IP Address

213.209.157.216

IPv4 Public
DE DE
AS208485
Moon Dc
1,498 Reports
This IP is under Observation Suspicious activity detected - monitor closely
5/10 Threat
55% Confidence
1,498 Reports

Threat Intelligence Analysis

AI-generated security assessment based on aggregated threat data

Below Average Risk
DE
DE Location
Moon Dc ASN 208485
1,498 Reports
Honeypot Data Source

Cautionary Risk

IP 213.209.157.216 is a medium-risk German address with a substantial abuse history, primarily linked to email spam activity detected by automated honeypot sensors. With 1,498 total reports concentrated in November and December 2025, this address presents a moderate threat to exposed mail services, though its recent activity frequency of zero suggests diminished current engagement.

The IP originates from Germany within the AS208485 network operated by Moon Dc, and automated honeypot sensors logged all 20 recent threat reports attributing activity exclusively to email spam. The 55% confidence score and 5/10 threat level reflect a pattern consistent with mass-distribution spam operations rather than targeted attacks. Despite the high cumulative report count, the zero activity frequency metric indicates no detected malicious behavior in the immediate recent period, suggesting the address may have been contained, blocked at the network level, or temporarily retired from active operations.

Email spam originating from this address poses concrete risks to organizations with exposed SMTP servers. Such activity typically involves high-volume distribution of unsolicited messages that may contain phishing links, malware payloads or fraudulent content, potentially harming recipients and damaging the reputation of any mail server that relays this traffic. For organizations receiving connections from this IP, the spam history indicates it should be treated with suspicion and evaluated against established email authentication standards before accepting or relaying any correspondence.

Site operators should implement a combination of reactive and preventive controls: configure mail servers to enforce SPF, DKIM and DMARC authentication to reject unauthorized sending from this address, add 213.209.157.216 to server-level blocklists, and monitor logs for any new connections originating from this IP. Tools such as fail2ban can automate the detection and blocking of suspicious SMTP patterns. Ensuring mail relay policies require valid sender authentication will prevent any potential abuse of your infrastructure for spam distribution.

More threatening than 29% of monitored IPs

Threat Categories

Email Spam 30

Technical Details

Email spam involves mass distribution of unwanted emails, often for advertising, phishing, or malware delivery.

Recommended Mitigations

Implement SPF, DKIM, DMARC, and use reputable email filtering services.

Moderate Network Risk

The network hosting this IP (ASN 208485, operated by Moon Dc) shows moderate threat indicators. Some concerning activity has been detected from neighboring addresses.

Consider the network context when assessing this individual IP.

Security Recommendations

Continue monitoring for emerging patterns.

This analysis is automatically generated from aggregated, anonymized threat intelligence data. No personal information is displayed or stored. Assessment accuracy depends on available data volume and diversity.

Reputation Summary

Threat Level 5/10 Medium
Medium
Activity Frequency 0/10 Inactive
Confidence Score 55% High Confidence

Confidence History

14. Dec 2025
55% Current
Stable Trend

The confidence score shows the reliability of the threat assessment based on the number and quality of reports.

Security Reports (30)

Date Categories Source Confidence
Email Spam Honeypot 75%
Email Spam Honeypot 75%
Email Spam Honeypot 75%
Email Spam Honeypot 75%
Email Spam Honeypot 75%
Email Spam Honeypot 75%
Email Spam Honeypot 75%
Email Spam Honeypot 75%
Email Spam Honeypot 75%
Email Spam Honeypot 75%
Email Spam Honeypot 75%
Email Spam Honeypot 75%
Email Spam Honeypot 75%
Email Spam Honeypot 75%
Email Spam Honeypot 75%
Email Spam Honeypot 75%
Email Spam Honeypot 75%
Email Spam Honeypot 75%
Email Spam Honeypot 75%
Email Spam Honeypot 75%
Email Spam Honeypot 75%
Email Spam Honeypot 75%
Email Spam Honeypot 75%
Email Spam Honeypot 75%
Email Spam Honeypot 75%
Email Spam Honeypot 75%
Email Spam Honeypot 75%
Email Spam Honeypot 75%
Email Spam Honeypot 75%
Email Spam Honeypot 75%
10 of 1498 shown

