IP Address

213.209.157.207

IPv4 Public
DE DE
AS208485
Moon Dc
2,510 Reports
This IP is under Observation Suspicious activity detected - monitor closely
5/10 Threat
55% Confidence
2,510 Reports

Threat Intelligence Analysis

AI-generated security assessment based on aggregated threat data

Below Average Risk
DE
DE Location
Moon Dc ASN 208485
2,510 Reports
Honeypot Data Source

Medium Threat

IP 213.209.157.207 is a moderate-risk address associated with email spam activity originating from a German network operated by Moon Dc (AS208485), with 2,510 cumulative abuse reports filed through automated honeypot sensors indicating sustained suspicious behavior over a multi-month window.

The aggregate abuse data reveals a substantial report volume of 2,510 incidents attributed to this address, with the honeypot sensor network contributing 20 recent detections specifically categorized as Email Spam. The threat level has been assessed at 5 out of 10 with a confidence score of 55 percent, suggesting moderate certainty that malicious activity has occurred. Geolocation confirms the source as Germany, and the ASN operator Moon Dc operates the underlying infrastructure. The activity frequency metric registers at 0 out of 10, indicating that the most recent automated detections have tapered off, though the high historical report count demonstrates persistent abuse patterns during the November–December 2025 reporting window.

Email spam represents a concrete operational risk to exposed mail servers, as mass-distribution campaigns frequently serve as delivery mechanisms for phishing lures and malware payloads. An IP with this volume of abuse reports carries significant potential to damage the reputation of any mail relay it touches, resulting in blocklist inclusion and disruption of legitimate correspondence. The pattern of SMTP spam and abuse detected here suggests the address has been leveraged for unauthorized relay attempts or high-volume unsolicited distribution, which could compromise downstream mail hygiene systems.

Site operators should implement SPF, DKIM and DMARC authentication frameworks to validate incoming mail and reject spoofed senders. Deploying reputable email filtering services can further reduce exposure to spam-derived threats. Continuous traffic monitoring is advisable given the substantial report history, and rate-limiting rules or defensive tooling such as fail2ban can mitigate repeated connection attempts from flagged sources.

More threatening than 30% of monitored IPs

Threat Categories

Email Spam 30

Technical Details

Email spam involves mass distribution of unwanted emails, often for advertising, phishing, or malware delivery.

Recommended Mitigations

Implement SPF, DKIM, DMARC, and use reputable email filtering services.

Moderate Network Risk

The network hosting this IP (ASN 208485, operated by Moon Dc) shows moderate threat indicators. Some concerning activity has been detected from neighboring addresses.

Consider the network context when assessing this individual IP.

Security Recommendations

Continue monitoring for emerging patterns.

This analysis is automatically generated from aggregated, anonymized threat intelligence data. No personal information is displayed or stored. Assessment accuracy depends on available data volume and diversity.

Reputation Summary

Threat Level 5/10 Medium
Medium
Activity Frequency 0/10 Inactive
Confidence Score 55% High Confidence

Confidence History

2. Dec 2025
55% Current
Stable Trend

The confidence score shows the reliability of the threat assessment based on the number and quality of reports.

Security Reports (30)

Date Categories Source Confidence
Email Spam Honeypot 75%
Email Spam Honeypot 75%
Email Spam Honeypot 75%
Email Spam Honeypot 75%
Email Spam Honeypot 75%
Email Spam Honeypot 75%
Email Spam Honeypot 75%
Email Spam Honeypot 75%
Email Spam Honeypot 75%
Email Spam Honeypot 75%
Email Spam Honeypot 75%
Email Spam Honeypot 75%
Email Spam Honeypot 75%
Email Spam Honeypot 75%
Email Spam Honeypot 75%
Email Spam Honeypot 75%
Email Spam Honeypot 75%
Email Spam Honeypot 75%
Email Spam Honeypot 75%
Email Spam Honeypot 75%
Email Spam Honeypot 75%
Email Spam Honeypot 75%
Email Spam Honeypot 75%
Email Spam Honeypot 75%
Email Spam Honeypot 75%
Email Spam Honeypot 75%
Email Spam Honeypot 75%
Email Spam Honeypot 75%
Email Spam Honeypot 75%
Email Spam Honeypot 75%
10 of 2510 shown

