IP Address

196.251.72.5

IPv4 Public
SC SC
AS401120
CHEAPY-HOST
1,619 Reports
This IP is under Observation Suspicious activity detected - monitor closely
5/10 Threat
55% Confidence
1,619 Reports

Threat Intelligence Analysis

AI-generated security assessment based on aggregated threat data

Below Average Risk
SC
SC Location
CHEAPY-HOST ASN 401120
1,619 Reports
Honeypot Data Source

Cautionary Risk

IP 196.251.72.5 is a medium-risk address associated with SMTP spam distribution originating from Seychelles, with a threat level of 5/10 and a moderate confidence score of 55 percent based on 1619 total abuse reports. The IP has been linked primarily to email spam activity detected through automated honeypot sensors, with the last reported activity occurring in November 2025 and no recorded ongoing frequency at present.

The abuse reports for this address number 1619 total submissions, with 20 of those specifically categorized under email spam in recent reporting periods. All detection originates from automated honeypot sensors, with no community-sourced reports in the dataset. The IP is registered to network operator CHEAPY-HOST under ASN AS401120, and geolocates to Seychelles (country code SC). The temporal clustering in November 2025 suggests concentrated SMTP abuse during that window, though the current activity frequency reads zero out of ten, indicating the address may be dormant or the hosting provider has taken action.

Email spam at this scale typically indicates the compromised or abuse-friendly hosting of mass mailing infrastructure, often leveraged for advertising campaigns, phishing distribution or malware payload delivery. Even a single spam-capable host on a network poses reputational risk to mail delivery for other tenants on the same ASN and can trigger IP blocklisting by major email providers, disrupting legitimate outbound correspondence. The moderate confidence score of 55 percent reflects some uncertainty in attribution, but the volume of reports and consistency of the SMTP spam pattern provide sufficient basis for defensive action.

Site operators should block or rate-limit incoming SMTP connections from this address at the network edge firewall, implement SPF, DKIM and DMARC records to harden recipient mail domains against spoofing, and monitor logs for any SMTP handshake attempts matching this source. Deploying fail2ban or equivalent authentication hardening tools on exposed mail relays can automatically ban repeat offenders. Reputation-based filtering services can also be consulted to augment blocking decisions with broader threat-intelligence context.

More threatening than 30% of monitored IPs

Threat Categories

Email Spam 30

Technical Details

Email spam involves mass distribution of unwanted emails, often for advertising, phishing, or malware delivery.

Recommended Mitigations

Implement SPF, DKIM, DMARC, and use reputable email filtering services.

Moderate Network Risk

The network hosting this IP (ASN 401120, operated by CHEAPY-HOST) shows moderate threat indicators. Some concerning activity has been detected from neighboring addresses.

Consider the network context when assessing this individual IP.

Security Recommendations

Continue monitoring for emerging patterns.

This analysis is automatically generated from aggregated, anonymized threat intelligence data. No personal information is displayed or stored. Assessment accuracy depends on available data volume and diversity.

Reputation Summary

Threat Level 5/10 Medium
Medium
Activity Frequency 0/10 Inactive
Confidence Score 55% High Confidence

Confidence History

6. Nov 2025
55% Current
Stable Trend

The confidence score shows the reliability of the threat assessment based on the number and quality of reports.

Security Reports (30)

Date Categories Source Confidence
Email Spam Honeypot 75%
Email Spam Honeypot 75%
Email Spam Honeypot 75%
Email Spam Honeypot 75%
Email Spam Honeypot 75%
Email Spam Honeypot 75%
Email Spam Honeypot 75%
Email Spam Honeypot 75%
Email Spam Honeypot 75%
Email Spam Honeypot 75%
Email Spam Honeypot 75%
Email Spam Honeypot 75%
Email Spam Honeypot 75%
Email Spam Honeypot 75%
Email Spam Honeypot 75%
Email Spam Honeypot 75%
Email Spam Honeypot 75%
Email Spam Honeypot 75%
Email Spam Honeypot 75%
Email Spam Honeypot 75%
Email Spam Honeypot 75%
Email Spam Honeypot 75%
Email Spam Honeypot 75%
Email Spam Honeypot 75%
Email Spam Honeypot 75%
Email Spam Honeypot 75%
Email Spam Honeypot 75%
Email Spam Honeypot 75%
Email Spam Honeypot 75%
Email Spam Honeypot 75%
10 of 1619 shown

