IP Address

213.209.157.201

IPv4 Public
DE DE
AS208485
Moon Dc
1,497 Reports
This IP is under Observation Suspicious activity detected - monitor closely
5/10 Threat
55% Confidence
1,497 Reports

Threat Intelligence Analysis

AI-generated security assessment based on aggregated threat data

Below Average Risk
DE
DE Location
Moon Dc ASN 208485
1,497 Reports
Honeypot Data Source

Cautionary Risk

213.209.157.201 is a moderate-risk IP address linked to email spam activity, with 1497 total abuse reports logged against it and a threat level of 5/10, originating from a German hosting provider within the AS208485 autonomous system operated by Moon Dc.

The address was first and last reported in October 2025 according to the available data, with all 1497 reports attributed to automated honeypot sensors detecting SMTP spam and email abuse patterns. Despite the high report volume, the activity frequency score of 0/10 indicates the IP has not exhibited recent malicious behavior, suggesting the abuse may have ceased or the address has been taken offline since the initial detection period. The geographic location in Germany and association with a data centre operator points to a compromised or abused hosting environment rather than a residential botnet node.

Email spam represents one of the most prevalent threat vectors in network abuse, functioning as the delivery mechanism for phishing campaigns, credential-harvesting schemes, and malware distribution. An IP flagged for SMTP spam abuse typically indicates unauthorized relay activity or a compromised mail server being exploited to send bulk unsolicited messages while evading reputation-based filters. The scale of 1497 reports against this single address suggests sustained abuse rather than a transient incident, raising the risk that this infrastructure was deliberately used to circumvent email security controls at target organisations.

Site operators running publicly accessible mail services should block or closely scrutinize inbound connections from 213.209.157.201 and implement SPF, DKIM, and DMARC authentication protocols to prevent spoofing and validate incoming mail legitimacy. Deploying reputation-based filtering using blocklists populated from sources such as this IP's abuse reports will further reduce unwanted contact. Configuring fail2ban or equivalent dynamic blocking tools to automatically reject repeated SMTP connection attempts from abusive sources provides an additional layer of automated defense without manual intervention.

More threatening than 30% of monitored IPs

Threat Categories

Email Spam 30

Technical Details

Email spam involves mass distribution of unwanted emails, often for advertising, phishing, or malware delivery.

Recommended Mitigations

Implement SPF, DKIM, DMARC, and use reputable email filtering services.

Moderate Network Risk

The network hosting this IP (ASN 208485, operated by Moon Dc) shows moderate threat indicators. Some concerning activity has been detected from neighboring addresses.

Consider the network context when assessing this individual IP.

Security Recommendations

Continue monitoring for emerging patterns.

This analysis is automatically generated from aggregated, anonymized threat intelligence data. No personal information is displayed or stored. Assessment accuracy depends on available data volume and diversity.

Reputation Summary

Threat Level 5/10 Medium
Medium
Activity Frequency 0/10 Inactive
Confidence Score 55% High Confidence

Confidence History

11. Oct 2025
55% Current
Stable Trend

The confidence score shows the reliability of the threat assessment based on the number and quality of reports.

Security Reports (30)

Date Categories Source Confidence
Email Spam Honeypot 75%
Email Spam Honeypot 75%
Email Spam Honeypot 75%
Email Spam Honeypot 75%
Email Spam Honeypot 75%
Email Spam Honeypot 75%
Email Spam Honeypot 75%
Email Spam Honeypot 75%
Email Spam Honeypot 75%
Email Spam Honeypot 75%
Email Spam Honeypot 75%
Email Spam Honeypot 75%
Email Spam Honeypot 75%
Email Spam Honeypot 75%
Email Spam Honeypot 75%
Email Spam Honeypot 75%
Email Spam Honeypot 75%
Email Spam Honeypot 75%
Email Spam Honeypot 75%
Email Spam Honeypot 75%
Email Spam Honeypot 75%
Email Spam Honeypot 75%
Email Spam Honeypot 75%
Email Spam Honeypot 75%
Email Spam Honeypot 75%
Email Spam Honeypot 75%
Email Spam Honeypot 75%
Email Spam Honeypot 75%
Email Spam Honeypot 75%
Email Spam Honeypot 75%
10 of 1497 shown

