Moderate Risk
IP address 91.92.240.37 is a medium-risk German address operated by Railnet LLC under ASN AS214943, primarily linked to email spam activity with a threat level score of 5 out of 10. This IP has accumulated 3444 total abuse reports, though the most recent reporting activity shows a notably reduced cadence, with the last 20 reports specifically categorised as email spam originating from automated honeypot sensors between December 2025 and February 2026. The elevated total report volume suggests historical involvement in unsolicited email distribution, yet the current activity frequency reading of zero indicates a potential decline in active abuse, possibly due to prior mitigation actions or a temporary cessation of operations by the threat actor.
The geographic concentration in Germany and the assignment to Railnet LLC, a network operator, situates this address within a commercial hosting context rather than a typical residential ISP range, which may facilitate the deployment of mail-relay infrastructure. The detection methodology relied entirely on automated honeypot sensors, lending consistency to the attribution but leaving the actual recipient impact unmeasured. With a confidence score of 57 percent, the assessment reflects moderate certainty regarding the IP's involvement, accounting for the possibility of legitimate traffic mixed with malicious activity or IP address reuse by different actors over time. The substantial gap between total reports and recent activity warrants monitoring for renewed engagement.
Email spam at scale poses concrete risks to organisations, serving as a vector for phishing campaigns, credential harvesting, and malware delivery through malicious attachments or links. Even low-volume spam operations can achieve significant reach when combined with credential stuffing or impersonation tactics. For mail server operators, an IP with this abuse history can damage sender reputation, trigger blocklist inclusions, and increase the risk of downstream email delivery failures for any legitimate services sharing network proximity. The operational pattern of SMTP spam suggests the address may have been used to relay bulk messages or act as a stepping stone for larger spam campaigns, exploiting the reputation of German network infrastructure to evade initial filtering.
US 
BG 
RO 
PH 
CA 
SE 
GB 
FR