Technical Details

Basic Information

IP Address
213.209.157.207
IP Version
IPv4
Network Type
Public
Tor Network
No
Network Class
Class C

Geolocation

Country
DE DE
ASN
AS208485
ISP
Moon Dc

DNS Information

Reverse DNS
pecfukl.click
PTR Record
Yes
Connection Type
Static

Statistics

Total Reports
2,510
First Reported
6 Nov 2025
Last Reported
2 Dec 2025, 05:12

Network Reputation

Analysis of the entire network (ASN) that this IP address belongs to, providing context about the hosting provider and network-wide threat patterns.

Network Identity

AS208485
Moon Dc
DE DE

Network Threat Assessment

6/10
This network shows moderate threat levels with some malicious activity patterns.

Network Statistics

34
Total IPs Monitored
39,495
Total Reports
1161.6
Reports per IP

Network Context

This IP address belongs to Moon Dc (AS208485), which manages 34 IP addresses in our monitoring system. Out of these, 39,495 have been reported for suspicious activities, resulting in a network-wide threat level of 6/10.

Network warning: This network has elevated threat levels. Exercise caution when interacting with IPs from this ASN.

Comparative Analysis

How this IP compares to others in our threat intelligence database

30 %

Global Threat Ranking

This IP is more threatening than 30% of all IPs in our database.

Below Average Threat

Global Comparison

Compared against 198,677 reported IPs worldwide

Threat Level 5/10 avg: 5.3 =
Total Reports 2,510 avg: 23 ++

Network Comparison

Compared against 34 IPs in ASN 208485

Threat Level 5/10 network avg: 7.4 -
Total Reports 2,510 network avg: 1,183 ++
Network Moon Dc has overall threat level 6/10

Geographic Comparison

Compared against 7,128 IPs in DE

Threat Level 5/10 country avg: 5.8 =
Total Reports 2,510 country avg: 61 ++
Indicators:
++ Much Higher + Higher = Similar - Lower -- Much Lower

Geographic Threat Distribution

186,446 threat incidents tracked globally • Last 24h: 18,583 Logs

FEED

Top Threat Sources

  1. 01
    US
    United States US
    38,320 20.6%
  2. 02
    IN
    India IN
    28,851 15.5%
  3. 03
    CN
    China CN
    25,960 13.9%
  4. 04
    BR
    Brazil BR
    10,202 5.5%
  5. 05
    DE
    Germany DE THIS IP
    7,128 3.8%
  6. 06
    SG
    Singapore SG
    6,451 3.5%
  7. 07
    ID
    Indonesia ID
    5,496 2.9%
  8. 08
    RU
    Russia RU
    4,690 2.5%
  9. 09
    PK
    Pakistan PK
    4,632 2.5%
  10. 10
    NL
    Netherlands NL
    4,350 2.3%

+40 more countries

THREAT LEVEL
LOW MED HIGH

Geographic data is aggregated and anonymized. No personal information displayed.

Map: simplemaps.com (MIT License)

Related IPs

Other IPs associated with this address through network or behavioral similarity

IPs from the same Autonomous System (AS) network provider.

