← Back to Dashboard

109.91.4.177 Threat Intelligence Report

Risk Level: CRITICAL — 424 abuse reports from 20 sources

Threat Intelligence Summary

IP address 109.91.4.177 has been flagged in 424 abuse reports across 20 independent threat intelligence sources, resulting in a threat score of 100.0/100 (critical risk). The primary activity associated with this IP is abuseipdb blacklist, along with aggregated threat, attacks, brute force, bruteforce, known attacker, malware c2, malware infrastructure, reconnaissance, ssh brute force, ssh bruteforce, suspicious activity, voip attack.

This IP is geolocated in Germany (Wuppertal) and belongs to the network Vodafone GmbH (AS3209). Reports span from 2026-05-02 to 2026-07-05.

Assessment: With 424 abuse reports, 109.91.4.177 shows persistent malicious activity that has been flagged by multiple threat intelligence feeds. The IP has been observed conducting automated SSH login attempts against internet-facing servers, a technique commonly used to gain unauthorized access to systems.

Data aggregated from 20 independent threat intelligence sources.

Geolocation

Country Germany
City Wuppertal
Region North Rhine-Westphalia
ISP/ASN Vodafone GmbH
Timezone Europe/Berlin

Threat Status

Overall Status Critical
Threat Score 100.0%
Report Count 424
Sources 20
First Seen 2026-05-02
Last Seen 2026-07-05
AI Analysis

Historical Threat Record

Status Known Historical Threat
Archived Reports 440
Peak Severity CRITICAL
History Span 2025-11-03 – 2026-04-30

🔒 The individual historical reports for this IP are part of premium intelligence. Free lookups show the last 90 days of live activity plus this summary.

Unlock full history →

Check IPs automatically with the WAYSCloud API

Free tier: 1,000 lookups/day. Get threat scores, geolocation, and abuse reports via REST API.

Explore the API →

See how we classify and verify threats →

Related Intelligence

Germany Threat Intelligence → AS3209 Network Intelligence → See all top malicious IPs → View latest attacks →
Learn about these threats: