Moderate Risk
IP 89.213.174.78, registered in Romania and routed through AS214209 under the network operator Internet Magnate (Pty) Ltd, represents a medium-risk address with a threat level of 5 out of 10 based on 498 total abuse reports. The dominant threat category identified across recent reports is email spam, with all 20 most recent reports attributed to automated honeypot sensors. Despite the moderate threat classification, the IP's activity frequency scores 0 out of 10, indicating that malicious operations have been sporadic or largely ceased since the September 2025 reporting window. The moderate confidence score of 56% suggests some ambiguity in attributing all observed behavior exclusively to this address.
The detection data reveals that 498 community and sensor reports have been filed against 89.213.174.78, with the most recent submissions concentrated in a single-month window during September 2025. All 20 of the most recent threat reports specifically cite email spam activity, pointing to a focused campaign rather than diversified attack types. Automated honeypot sensors placed across multiple vantage points captured SMTP abuse patterns consistent with mass unsolicited email distribution. The discrepancy between the high total report count and the narrow recent activity window may indicate either legacy reports from prior months or a recent escalation that triggered renewed sensor attention.
Email spam represents one of the most prevalent threats in network abuse ecosystems, serving as a delivery mechanism for phishing payloads, credential-harvesting schemes, and malware distribution. Even a sporadic spam operation can cause significant downstream damage if recipients receive convincing lures. The SMTP abuse patterns observed from 89.213.174.78 suggest the address has been used to relay or originate bulk commercial email, potentially in violation of carrier acceptable-use policies. For organizations with publicly exposed mail servers or directory services, such addresses warrant inclusion in blocklists and real-time traffic monitoring to prevent inbound spam from reaching end users.
Network administrators should implement layered defenses to mitigate risks associated with this IP and similar sources. Enforcing strict SMTP authentication mechanisms such as SPF, DKIM, and DMARC protocols substantially reduces the effectiveness of email spoofing and unauthorized relay attempts. Deploying reputation-based filtering that blocks or rate-limits traffic from addresses with established abuse histories provides an additional protective barrier. Tools such as fail2ban can automatically update firewall rules to drop connections from offending IPs after configurable threshold violations. Continuous monitoring of inbound email volumes and implementing anomaly detection alerts ensures rapid identification of renewed spam campaigns originating from addresses such as 89.213.174.78.
BG 
AE 
LU 
PA 
VN