Technical Details

Basic Information

IP Address
213.209.157.216
IP Version
IPv4
Network Type
Public
Tor Network
No
Network Class
Class C

Geolocation

Country
DE DE
ASN
AS208485
ISP
Moon Dc

DNS Information

Reverse DNS
omuvifu.click
PTR Record
Yes
Connection Type
Static

Statistics

Total Reports
1,498
First Reported
23 Nov 2025
Last Reported
14 Dec 2025, 05:06

Network Reputation

Analysis of the entire network (ASN) that this IP address belongs to, providing context about the hosting provider and network-wide threat patterns.

Network Identity

AS208485
Moon Dc
DE DE

Network Threat Assessment

6/10
This network shows moderate threat levels with some malicious activity patterns.

Network Statistics

34
Total IPs Monitored
39,495
Total Reports
1161.6
Reports per IP

Network Context

This IP address belongs to Moon Dc (AS208485), which manages 34 IP addresses in our monitoring system. Out of these, 39,495 have been reported for suspicious activities, resulting in a network-wide threat level of 6/10.

Network warning: This network has elevated threat levels. Exercise caution when interacting with IPs from this ASN.

Comparative Analysis

How this IP compares to others in our threat intelligence database

29 %

Global Threat Ranking

This IP is more threatening than 29% of all IPs in our database.

Below Average Threat

Global Comparison

Compared against 199,583 reported IPs worldwide

Threat Level 5/10 avg: 5.3 =
Total Reports 1,498 avg: 23 ++

Network Comparison

Compared against 34 IPs in ASN 208485

Threat Level 5/10 network avg: 7.4 -
Total Reports 1,498 network avg: 1,183 +
Network Moon Dc has overall threat level 6/10

Geographic Comparison

Compared against 7,143 IPs in DE

Threat Level 5/10 country avg: 5.8 =
Total Reports 1,498 country avg: 61 ++
Indicators:
++ Much Higher + Higher = Similar - Lower -- Much Lower

Geographic Threat Distribution

187,273 threat incidents tracked globally • Last 24h: 18,965 Logs

FEED

Top Threat Sources

  1. 01
    US
    United States US
    38,457 20.5%
  2. 02
    IN
    India IN
    29,090 15.5%
  3. 03
    CN
    China CN
    26,027 13.9%
  4. 04
    BR
    Brazil BR
    10,256 5.5%
  5. 05
    DE
    Germany DE THIS IP
    7,143 3.8%
  6. 06
    SG
    Singapore SG
    6,476 3.5%
  7. 07
    ID
    Indonesia ID
    5,543 3%
  8. 08
    RU
    Russia RU
    4,703 2.5%
  9. 09
    PK
    Pakistan PK
    4,670 2.5%
  10. 10
    NL
    Netherlands NL
    4,357 2.3%

+40 more countries

THREAT LEVEL
LOW MED HIGH

Geographic data is aggregated and anonymized. No personal information displayed.

Map: simplemaps.com (MIT License)

Related IPs

Other IPs associated with this address through network or behavioral similarity

IPs from the same Autonomous System (AS) network provider.