Technical Details

Basic Information

IP Address
196.251.72.5
IP Version
IPv4
Network Type
Public
Tor Network
No
Network Class
Class C

Geolocation

Country
SC SC
ASN
AS401120
ISP
CHEAPY-HOST

DNS Information

Reverse DNS
None
PTR Record
No
Connection Type
Static

Statistics

Total Reports
1,619
First Reported
4 Nov 2025
Last Reported
6 Nov 2025, 05:13

Network Reputation

Analysis of the entire network (ASN) that this IP address belongs to, providing context about the hosting provider and network-wide threat patterns.

Network Identity

AS401120
CHEAPY-HOST
NL NL

Network Threat Assessment

6/10
This network shows moderate threat levels with some malicious activity patterns.

Network Statistics

210
Total IPs Monitored
42,483
Total Reports
202.3
Reports per IP

Network Context

This IP address belongs to CHEAPY-HOST (AS401120), which manages 210 IP addresses in our monitoring system. Out of these, 42,483 have been reported for suspicious activities, resulting in a network-wide threat level of 6/10.

Network warning: This network has elevated threat levels. Exercise caution when interacting with IPs from this ASN.

Comparative Analysis

How this IP compares to others in our threat intelligence database

30 %

Global Threat Ranking

This IP is more threatening than 30% of all IPs in our database.

Below Average Threat

Global Comparison

Compared against 198,676 reported IPs worldwide

Threat Level 5/10 avg: 5.3 =
Total Reports 1,619 avg: 23 ++

Network Comparison

Compared against 210 IPs in ASN 401120

Threat Level 5/10 network avg: 8.4 -
Total Reports 1,619 network avg: 186 ++
Network CHEAPY-HOST has overall threat level 6/10

Geographic Comparison

Compared against 357 IPs in SC

Threat Level 5/10 country avg: 7.3 -
Total Reports 1,619 country avg: 90 ++
Indicators:
++ Much Higher + Higher = Similar - Lower -- Much Lower

Geographic Threat Distribution

186,446 threat incidents tracked globally • Last 24h: 18,583 Logs

FEED

Top Threat Sources

  1. 01
    US
    United States US
    38,320 20.6%
  2. 02
    IN
    India IN
    28,851 15.5%
  3. 03
    CN
    China CN
    25,960 13.9%
  4. 04
    BR
    Brazil BR
    10,202 5.5%
  5. 05
    DE
    Germany DE
    7,128 3.8%
  6. 06
    SG
    Singapore SG
    6,451 3.5%
  7. 07
    ID
    Indonesia ID
    5,496 2.9%
  8. 08
    RU
    Russia RU
    4,690 2.5%
  9. 09
    PK
    Pakistan PK
    4,632 2.5%
  10. 10
    NL
    Netherlands NL
    4,350 2.3%

+40 more countries

THREAT LEVEL
LOW MED HIGH

Geographic data is aggregated and anonymized. No personal information displayed.

Map: simplemaps.com (MIT License)

Related IPs

Other IPs associated with this address through network or behavioral similarity

IPs from the same Autonomous System (AS) network provider.