Technical Details

Basic Information

IP Address
213.209.157.201
IP Version
IPv4
Network Type
Public
Tor Network
No
Network Class
Class C

Geolocation

Country
DE DE
ASN
AS208485
ISP
Moon Dc

DNS Information

Reverse DNS
wyhmure.click
PTR Record
Yes
Connection Type
Static

Statistics

Total Reports
1,497
First Reported
8 Oct 2025
Last Reported
11 Oct 2025, 06:12

Network Reputation

Analysis of the entire network (ASN) that this IP address belongs to, providing context about the hosting provider and network-wide threat patterns.

Network Identity

AS208485
Moon Dc
DE DE

Network Threat Assessment

6/10
This network shows moderate threat levels with some malicious activity patterns.

Network Statistics

34
Total IPs Monitored
39,495
Total Reports
1161.6
Reports per IP

Network Context

This IP address belongs to Moon Dc (AS208485), which manages 34 IP addresses in our monitoring system. Out of these, 39,495 have been reported for suspicious activities, resulting in a network-wide threat level of 6/10.

Network warning: This network has elevated threat levels. Exercise caution when interacting with IPs from this ASN.

Comparative Analysis

How this IP compares to others in our threat intelligence database

30 %

Global Threat Ranking

This IP is more threatening than 30% of all IPs in our database.

Below Average Threat

Global Comparison

Compared against 199,471 reported IPs worldwide

Threat Level 5/10 avg: 5.3 =
Total Reports 1,497 avg: 23 ++

Network Comparison

Compared against 34 IPs in ASN 208485

Threat Level 5/10 network avg: 7.4 -
Total Reports 1,497 network avg: 1,183 +
Network Moon Dc has overall threat level 6/10

Geographic Comparison

Compared against 7,142 IPs in DE

Threat Level 5/10 country avg: 5.8 =
Total Reports 1,497 country avg: 61 ++
Indicators:
++ Much Higher + Higher = Similar - Lower -- Much Lower

Geographic Threat Distribution

187,140 threat incidents tracked globally • Last 24h: 19,043 Logs

FEED

Top Threat Sources

  1. 01
    US
    United States US
    38,446 20.5%
  2. 02
    IN
    India IN
    29,023 15.5%
  3. 03
    CN
    China CN
    26,021 13.9%
  4. 04
    BR
    Brazil BR
    10,256 5.5%
  5. 05
    DE
    Germany DE THIS IP
    7,142 3.8%
  6. 06
    SG
    Singapore SG
    6,476 3.5%
  7. 07
    ID
    Indonesia ID
    5,539 3%
  8. 08
    RU
    Russia RU
    4,703 2.5%
  9. 09
    PK
    Pakistan PK
    4,654 2.5%
  10. 10
    NL
    Netherlands NL
    4,356 2.3%

+40 more countries

THREAT LEVEL
LOW MED HIGH

Geographic data is aggregated and anonymized. No personal information displayed.

Map: simplemaps.com (MIT License)

Related IPs

Other IPs associated with this address through network or behavioral similarity

IPs from the same Autonomous System (AS) network provider.

