tools such as fail2ban or similar intrusion prevention systems can automatically detect and respond to repeated connection attempts. Operators are advised to enforce strong authentication controls, limit exposure of administrative interfaces, and ensure all software is kept current with security patches. Regular review of abuse reports and maintenance of up-to-date blocklists based on threat intelligence feeds will further reduce the risk posed by sources like 194.180.49.34.
PL 
AZ 
SC 
RO