20 Related IPs
8.8/10 Avg Threat
72% Avg Confidence
20 High Threat
High-risk network: Majority of related IPs are flagged
196.251.86.122 10/10
Confidence 74%
Reports 23
Location NL NL
10 Nov 2025
196.251.83.128 8/10
Confidence 73%
Reports 36
Location SC SC
11 Nov 2025
196.251.84.239 8/10
Confidence 73%
Reports 24
Location NL NL
10 Nov 2025
196.251.81.95 8/10
Confidence 73%
Reports 19
Location SC SC
11 Nov 2025
196.251.85.153 8/10
Confidence 73%
Reports 15
Location NL NL
10 Nov 2025
196.251.85.158 8/10
Confidence 73%
Reports 13
Location NL NL
9 Nov 2025
196.251.84.153 10/10
Confidence 72%
Reports 107
Location NL NL
10 Nov 2025
196.251.85.87 8/10
Confidence 72%
Reports 12
Location NL NL
9 Nov 2025
196.251.81.30 10/10
Confidence 71%
Reports 279
Location SC SC
11 Nov 2025
196.251.80.153 10/10
Confidence 71%
Reports 262
Location SC SC
12 Nov 2025
196.251.81.21 10/10
Confidence 71%
Reports 191
Location SC SC
7 Nov 2025
196.251.83.156 8/10
Confidence 71%
Reports 138
Location SC SC
9 Nov 2025
196.251.85.163 8/10
Confidence 71%
Reports 117
Location NL NL
11 Nov 2025
196.251.84.60 10/10
Confidence 71%
Reports 109
Location NL NL
12 Nov 2025
196.251.69.157 10/10
Confidence 71%
Reports 71
Location SC SC
7 Nov 2025
196.251.71.69 8/10
Confidence 71%
Reports 61
Location SC SC
5 Nov 2025
196.251.71.80 10/10
Confidence 71%
Reports 51
Location SC SC
4 Nov 2025
196.251.69.46 8/10
Confidence 71%
Reports 40
Location SC SC
7 Nov 2025
196.251.86.120 8/10
Confidence 71%
Reports 18
Location NL NL
11 Nov 2025
196.251.83.221 8/10
Confidence 71%
Reports 11
Location SC SC
9 Nov 2025

IPs from the same subnet range, likely same network segment.

13 Related IPs
8.5/10 Avg Threat
42% Avg Confidence
13 High Threat
High-risk network: Majority of related IPs are flagged
196.251.72.177 10/10
Confidence 69%
Reports 36
Location SC SC
21 Oct 2025
196.251.72.221 8/10
Confidence 68%
Reports 15
Location SC SC
6 Nov 2025
196.251.72.203 10/10
Confidence 62%
Reports 342
Location SC SC
30 Sep 2025
196.251.72.247 10/10
Confidence 62%
Reports 23
Location SC SC
15 Sep 2025
196.251.72.57 8/10
Confidence 56%
Reports 8
Location SC SC
31 Aug 2025
196.251.72.82 8/10
Confidence 54%
Reports 7
Location SC SC
3 Sep 2025
196.251.72.64 8/10
Confidence 51%
Reports 5
Location SC SC
3 Sep 2025
196.251.72.244 10/10
Confidence 38%
Reports 5
Location SC SC
12 Oct 2025
196.251.72.213 7/10
Confidence 17%
Reports 1
Location SC SC
2 Sep 2025
196.251.72.139 7/10
Confidence 17%
Reports 1
Location SC SC
24 Aug 2025
196.251.72.9 7/10
Confidence 17%
Reports 1
Location SC SC
31 Aug 2025
196.251.72.237 7/10
Confidence 17%
Reports 1
Location SC SC
6 Sep 2025
196.251.72.128 10/10
Confidence 16%
Reports 6
Location SC SC
2 Sep 2025

IPs from the same country with similar threat profiles.

