Significant Threat
IP 185.93.89.64 is a high-risk address with a threat level of 7/10 that has generated 462 total abuse reports since January 2026, primarily linked to Email Spam activity detected by automated honeypot sensors across multiple report sources. Operating from Iranian network infrastructure under ASN AS213790 (Limited Network LTD), this IP presents a concrete risk to any publicly exposed mail or SMTP services.
Community reports and automated honeypot sensors filed 462 abuse reports against this address over approximately five months, with Email Spam accounting for the dominant threat category across recent submissions. Detection patterns include Suricata alerts indicating application-layer anomalies and SMTP abuse events captured by honeypot infrastructure. The 78% confidence score reflects substantial corroborating evidence, while the relatively low activity frequency of 2/10 suggests opportunistic or intermittent engagement rather than continuous high-volume scanning. The concentration of detection across 20 distinct honeypot sensors indicates this address has been observed interacting with multiple monitored environments, increasing confidence that the behavior is deliberate rather than coincidental.
Email Spam from addresses like 185.93.89.64 typically involves mass distribution of unwanted messages carrying advertising payloads, phishing lures, or malware attachments, directly threatening end users who receive communications appearing to originate from or route through this IP. The SMTP protocol abuse detected by honeypot sensors suggests this address may be used to relay spam or conduct credential-harvesting campaigns against vulnerable mail servers, exposing organizations with misconfigured or poorly secured SMTP daemons to unauthorized relay attempts and inbox contamination.
Site operators should block or rate-limit connections from 185.93.89.64 at the firewall level and implement strict SMTP banner greetings along with HELO/EHLO validation to reject known abusive mail sources. Enforcing strong authentication mechanisms such as SPF, DKIM, and DMARC will prevent this IP from successfully delivering spoofed messages and reduce the impact of any spam originating from this address. Deploying intrusion detection rules to flag Suricata-style application-layer anomalies and monitoring mail logs for unexpected relay behavior will help identify ongoing attempts. Additionally, tools like fail2ban can automatically ban repeated offenders after configurable threshold breaches, providing an additional layer of proactive defense.
UA 
RO 
GB 
BG 
KZ 
FR 
PS