20 Related IPs
8.6/10 Avg Threat
65% Avg Confidence
19 High Threat
High-risk network: Majority of related IPs are flagged
213.209.157.52 10/10
Confidence 78%
Reports 15
Location DE DE
4 Dec 2025
213.209.157.94 10/10
Confidence 77%
Reports 16
Location DE DE
4 Dec 2025
213.209.157.254 10/10
Confidence 76%
Reports 144
Location DE DE
22 Nov 2025
213.209.157.77 10/10
Confidence 76%
Reports 34
Location DE DE
29 Nov 2025
213.209.157.162 10/10
Confidence 73%
Reports 91
Location DE DE
15 Dec 2025
213.209.157.24 10/10
Confidence 71%
Reports 69
Location DE DE
17 Nov 2025
213.209.157.218 10/10
Confidence 71%
Reports 13
Location DE DE
21 Nov 2025
213.209.157.84 8/10
Confidence 60%
Reports 58
Location DE DE
19 Sep 2025
213.209.157.47 8/10
Confidence 60%
Reports 54
Location DE DE
21 Sep 2025
213.209.157.55 8/10
Confidence 60%
Reports 51
Location DE DE
19 Sep 2025
213.209.157.57 8/10
Confidence 60%
Reports 51
Location DE DE
19 Sep 2025
213.209.157.49 8/10
Confidence 60%
Reports 44
Location DE DE
19 Sep 2025
213.209.157.53 8/10
Confidence 60%
Reports 43
Location DE DE
19 Sep 2025
213.209.157.45 8/10
Confidence 60%
Reports 38
Location DE DE
21 Sep 2025
213.209.157.199 8/10
Confidence 60%
Reports 36
Location DE DE
20 Sep 2025
213.209.157.27 8/10
Confidence 60%
Reports 34
Location DE DE
21 Sep 2025
213.209.157.36 8/10
Confidence 60%
Reports 30
Location DE DE
20 Sep 2025
213.209.157.34 8/10
Confidence 60%
Reports 27
Location DE DE
19 Sep 2025
213.209.157.193 8/10
Confidence 60%
Reports 20
Location DE DE
21 Sep 2025
213.209.157.225 5/10
Confidence 59%
Reports 341
Location DE DE
9 Oct 2025

IPs from the same subnet range, likely same network segment.

20 Related IPs
8.6/10 Avg Threat
65% Avg Confidence
19 High Threat
High-risk network: Majority of related IPs are flagged
213.209.157.52 10/10
Confidence 78%
Reports 15
Location DE DE
4 Dec 2025
213.209.157.94 10/10
Confidence 77%
Reports 16
Location DE DE
4 Dec 2025
213.209.157.254 10/10
Confidence 76%
Reports 144
Location DE DE
22 Nov 2025
213.209.157.77 10/10
Confidence 76%
Reports 34
Location DE DE
29 Nov 2025
213.209.157.162 10/10
Confidence 73%
Reports 91
Location DE DE
15 Dec 2025
213.209.157.24 10/10
Confidence 71%
Reports 69
Location DE DE
17 Nov 2025
213.209.157.218 10/10
Confidence 71%
Reports 13
Location DE DE
21 Nov 2025
213.209.157.84 8/10
Confidence 60%
Reports 58
Location DE DE
19 Sep 2025
213.209.157.47 8/10
Confidence 60%
Reports 54
Location DE DE
21 Sep 2025
213.209.157.55 8/10
Confidence 60%
Reports 51
Location DE DE
19 Sep 2025
213.209.157.57 8/10
Confidence 60%
Reports 51
Location DE DE
19 Sep 2025
213.209.157.49 8/10
Confidence 60%
Reports 44
Location DE DE
19 Sep 2025
213.209.157.53 8/10
Confidence 60%
Reports 43
Location DE DE
19 Sep 2025
213.209.157.45 8/10
Confidence 60%
Reports 38
Location DE DE
21 Sep 2025
213.209.157.199 8/10
Confidence 60%
Reports 36
Location DE DE
20 Sep 2025
213.209.157.27 8/10
Confidence 60%
Reports 34
Location DE DE
21 Sep 2025
213.209.157.36 8/10
Confidence 60%
Reports 30
Location DE DE
20 Sep 2025
213.209.157.34 8/10
Confidence 60%
Reports 27
Location DE DE
19 Sep 2025
213.209.157.193 8/10
Confidence 60%
Reports 20
Location DE DE
21 Sep 2025
213.209.157.225 5/10
Confidence 59%
Reports 341
Location DE DE
9 Oct 2025

IPs from the same country with similar threat profiles.

