Moderate Risk
IP 213.209.157.87 is a medium-risk address associated with SMTP spam abuse, with a total of 9,465 reports filed through automated honeypot sensors across a three-month detection window from October to December 2025.
The IP is geolocated in Germany and operates within the AS208485 autonomous system administered by Moon Dc. Despite the substantial cumulative report volume, the current activity frequency registers at zero out of ten, indicating the address may be temporarily dormant or under effective mitigation. The dominant threat category in recent reports is email spam, accounting for twenty documented instances, with detection solely attributed to automated honeypot infrastructure rather than direct victim reporting.
SMTP spam abuse involves mass distribution of unwanted email messages through exposed mail servers, frequently weaponised for advertising, phishing credential-harvesting campaigns or malware delivery chains. Even dormant spam-associated IP addresses pose reputational risks, as residual traffic can trigger blocklist inclusions that degrade legitimate email deliverability for any services sharing the same sending infrastructure.
Site operators should enforce SPF, DKIM and DMARC authentication protocols on exposed mail gateways to prevent unauthorised relay through their domains. Deploying fail2ban or equivalent log-analysis tools to detect and auto-block repeated SMTP authentication failures provides an additional hardening layer. Subscribing to real-time blocklist feeds and monitoring this IP address for any resurgence in activity frequency will enable proactive blocking before abuse campaigns can impact end-users.
UA 
CH 
GB 
SC