15 Related IPs
9.2/10 Avg Threat
97% Avg Confidence
15 High Threat
High-risk network: Majority of related IPs are flagged
156.245.246.50 10/10
Confidence 100%
Reports 67
ISP VpsQuan L.L.C.
7 Jun 2026
156.232.13.218 10/10
Confidence 98%
Reports 54
ISP YISU CLOUD LTD
7 Jun 2026
156.238.224.50 10/10
Confidence 98%
Reports 18
ISP FASTNET DATA INC
15 May 2026
156.239.225.149 10/10
Confidence 97%
Reports 115
ISP Gcc Cloud Techn...
2 Mar 2026
212.11.64.25 8/10
Confidence 97%
Reports 49
ISP Global-Data Sys...
2 Mar 2026
154.91.170.41 8/10
Confidence 97%
Reports 45
ISP BitCommand LLC
27 Feb 2026
212.11.64.155 8/10
Confidence 97%
Reports 42
ISP Global-Data Sys...
2 Mar 2026
193.39.208.26 10/10
Confidence 97%
Reports 27
ISP Global Connecti...
2 Jun 2026
69.5.189.125 8/10
Confidence 97%
Reports 26
ISP Global-Data Sys...
26 Feb 2026
156.238.246.218 8/10
Confidence 97%
Reports 24
ISP COGNETCLOUD
25 Feb 2026
69.5.189.131 8/10
Confidence 97%
Reports 21
ISP Global-Data Sys...
24 Feb 2026
5.61.209.33 10/10
Confidence 96%
Reports 42
ISP Amarutu Technol...
8 Jun 2026
156.238.252.133 10/10
Confidence 95%
Reports 125
ISP FD-298-8796
9 May 2026
154.198.162.75 10/10
Confidence 95%
Reports 104
ISP Scloud Pte Ltd
1 Jun 2026
5.61.209.224 10/10
Confidence 94%
Reports 2,497
ISP Amarutu Technol...
29 May 2026

IPs with similar threat level and confidence scores.

15 Related IPs
5.3/10 Avg Threat
55% Avg Confidence
2 High Threat
196.251.92.134 7/10
Confidence 55%
Reports 75,414
Location NL NL
14 Oct 2025
155.94.155.105 5/10
Confidence 55%
Reports 19,539
Location US US
7 Sep 2025
213.209.157.165 5/10
Confidence 55%
Reports 11,629
Location DE DE
5 Dec 2025
45.144.212.19 5/10
Confidence 55%
Reports 9,796
Location UA UA
3 Feb 2026
213.209.157.87 5/10
Confidence 55%
Reports 9,465
Location DE DE
16 Dec 2025
213.209.157.54 5/10
Confidence 55%
Reports 7,881
Location DE DE
22 Oct 2025
185.196.11.84 5/10
Confidence 55%
Reports 2,841
Location CH CH
24 Nov 2025
213.209.157.207 5/10
Confidence 55%
Reports 2,510
Location DE DE
2 Dec 2025
78.153.140.207 7/10
Confidence 55%
Reports 2,224
Location GB GB
4 Feb 2026
185.196.11.30 5/10
Confidence 55%
Reports 1,710
Location CH CH
30 Dec 2025
213.209.157.154 5/10
Confidence 55%
Reports 1,532
Location DE DE
18 Sep 2025
196.251.83.16 5/10
Confidence 55%
Reports 1,531
Location SC SC
12 Nov 2025
213.209.157.216 5/10
Confidence 55%
Reports 1,498
Location DE DE
14 Dec 2025
213.209.157.201 5/10
Confidence 55%
Reports 1,497
Location DE DE
11 Oct 2025
213.209.157.221 5/10
Confidence 55%
Reports 1,472
Location DE DE
8 Nov 2025

Export & Firewall Rules

Download threat data or generate firewall rules to block this IP

JSON Report

Structured data format for integration with security tools and SIEM systems.

{
    "ip_address": "196.251.72.5",
    "threat_level": 5,
    "confidence_score": 55,
    "total_reports": 1619,
    "country_code": "SC",
    "isp_name": "CHEAPY-HOST",
    "asn": "401120",
    "first_reported": "2025-11-04 14:49:42",
    "last_reported": "2025-11-06 05:13:33",
    "exported_at": "2026-06-08T22:43:22+02:00",
    "source": "https://reportedip.de/ip/196.251.72.5/"
}
Download JSON

GDPR Compliant: Exports contain only IP-related threat data. No personal information or reporter details are included.

Analyzed high-risk IP addresses