Intermediate Threat
IP 89.213.174.87 is a medium-risk address originating from Romania, AS214209 (Internet Magnate (Pty) Ltd), with a threat level of 5/10 assessed primarily through automated honeypot sensors that flagged 502 total reports concentrated on SMTP spam and email abuse activity during September 2025. Despite the moderate overall threat rating, the 56% confidence score and notably low 0/10 activity frequency indicate that this address's malicious behaviour appears to have largely subsided, with recent activity limited exclusively to email spam vectors detected across twenty distinct honeypot sensors.
The report corpus reveals a predominantly historical abuse pattern centred on email spam distribution. The 502 aggregate reports likely accumulated over an extended period, while the recent activity window shows only twenty confirmed Email Spam reports all logged within September 2025. This distribution suggests a single, concentrated campaign rather than sustained persistent abuse. The Romanian IP space allocation combined with a South African-registered network operator (Internet Magnate (Pty) Ltd) warrants attention, as this routing pattern is occasionally associated with bulletproof hosting arrangements or transient abuse infrastructure. The absence of additional threat categories beyond email spam indicates a narrowly focused malicious operation rather than a multi-vector threat actor.
Email spam infrastructure poses concrete risks to exposed mail servers, including reputation damage to legitimate sending domains, resource exhaustion from processing unwanted traffic, and potential payload delivery for phishing or malware distribution campaigns. Even dormant or reduced-activity spam sources remain dangerous because they can be reactivated, rented to different threat actors, or used as secondary infrastructure during larger campaigns. Organizations running publicly accessible SMTP servers without proper hardening face the greatest exposure to this classification of risk.
Site operators should implement layered email authentication protocols—SPF, DKIM, and DMARC—to validate incoming mail and prevent domain spoofing. Deploying reputable email filtering services with real-time blocklist integration will automatically reject connections from known spam sources. Configuring fail2ban or equivalent dynamic firewall rules to auto-ban IPs exceeding SMTP connection thresholds provides automated protection against similar scanning and relay attempts. Regular monitoring of mail server logs for connections originating from this address space, combined with proactive addition to internal blocklists, ensures residual risk remains minimal even if activity frequency increases in future reporting periods.
BG 
AE 
LU 
PA 
VN