15 Related IPs
8.6/10 Avg Threat
100% Avg Confidence
15 High Threat
High-risk network: Majority of related IPs are flagged
45.92.11.94 8/10
Confidence 100%
Reports 274
ISP Contabo GmbH
1 Mar 2026
88.198.64.173 8/10
Confidence 100%
Reports 174
ISP Hetzner Online ...
22 May 2026
159.100.13.237 8/10
Confidence 100%
Reports 169
ISP Ultahost, Inc.
6 May 2026
46.224.234.158 8/10
Confidence 100%
Reports 128
ISP Hetzner Online ...
9 Jun 2026
5.83.135.249 8/10
Confidence 100%
Reports 116
ISP active 1 GmbH
7 Jun 2026
3.70.164.132 8/10
Confidence 100%
Reports 99
ISP Amazon.com, Inc.
19 May 2026
118.193.59.142 7/10
Confidence 100%
Reports 89
ISP UCLOUD INFORMAT...
5 Jun 2026
94.26.106.90 8/10
Confidence 100%
Reports 86
ISP dataforest GmbH
7 Jun 2026
49.12.3.147 10/10
Confidence 100%
Reports 78
ISP Hetzner Online ...
31 May 2026
94.26.106.111 10/10
Confidence 100%
Reports 75
ISP dataforest GmbH
13 May 2026
80.158.109.51 10/10
Confidence 100%
Reports 73
ISP T-Systems Inter...
6 Jun 2026
212.224.100.2 10/10
Confidence 100%
Reports 61
ISP firstcolo GmbH
31 May 2026
94.130.219.13 10/10
Confidence 100%
Reports 58
ISP Hetzner Online ...
9 May 2026
5.83.135.102 8/10
Confidence 100%
Reports 44
ISP AltunHOST LTD
8 Jun 2026
94.26.106.209 8/10
Confidence 100%
Reports 38
ISP dataforest GmbH
4 Jun 2026

IPs with similar threat level and confidence scores.

15 Related IPs
5.3/10 Avg Threat
55% Avg Confidence
2 High Threat
196.251.92.134 7/10
Confidence 55%
Reports 75,414
Location NL NL
14 Oct 2025
155.94.155.105 5/10
Confidence 55%
Reports 19,539
Location US US
7 Sep 2025
213.209.157.165 5/10
Confidence 55%
Reports 11,629
Location DE DE
5 Dec 2025
45.144.212.19 5/10
Confidence 55%
Reports 9,796
Location UA UA
3 Feb 2026
213.209.157.87 5/10
Confidence 55%
Reports 9,465
Location DE DE
16 Dec 2025
213.209.157.54 5/10
Confidence 55%
Reports 7,881
Location DE DE
22 Oct 2025
185.196.11.84 5/10
Confidence 55%
Reports 2,841
Location CH CH
24 Nov 2025
213.209.157.207 5/10
Confidence 55%
Reports 2,510
Location DE DE
2 Dec 2025
78.153.140.207 7/10
Confidence 55%
Reports 2,224
Location GB GB
4 Feb 2026
185.196.11.30 5/10
Confidence 55%
Reports 1,710
Location CH CH
30 Dec 2025
196.251.72.5 5/10
Confidence 55%
Reports 1,619
Location SC SC
6 Nov 2025
213.209.157.154 5/10
Confidence 55%
Reports 1,532
Location DE DE
18 Sep 2025
196.251.83.16 5/10
Confidence 55%
Reports 1,531
Location SC SC
12 Nov 2025
213.209.157.216 5/10
Confidence 55%
Reports 1,498
Location DE DE
14 Dec 2025
213.209.157.221 5/10
Confidence 55%
Reports 1,472
Location DE DE
8 Nov 2025

Export & Firewall Rules

Download threat data or generate firewall rules to block this IP

JSON Report

Structured data format for integration with security tools and SIEM systems.

{
    "ip_address": "213.209.157.201",
    "threat_level": 5,
    "confidence_score": 55,
    "total_reports": 1497,
    "country_code": "DE",
    "isp_name": "Moon Dc",
    "asn": "208485",
    "first_reported": "2025-10-08 06:17:54",
    "last_reported": "2025-10-11 06:12:17",
    "exported_at": "2026-06-09T08:52:36+02:00",
    "source": "https://reportedip.de/ip/213.209.157.201/"
}
Download JSON

GDPR Compliant: Exports contain only IP-related threat data. No personal information or reporter details are included.

Analyzed high-risk IP addresses