IP Address

213.209.157.221

IPv4 Public
DE DE
AS208485
Moon Dc
1,472 Reports
This IP is under Observation Suspicious activity detected - monitor closely
5/10 Threat
55% Confidence
1,472 Reports

Threat Intelligence Analysis

AI-generated security assessment based on aggregated threat data

Below Average Risk
DE
DE Location
Moon Dc ASN 208485
1,472 Reports
Honeypot Data Source

Medium Threat

IP 213.209.157.221 is a German-based address operated by Moon Dc (ASN AS208485) that presents a moderate-low threat level, classified primarily for email spam activity with a substantial report volume of 1,472 total reports submitted through automated honeypot sensors over October and November 2025. Despite the elevated report count, its current activity frequency is assessed at zero, suggesting the address may be temporarily dormant or operating below detection thresholds at present.

The IP carries a threat level of five out of ten with a confidence score of fifty-five percent, indicating moderate certainty that the observed behavior is intentional rather than misconfigured infrastructure. All 20 of the most recent threat reports specifically cite email spam as the dominant abuse category, and detection was solely attributed to automated honeypot sensors, which are designed to simulate exposed mail services and log incoming connections. The address originates from Germany, a jurisdiction that typically enforces spam and abuse regulations strictly, which may contribute to the reduced ongoing activity despite the historically high report count.

Email spam activity from this address poses a concrete risk to any publicly accessible SMTP service, as mass-distribution campaigns often serve as vectors for phishing, credential harvesting, or malware delivery. Even at low current activity levels, a previously active spam source can resume operations quickly, and its reputation history means mail sent from this IP is likely to be blocked or flagged by major email providers. Organizations running exposed mail servers without proper authentication mechanisms face the greatest exposure, as such servers can be exploited to relay spam or used as jumping-off points for more sophisticated attacks.

Site operators should implement and enforce SPF, DKIM, and DMARC email authentication protocols to prevent unauthorized relay and protect domain reputation. Deploying tools such as fail2ban to dynamically block repeated offenders and configuring rate-limiting on SMTP services can significantly reduce exposure to automated spam campaigns. Regular monitoring of abuse feeds and IP blocklists will help identify if this address resumes activity. Additionally, ensuring mail servers are not configured as open relays closes a common exploitation pathway leveraged by spam originators.

More threatening than 29% of monitored IPs

Threat Categories

Email Spam 30

Technical Details

Email spam involves mass distribution of unwanted emails, often for advertising, phishing, or malware delivery.

Recommended Mitigations

Implement SPF, DKIM, DMARC, and use reputable email filtering services.

Moderate Network Risk

The network hosting this IP (ASN 208485, operated by Moon Dc) shows moderate threat indicators. Some concerning activity has been detected from neighboring addresses.

Consider the network context when assessing this individual IP.

Security Recommendations

Continue monitoring for emerging patterns.

This analysis is automatically generated from aggregated, anonymized threat intelligence data. No personal information is displayed or stored. Assessment accuracy depends on available data volume and diversity.

Reputation Summary

Threat Level 5/10 Medium
Medium
Activity Frequency 0/10 Inactive
Confidence Score 55% High Confidence

Confidence History

8. Nov 2025
55% Current
Stable Trend

The confidence score shows the reliability of the threat assessment based on the number and quality of reports.

Security Reports (30)

Date Categories Source Confidence
Email Spam Honeypot 75%
Email Spam Honeypot 75%
Email Spam Honeypot 75%
Email Spam Honeypot 75%
Email Spam Honeypot 75%
Email Spam Honeypot 75%
Email Spam Honeypot 75%
Email Spam Honeypot 75%
Email Spam Honeypot 75%
Email Spam Honeypot 75%
Email Spam Honeypot 75%
Email Spam Honeypot 75%
Email Spam Honeypot 75%
Email Spam Honeypot 75%
Email Spam Honeypot 75%
Email Spam Honeypot 75%
Email Spam Honeypot 75%
Email Spam Honeypot 75%
Email Spam Honeypot 75%
Email Spam Honeypot 75%
Email Spam Honeypot 75%
Email Spam Honeypot 75%
Email Spam Honeypot 75%
Email Spam Honeypot 75%
Email Spam Honeypot 75%
Email Spam Honeypot 75%
Email Spam Honeypot 75%
Email Spam Honeypot 75%
Email Spam Honeypot 75%
Email Spam Honeypot 75%
10 of 1472 shown