20 Related IPs
8.6/10 Avg Threat
65% Avg Confidence
19 High Threat
High-risk network: Majority of related IPs are flagged
213.209.157.52 10/10
Confidence 78%
Reports 15
Location DE DE
4 Dec 2025
213.209.157.94 10/10
Confidence 77%
Reports 16
Location DE DE
4 Dec 2025
213.209.157.254 10/10
Confidence 76%
Reports 144
Location DE DE
22 Nov 2025
213.209.157.77 10/10
Confidence 76%
Reports 34
Location DE DE
29 Nov 2025
213.209.157.162 10/10
Confidence 73%
Reports 91
Location DE DE
15 Dec 2025
213.209.157.24 10/10
Confidence 71%
Reports 69
Location DE DE
17 Nov 2025
213.209.157.218 10/10
Confidence 71%
Reports 13
Location DE DE
21 Nov 2025
213.209.157.84 8/10
Confidence 60%
Reports 58
Location DE DE
19 Sep 2025
213.209.157.47 8/10
Confidence 60%
Reports 54
Location DE DE
21 Sep 2025
213.209.157.55 8/10
Confidence 60%
Reports 51
Location DE DE
19 Sep 2025
213.209.157.57 8/10
Confidence 60%
Reports 51
Location DE DE
19 Sep 2025
213.209.157.49 8/10
Confidence 60%
Reports 44
Location DE DE
19 Sep 2025
213.209.157.53 8/10
Confidence 60%
Reports 43
Location DE DE
19 Sep 2025
213.209.157.45 8/10
Confidence 60%
Reports 38
Location DE DE
21 Sep 2025
213.209.157.199 8/10
Confidence 60%
Reports 36
Location DE DE
20 Sep 2025
213.209.157.27 8/10
Confidence 60%
Reports 34
Location DE DE
21 Sep 2025
213.209.157.36 8/10
Confidence 60%
Reports 30
Location DE DE
20 Sep 2025
213.209.157.34 8/10
Confidence 60%
Reports 27
Location DE DE
19 Sep 2025
213.209.157.193 8/10
Confidence 60%
Reports 20
Location DE DE
21 Sep 2025
213.209.157.225 5/10
Confidence 59%
Reports 341
Location DE DE
9 Oct 2025

IPs from the same subnet range, likely same network segment.

20 Related IPs
8.6/10 Avg Threat
65% Avg Confidence
19 High Threat
High-risk network: Majority of related IPs are flagged
213.209.157.52 10/10
Confidence 78%
Reports 15
Location DE DE
4 Dec 2025
213.209.157.94 10/10
Confidence 77%
Reports 16
Location DE DE
4 Dec 2025
213.209.157.254 10/10
Confidence 76%
Reports 144
Location DE DE
22 Nov 2025
213.209.157.77 10/10
Confidence 76%
Reports 34
Location DE DE
29 Nov 2025
213.209.157.162 10/10
Confidence 73%
Reports 91
Location DE DE
15 Dec 2025
213.209.157.24 10/10
Confidence 71%
Reports 69
Location DE DE
17 Nov 2025
213.209.157.218 10/10
Confidence 71%
Reports 13
Location DE DE
21 Nov 2025
213.209.157.84 8/10
Confidence 60%
Reports 58
Location DE DE
19 Sep 2025
213.209.157.47 8/10
Confidence 60%
Reports 54
Location DE DE
21 Sep 2025
213.209.157.55 8/10
Confidence 60%
Reports 51
Location DE DE
19 Sep 2025
213.209.157.57 8/10
Confidence 60%
Reports 51
Location DE DE
19 Sep 2025
213.209.157.49 8/10
Confidence 60%
Reports 44
Location DE DE
19 Sep 2025
213.209.157.53 8/10
Confidence 60%
Reports 43
Location DE DE
19 Sep 2025
213.209.157.45 8/10
Confidence 60%
Reports 38
Location DE DE
21 Sep 2025
213.209.157.199 8/10
Confidence 60%
Reports 36
Location DE DE
20 Sep 2025
213.209.157.27 8/10
Confidence 60%
Reports 34
Location DE DE
21 Sep 2025
213.209.157.36 8/10
Confidence 60%
Reports 30
Location DE DE
20 Sep 2025
213.209.157.34 8/10
Confidence 60%
Reports 27
Location DE DE
19 Sep 2025
213.209.157.193 8/10
Confidence 60%
Reports 20
Location DE DE
21 Sep 2025
213.209.157.225 5/10
Confidence 59%
Reports 341
Location DE DE
9 Oct 2025

IPs from the same country with similar threat profiles.

