Moderate Risk
213.209.157.165 is a moderate-risk address with a history of email spam activity originating from a German hosting infrastructure. The IP carries a threat level of 5/10 and has accumulated 11,629 total abuse reports, though the activity frequency score of 0/10 indicates that recent hostile behavior has declined significantly. Detection occurred exclusively through automated honeypot sensors, with email spam confirmed as the dominant threat category in the most recent reports.
The abuse timeline spans from September 2025 to December 2025, representing approximately four months of sustained reporting activity. With 20 confirmed email spam reports logged against this address, the volume is moderate but not negligible. The 55% confidence score suggests moderate certainty regarding the threat classification, leaving some ambiguity about whether all activity was definitively malicious or potentially misclassified legitimate traffic. The AS208485 autonomous system is operated by Moon Dc, a German hosting provider whose infrastructure appears to have been leveraged for unsolicited email distribution.
Email spam represents a significant threat vector because mass unsolicited messages frequently serve as delivery mechanisms for phishing campaigns, credential harvesting, and malware distribution. Even when individual messages appear benign, the infrastructure supporting spam distribution often indicates broader compromise or dedicated spam-sending servers. The scale of 11,629 historical reports suggests this IP was actively engaged in high-volume email distribution before its recent activity decline. Such activity can damage the reputation of the associated IP range, leading to blocklisting by major email providers.
Site operators should implement foundational email security controls including SPF, DKIM, and DMARC authentication protocols to prevent domain spoofing and validate incoming mail. Deploying reputable email filtering services can intercept spam before it reaches user inboxes. Continuous monitoring of abuse feeds and blocklists helps identify if this IP remains problematic. Implementing tools such as fail2ban can automatically block repeated connection attempts from offending addresses. Organizations should also consider engaging the network operator through appropriate abuse reporting channels to address persistent infrastructure abuse.
UA 
CH 
GB 
SC