Technical Details

Basic Information

IP Address
213.209.157.221
IP Version
IPv4
Network Type
Public
Tor Network
No
Network Class
Class C

Geolocation

Country
DE DE
ASN
AS208485
ISP
Moon Dc

DNS Information

Reverse DNS
tusuxif.click
PTR Record
Yes
Connection Type
Static

Statistics

Total Reports
1,472
First Reported
9 Oct 2025
Last Reported
8 Nov 2025, 05:12

Network Reputation

Analysis of the entire network (ASN) that this IP address belongs to, providing context about the hosting provider and network-wide threat patterns.

Network Identity

AS208485
Moon Dc
DE DE

Network Threat Assessment

6/10
This network shows moderate threat levels with some malicious activity patterns.

Network Statistics

34
Total IPs Monitored
39,495
Total Reports
1161.6
Reports per IP

Network Context

This IP address belongs to Moon Dc (AS208485), which manages 34 IP addresses in our monitoring system. Out of these, 39,495 have been reported for suspicious activities, resulting in a network-wide threat level of 6/10.

Network warning: This network has elevated threat levels. Exercise caution when interacting with IPs from this ASN.

Comparative Analysis

How this IP compares to others in our threat intelligence database

29 %

Global Threat Ranking

This IP is more threatening than 29% of all IPs in our database.

Below Average Threat

Global Comparison

Compared against 199,723 reported IPs worldwide

Threat Level 5/10 avg: 5.3 =
Total Reports 1,472 avg: 23 ++

Network Comparison

Compared against 34 IPs in ASN 208485

Threat Level 5/10 network avg: 7.4 -
Total Reports 1,472 network avg: 1,183 +
Network Moon Dc has overall threat level 6/10

Geographic Comparison

Compared against 7,144 IPs in DE

Threat Level 5/10 country avg: 5.8 =
Total Reports 1,472 country avg: 61 ++
Indicators:
++ Much Higher + Higher = Similar - Lower -- Much Lower

Geographic Threat Distribution

187,378 threat incidents tracked globally • Last 24h: 18,990 Logs

FEED

Top Threat Sources

  1. 01
    US
    United States US
    38,468 20.5%
  2. 02
    IN
    India IN
    29,138 15.6%
  3. 03
    CN
    China CN
    26,029 13.9%
  4. 04
    BR
    Brazil BR
    10,256 5.5%
  5. 05
    DE
    Germany DE THIS IP
    7,144 3.8%
  6. 06
    SG
    Singapore SG
    6,476 3.5%
  7. 07
    ID
    Indonesia ID
    5,551 3%
  8. 08
    RU
    Russia RU
    4,703 2.5%
  9. 09
    PK
    Pakistan PK
    4,677 2.5%
  10. 10
    NL
    Netherlands NL
    4,358 2.3%

+40 more countries

THREAT LEVEL
LOW MED HIGH

Geographic data is aggregated and anonymized. No personal information displayed.

Map: simplemaps.com (MIT License)

Related IPs

Other IPs associated with this address through network or behavioral similarity

IPs from the same Autonomous System (AS) network provider.