15 Related IPs
8.6/10 Avg Threat
100% Avg Confidence
15 High Threat
High-risk network: Majority of related IPs are flagged
45.92.11.94 8/10
Confidence 100%
Reports 274
ISP Contabo GmbH
1 Mar 2026
88.198.64.173 8/10
Confidence 100%
Reports 174
ISP Hetzner Online ...
22 May 2026
159.100.13.237 8/10
Confidence 100%
Reports 169
ISP Ultahost, Inc.
6 May 2026
46.224.234.158 8/10
Confidence 100%
Reports 128
ISP Hetzner Online ...
9 Jun 2026
5.83.135.249 8/10
Confidence 100%
Reports 116
ISP active 1 GmbH
7 Jun 2026
3.70.164.132 8/10
Confidence 100%
Reports 99
ISP Amazon.com, Inc.
19 May 2026
118.193.59.142 7/10
Confidence 100%
Reports 89
ISP UCLOUD INFORMAT...
5 Jun 2026
94.26.106.90 8/10
Confidence 100%
Reports 86
ISP dataforest GmbH
7 Jun 2026
49.12.3.147 10/10
Confidence 100%
Reports 78
ISP Hetzner Online ...
31 May 2026
94.26.106.111 10/10
Confidence 100%
Reports 75
ISP dataforest GmbH
13 May 2026
80.158.109.51 10/10
Confidence 100%
Reports 73
ISP T-Systems Inter...
6 Jun 2026
212.224.100.2 10/10
Confidence 100%
Reports 61
ISP firstcolo GmbH
31 May 2026
94.130.219.13 10/10
Confidence 100%
Reports 58
ISP Hetzner Online ...
9 May 2026
5.83.135.102 8/10
Confidence 100%
Reports 44
ISP AltunHOST LTD
8 Jun 2026
94.26.106.209 8/10
Confidence 100%
Reports 38
ISP dataforest GmbH
4 Jun 2026

IPs with similar threat level and confidence scores.

15 Related IPs
5.3/10 Avg Threat
55% Avg Confidence
2 High Threat
196.251.92.134 7/10
Confidence 55%
Reports 75,414
Location NL NL
14 Oct 2025
155.94.155.105 5/10
Confidence 55%
Reports 19,539
Location US US
7 Sep 2025
213.209.157.165 5/10
Confidence 55%
Reports 11,629
Location DE DE
5 Dec 2025
45.144.212.19 5/10
Confidence 55%
Reports 9,796
Location UA UA
3 Feb 2026
213.209.157.87 5/10
Confidence 55%
Reports 9,465
Location DE DE
16 Dec 2025
213.209.157.54 5/10
Confidence 55%
Reports 7,881
Location DE DE
22 Oct 2025
185.196.11.84 5/10
Confidence 55%
Reports 2,841
Location CH CH
24 Nov 2025
213.209.157.207 5/10
Confidence 55%
Reports 2,510
Location DE DE
2 Dec 2025
78.153.140.207 7/10
Confidence 55%
Reports 2,224
Location GB GB
4 Feb 2026
185.196.11.30 5/10
Confidence 55%
Reports 1,710
Location CH CH
30 Dec 2025
196.251.72.5 5/10
Confidence 55%
Reports 1,619
Location SC SC
6 Nov 2025
213.209.157.154 5/10
Confidence 55%
Reports 1,532
Location DE DE
18 Sep 2025
196.251.83.16 5/10
Confidence 55%
Reports 1,531
Location SC SC
12 Nov 2025
213.209.157.201 5/10
Confidence 55%
Reports 1,497
Location DE DE
11 Oct 2025
213.209.157.221 5/10
Confidence 55%
Reports 1,472
Location DE DE
8 Nov 2025

Export & Firewall Rules

Download threat data or generate firewall rules to block this IP

JSON Report

Structured data format for integration with security tools and SIEM systems.

{
    "ip_address": "213.209.157.216",
    "threat_level": 5,
    "confidence_score": 55,
    "total_reports": 1498,
    "country_code": "DE",
    "isp_name": "Moon Dc",
    "asn": "208485",
    "first_reported": "2025-11-23 13:05:14",
    "last_reported": "2025-12-14 05:06:42",
    "exported_at": "2026-06-09T09:55:52+02:00",
    "source": "https://reportedip.de/ip/213.209.157.216/"
}
Download JSON

GDPR Compliant: Exports contain only IP-related threat data. No personal information or reporter details are included.

Analyzed high-risk IP addresses