20 Related IPs
8.6/10 Avg Threat
65% Avg Confidence
19 High Threat
High-risk network: Majority of related IPs are flagged
213.209.157.52 10/10
Confidence 78%
Reports 15
Location DE DE
4 Dec 2025
213.209.157.94 10/10
Confidence 77%
Reports 16
Location DE DE
4 Dec 2025
213.209.157.254 10/10
Confidence 76%
Reports 144
Location DE DE
22 Nov 2025
213.209.157.77 10/10
Confidence 76%
Reports 34
Location DE DE
29 Nov 2025
213.209.157.162 10/10
Confidence 73%
Reports 91
Location DE DE
15 Dec 2025
213.209.157.24 10/10
Confidence 71%
Reports 69
Location DE DE
17 Nov 2025
213.209.157.218 10/10
Confidence 71%
Reports 13
Location DE DE
21 Nov 2025
213.209.157.84 8/10
Confidence 60%
Reports 58
Location DE DE
19 Sep 2025
213.209.157.47 8/10
Confidence 60%
Reports 54
Location DE DE
21 Sep 2025
213.209.157.55 8/10
Confidence 60%
Reports 51
Location DE DE
19 Sep 2025
213.209.157.57 8/10
Confidence 60%
Reports 51
Location DE DE
19 Sep 2025
213.209.157.49 8/10
Confidence 60%
Reports 44
Location DE DE
19 Sep 2025
213.209.157.53 8/10
Confidence 60%
Reports 43
Location DE DE
19 Sep 2025
213.209.157.45 8/10
Confidence 60%
Reports 38
Location DE DE
21 Sep 2025
213.209.157.199 8/10
Confidence 60%
Reports 36
Location DE DE
20 Sep 2025
213.209.157.27 8/10
Confidence 60%
Reports 34
Location DE DE
21 Sep 2025
213.209.157.36 8/10
Confidence 60%
Reports 30
Location DE DE
20 Sep 2025
213.209.157.34 8/10
Confidence 60%
Reports 27
Location DE DE
19 Sep 2025
213.209.157.193 8/10
Confidence 60%
Reports 20
Location DE DE
21 Sep 2025
213.209.157.225 5/10
Confidence 59%
Reports 341
Location DE DE
9 Oct 2025

IPs from the same subnet range, likely same network segment.

20 Related IPs
8.6/10 Avg Threat
65% Avg Confidence
19 High Threat
High-risk network: Majority of related IPs are flagged
213.209.157.52 10/10
Confidence 78%
Reports 15
Location DE DE
4 Dec 2025
213.209.157.94 10/10
Confidence 77%
Reports 16
Location DE DE
4 Dec 2025
213.209.157.254 10/10
Confidence 76%
Reports 144
Location DE DE
22 Nov 2025
213.209.157.77 10/10
Confidence 76%
Reports 34
Location DE DE
29 Nov 2025
213.209.157.162 10/10
Confidence 73%
Reports 91
Location DE DE
15 Dec 2025
213.209.157.24 10/10
Confidence 71%
Reports 69
Location DE DE
17 Nov 2025
213.209.157.218 10/10
Confidence 71%
Reports 13
Location DE DE
21 Nov 2025
213.209.157.84 8/10
Confidence 60%
Reports 58
Location DE DE
19 Sep 2025
213.209.157.47 8/10
Confidence 60%
Reports 54
Location DE DE
21 Sep 2025
213.209.157.55 8/10
Confidence 60%
Reports 51
Location DE DE
19 Sep 2025
213.209.157.57 8/10
Confidence 60%
Reports 51
Location DE DE
19 Sep 2025
213.209.157.49 8/10
Confidence 60%
Reports 44
Location DE DE
19 Sep 2025
213.209.157.53 8/10
Confidence 60%
Reports 43
Location DE DE
19 Sep 2025
213.209.157.45 8/10
Confidence 60%
Reports 38
Location DE DE
21 Sep 2025
213.209.157.199 8/10
Confidence 60%
Reports 36
Location DE DE
20 Sep 2025
213.209.157.27 8/10
Confidence 60%
Reports 34
Location DE DE
21 Sep 2025
213.209.157.36 8/10
Confidence 60%
Reports 30
Location DE DE
20 Sep 2025
213.209.157.34 8/10
Confidence 60%
Reports 27
Location DE DE
19 Sep 2025
213.209.157.193 8/10
Confidence 60%
Reports 20
Location DE DE
21 Sep 2025
213.209.157.225 5/10
Confidence 59%
Reports 341
Location DE DE
9 Oct 2025

IPs from the same country with similar threat profiles.