20 Related IPs
8.6/10 Avg Threat
65% Avg Confidence
19 High Threat
High-risk network: Majority of related IPs are flagged
213.209.157.52 10/10
Confidence 78%
Reports 15
Location DE DE
4 Dec 2025
213.209.157.94 10/10
Confidence 77%
Reports 16
Location DE DE
4 Dec 2025
213.209.157.254 10/10
Confidence 76%
Reports 144
Location DE DE
22 Nov 2025
213.209.157.77 10/10
Confidence 76%
Reports 34
Location DE DE
29 Nov 2025
213.209.157.162 10/10
Confidence 73%
Reports 91
Location DE DE
15 Dec 2025
213.209.157.24 10/10
Confidence 71%
Reports 69
Location DE DE
17 Nov 2025
213.209.157.218 10/10
Confidence 71%
Reports 13
Location DE DE
21 Nov 2025
213.209.157.84 8/10
Confidence 60%
Reports 58
Location DE DE
19 Sep 2025
213.209.157.47 8/10
Confidence 60%
Reports 54
Location DE DE
21 Sep 2025
213.209.157.55 8/10
Confidence 60%
Reports 51
Location DE DE
19 Sep 2025
213.209.157.57 8/10
Confidence 60%
Reports 51
Location DE DE
19 Sep 2025
213.209.157.49 8/10
Confidence 60%
Reports 44
Location DE DE
19 Sep 2025
213.209.157.53 8/10
Confidence 60%
Reports 43
Location DE DE
19 Sep 2025
213.209.157.45 8/10
Confidence 60%
Reports 38
Location DE DE
21 Sep 2025
213.209.157.199 8/10
Confidence 60%
Reports 36
Location DE DE
20 Sep 2025
213.209.157.27 8/10
Confidence 60%
Reports 34
Location DE DE
21 Sep 2025
213.209.157.36 8/10
Confidence 60%
Reports 30
Location DE DE
20 Sep 2025
213.209.157.34 8/10
Confidence 60%
Reports 27
Location DE DE
19 Sep 2025
213.209.157.193 8/10
Confidence 60%
Reports 20
Location DE DE
21 Sep 2025
213.209.157.225 5/10
Confidence 59%
Reports 341
Location DE DE
9 Oct 2025

IPs from the same subnet range, likely same network segment.

20 Related IPs
8.6/10 Avg Threat
65% Avg Confidence
19 High Threat
High-risk network: Majority of related IPs are flagged
213.209.157.52 10/10
Confidence 78%
Reports 15
Location DE DE
4 Dec 2025
213.209.157.94 10/10
Confidence 77%
Reports 16
Location DE DE
4 Dec 2025
213.209.157.254 10/10
Confidence 76%
Reports 144
Location DE DE
22 Nov 2025
213.209.157.77 10/10
Confidence 76%
Reports 34
Location DE DE
29 Nov 2025
213.209.157.162 10/10
Confidence 73%
Reports 91
Location DE DE
15 Dec 2025
213.209.157.24 10/10
Confidence 71%
Reports 69
Location DE DE
17 Nov 2025
213.209.157.218 10/10
Confidence 71%
Reports 13
Location DE DE
21 Nov 2025
213.209.157.84 8/10
Confidence 60%
Reports 58
Location DE DE
19 Sep 2025
213.209.157.47 8/10
Confidence 60%
Reports 54
Location DE DE
21 Sep 2025
213.209.157.55 8/10
Confidence 60%
Reports 51
Location DE DE
19 Sep 2025
213.209.157.57 8/10
Confidence 60%
Reports 51
Location DE DE
19 Sep 2025
213.209.157.49 8/10
Confidence 60%
Reports 44
Location DE DE
19 Sep 2025
213.209.157.53 8/10
Confidence 60%
Reports 43
Location DE DE
19 Sep 2025
213.209.157.45 8/10
Confidence 60%
Reports 38
Location DE DE
21 Sep 2025
213.209.157.199 8/10
Confidence 60%
Reports 36
Location DE DE
20 Sep 2025
213.209.157.27 8/10
Confidence 60%
Reports 34
Location DE DE
21 Sep 2025
213.209.157.36 8/10
Confidence 60%
Reports 30
Location DE DE
20 Sep 2025
213.209.157.34 8/10
Confidence 60%
Reports 27
Location DE DE
19 Sep 2025
213.209.157.193 8/10
Confidence 60%
Reports 20
Location DE DE
21 Sep 2025
213.209.157.225 5/10
Confidence 59%
Reports 341
Location DE DE
9 Oct 2025

IPs from the same country with similar threat profiles.

