Moderate Risk
IP address 196.251.92.85 is a medium-risk address associated with SMTP abuse and email spam distribution, with activity detected primarily through automated honeypot sensors during August and September 2025.
The IP is registered in the Netherlands under network operator ZHONGGUANCUN-CO (ASN AS401109) and has accumulated 493 total abuse reports, though the recent report volume remains modest at 20 documented incidents, all classified as email spam. The confidence score of 55% indicates moderate certainty in the attribution, while the activity frequency rating of 0/10 suggests observed behaviour has been intermittent or low-volume rather than sustained. All recent detections originated from automated honeypot infrastructure, which actively monitors for SMTP connection attempts and suspicious mail relay activity across exposed port 25 endpoints.
Email spam constitutes the sole reported threat category for this address, indicating the IP has been used to distribute unsolicited commercial messages, phishing content, or potentially malicious attachments through direct SMTP connections to mail servers. While spam itself is a nuisance threat, it frequently serves as a delivery mechanism for credential-phishing campaigns and malware payloads, meaning recipients face secondary risks beyond mere inbox pollution. The honeypot detection pattern suggests the address is scanning or attempting to relay mail through poorly secured mail Transfer Agent configurations rather than conducting high-volume campaign operations.
Site operators running publicly accessible mail servers should enforce strict SMTP authentication, implement SPF, DKIM, and DMARC validation to reject spoofed domains, and consider configuring fail2ban or similar intrusion-prevention tools to automatically block repeated connection attempts from low-reputation sources like this address.
UA 
CH 
GB 
SC