15 Related IPs
8.6/10 Avg Threat
100% Avg Confidence
15 High Threat
High-risk network: Majority of related IPs are flagged
45.92.11.94 8/10
Confidence 100%
Reports 274
ISP Contabo GmbH
1 Mar 2026
77.90.185.37 8/10
Confidence 100%
Reports 185
ISP Inside Network LTD
8 Jun 2026
88.198.64.173 8/10
Confidence 100%
Reports 174
ISP Hetzner Online ...
22 May 2026
159.100.13.237 8/10
Confidence 100%
Reports 169
ISP Ultahost, Inc.
6 May 2026
46.224.234.158 8/10
Confidence 100%
Reports 116
ISP Hetzner Online ...
8 Jun 2026
5.83.135.249 8/10
Confidence 100%
Reports 116
ISP active 1 GmbH
7 Jun 2026
3.70.164.132 8/10
Confidence 100%
Reports 99
ISP Amazon.com, Inc.
19 May 2026
118.193.59.142 7/10
Confidence 100%
Reports 89
ISP UCLOUD INFORMAT...
5 Jun 2026
94.26.106.90 8/10
Confidence 100%
Reports 86
ISP dataforest GmbH
7 Jun 2026
49.12.3.147 10/10
Confidence 100%
Reports 78
ISP Hetzner Online ...
31 May 2026
94.26.106.111 10/10
Confidence 100%
Reports 75
ISP dataforest GmbH
13 May 2026
80.158.109.51 10/10
Confidence 100%
Reports 73
ISP T-Systems Inter...
6 Jun 2026
212.224.100.2 10/10
Confidence 100%
Reports 61
ISP firstcolo GmbH
31 May 2026
94.130.219.13 10/10
Confidence 100%
Reports 58
ISP Hetzner Online ...
9 May 2026
5.83.135.102 8/10
Confidence 100%
Reports 44
ISP AltunHOST LTD
8 Jun 2026

IPs with similar threat level and confidence scores.

15 Related IPs
5.3/10 Avg Threat
55% Avg Confidence
2 High Threat
196.251.92.134 7/10
Confidence 55%
Reports 75,414
Location NL NL
14 Oct 2025
155.94.155.105 5/10
Confidence 55%
Reports 19,539
Location US US
7 Sep 2025
213.209.157.165 5/10
Confidence 55%
Reports 11,629
Location DE DE
5 Dec 2025
45.144.212.19 5/10
Confidence 55%
Reports 9,796
Location UA UA
3 Feb 2026
213.209.157.87 5/10
Confidence 55%
Reports 9,465
Location DE DE
16 Dec 2025
213.209.157.54 5/10
Confidence 55%
Reports 7,881
Location DE DE
22 Oct 2025
185.196.11.84 5/10
Confidence 55%
Reports 2,841
Location CH CH
24 Nov 2025
78.153.140.207 7/10
Confidence 55%
Reports 2,224
Location GB GB
4 Feb 2026
185.196.11.30 5/10
Confidence 55%
Reports 1,710
Location CH CH
30 Dec 2025
196.251.72.5 5/10
Confidence 55%
Reports 1,619
Location SC SC
6 Nov 2025
213.209.157.154 5/10
Confidence 55%
Reports 1,532
Location DE DE
18 Sep 2025
196.251.83.16 5/10
Confidence 55%
Reports 1,531
Location SC SC
12 Nov 2025
213.209.157.216 5/10
Confidence 55%
Reports 1,498
Location DE DE
14 Dec 2025
213.209.157.201 5/10
Confidence 55%
Reports 1,497
Location DE DE
11 Oct 2025
213.209.157.221 5/10
Confidence 55%
Reports 1,472
Location DE DE
8 Nov 2025

Export & Firewall Rules

Download threat data or generate firewall rules to block this IP

JSON Report

Structured data format for integration with security tools and SIEM systems.

{
    "ip_address": "213.209.157.207",
    "threat_level": 5,
    "confidence_score": 55,
    "total_reports": 2510,
    "country_code": "DE",
    "isp_name": "Moon Dc",
    "asn": "208485",
    "first_reported": "2025-11-06 13:01:17",
    "last_reported": "2025-12-02 05:12:10",
    "exported_at": "2026-06-08T22:44:41+02:00",
    "source": "https://reportedip.de/ip/213.209.157.207/"
}
Download JSON

GDPR Compliant: Exports contain only IP-related threat data. No personal information or reporter details are included.

Analyzed high-risk IP addresses