15 Related IPs
8.6/10 Avg Threat
100% Avg Confidence
15 High Threat
High-risk network: Majority of related IPs are flagged
45.92.11.94 8/10
Confidence 100%
Reports 274
ISP Contabo GmbH
1 Mar 2026
88.198.64.173 8/10
Confidence 100%
Reports 174
ISP Hetzner Online ...
22 May 2026
159.100.13.237 8/10
Confidence 100%
Reports 169
ISP Ultahost, Inc.
6 May 2026
46.224.234.158 8/10
Confidence 100%
Reports 130
ISP Hetzner Online ...
9 Jun 2026
5.83.135.249 8/10
Confidence 100%
Reports 116
ISP active 1 GmbH
7 Jun 2026
3.70.164.132 8/10
Confidence 100%
Reports 99
ISP Amazon.com, Inc.
19 May 2026
118.193.59.142 7/10
Confidence 100%
Reports 89
ISP UCLOUD INFORMAT...
5 Jun 2026
94.26.106.90 8/10
Confidence 100%
Reports 86
ISP dataforest GmbH
7 Jun 2026
49.12.3.147 10/10
Confidence 100%
Reports 78
ISP Hetzner Online ...
31 May 2026
94.26.106.111 10/10
Confidence 100%
Reports 75
ISP dataforest GmbH
13 May 2026
80.158.109.51 10/10
Confidence 100%
Reports 73
ISP T-Systems Inter...
6 Jun 2026
212.224.100.2 10/10
Confidence 100%
Reports 61
ISP firstcolo GmbH
31 May 2026
94.130.219.13 10/10
Confidence 100%
Reports 58
ISP Hetzner Online ...
9 May 2026
5.83.135.102 8/10
Confidence 100%
Reports 44
ISP AltunHOST LTD
8 Jun 2026
94.26.106.209 8/10
Confidence 100%
Reports 38
ISP dataforest GmbH
4 Jun 2026

IPs with similar threat level and confidence scores.

15 Related IPs
5.3/10 Avg Threat
55% Avg Confidence
2 High Threat
196.251.92.134 7/10
Confidence 55%
Reports 75,414
Location NL NL
14 Oct 2025
155.94.155.105 5/10
Confidence 55%
Reports 19,539
Location US US
7 Sep 2025
213.209.157.165 5/10
Confidence 55%
Reports 11,629
Location DE DE
5 Dec 2025
45.144.212.19 5/10
Confidence 55%
Reports 9,796
Location UA UA
3 Feb 2026
213.209.157.87 5/10
Confidence 55%
Reports 9,465
Location DE DE
16 Dec 2025
213.209.157.54 5/10
Confidence 55%
Reports 7,881
Location DE DE
22 Oct 2025
185.196.11.84 5/10
Confidence 55%
Reports 2,841
Location CH CH
24 Nov 2025
213.209.157.207 5/10
Confidence 55%
Reports 2,510
Location DE DE
2 Dec 2025
78.153.140.207 7/10
Confidence 55%
Reports 2,224
Location GB GB
4 Feb 2026
185.196.11.30 5/10
Confidence 55%
Reports 1,710
Location CH CH
30 Dec 2025
196.251.72.5 5/10
Confidence 55%
Reports 1,619
Location SC SC
6 Nov 2025
213.209.157.154 5/10
Confidence 55%
Reports 1,532
Location DE DE
18 Sep 2025
196.251.83.16 5/10
Confidence 55%
Reports 1,531
Location SC SC
12 Nov 2025
213.209.157.216 5/10
Confidence 55%
Reports 1,498
Location DE DE
14 Dec 2025
213.209.157.201 5/10
Confidence 55%
Reports 1,497
Location DE DE
11 Oct 2025

Export & Firewall Rules

Download threat data or generate firewall rules to block this IP

JSON Report

Structured data format for integration with security tools and SIEM systems.

{
    "ip_address": "213.209.157.221",
    "threat_level": 5,
    "confidence_score": 55,
    "total_reports": 1472,
    "country_code": "DE",
    "isp_name": "Moon Dc",
    "asn": "208485",
    "first_reported": "2025-10-09 06:17:25",
    "last_reported": "2025-11-08 05:12:30",
    "exported_at": "2026-06-09T10:51:55+02:00",
    "source": "https://reportedip.de/ip/213.209.157.221/"
}
Download JSON

GDPR Compliant: Exports contain only IP-related threat data. No personal information or reporter details are included.

Analyzed high-risk IP addresses