JavaScript is disabled. Some features of this site may not work properly. For a smoother experience, please enable JavaScript in your browser settings.

AbuseIPDB » 89.181.4.9

89.181.4.9 was found in our database!

This IP was reported 90 times. Confidence of Abuse is 34%: ?

34%

ISP	NOS COMUNICACOES S.A.
Usage Type	Fixed Line ISP
ASN	AS2860
Hostname(s)	89-181-4-9.net.novis.pt
Domain Name	nos.pt
Country	🇵🇹 Portugal
City	Lisbon, Lisbon

IP info including ISP, Usage Type, and Location provided by IPInfo. Updated weekly.

Report 89.181.4.9

Whois 89.181.4.9

IP Abuse Reports for 89.181.4.9:

This IP address has been reported a total of 90 times from 48 distinct sources. 89.181.4.9 was first reported on March 9th 2026, and the most recent report was 4 days ago.

Recent Reports: We have received reports of abusive activity from this IP address within the last week. It is potentially still actively engaged in abusive activities.

Reporter	IoA Timestamp (UTC)	Comment	Categories
🇫🇷 Fasetech	2026-06-18 19:00:56 (4 days ago)	SecLedge detected suspicious activity. Score: 945.12. Sensor: T-Pot.	Brute-Force Web App Attack
🇵🇱 hyperqbe	2026-06-09 21:16:57 (1 week ago)	Jun 9 23:16:42 slaro sshd\[30329\]: pam_unix\(sshd:auth\): authentication failure\; logname= uid=0 ... show more Jun 9 23:16:42 slaro sshd\[30329\]: pam_unix\(sshd:auth\): authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=89.181.4.9 user=root Jun 9 23:16:44 slaro sshd\[30329\]: Failed password for root from 89.181.4.9 port 37166 ssh2 Jun 9 23:16:56 slaro sshd\[30332\]: pam_unix\(sshd:auth\): authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=89.181.4.9 user=root ... show less	Brute-Force SSH
🇪🇸 saima	2026-06-07 00:00:08 (2 weeks ago)	Detected 579 times. SSH Brute-Force from address 89.181.4.9	SSH Brute-Force
🇯🇵 bluecloudwork	2026-05-27 10:31:34 (3 weeks ago)	Fail2Ban - Brute-force SSH server ...	Brute-Force SSH
🇫🇷 Guardian	2026-05-18 19:16:45 (1 month ago)	Unauthorized connection attempt / Port scanning May 18 19:07:38 **** sshd[31666]: Connection close ... show more Unauthorized connection attempt / Port scanning May 18 19:07:38 ** sshd[31666]: Connection closed by 89.181.4.9 port 39686 [preauth] May 18 19:11:37 ** sshd[31728]: Connection closed by authenticating user root 89.181.4.9 port 39700 [preauth] May 18 19:11:51 ** sshd[31731]: Connection closed by authenticating user root 89.181.4.9 port 39704 [preauth] May 18 19:12:05 ** sshd[31733]: Connection closed by authenticating user root 89.181.4.9 port 39708 [preauth] May 18 19:12:22 ** sshd[31735]: Connection closed by authenticating user root 89.181.4.9 port 39712 [preauth] May 18 19:12:51 ** sshd[31737]: Connection closed by authenticating user root 89.181.4.9 port 39718 [preauth] May 18 19:13:21 ** sshd[31739]: Connection closed by authenticating user root 89.181.4.9 port 39724 [preauth] May 18 19:13:36 ** sshd[31747]: Connection closed by authenticating user root 89.181.4.9 port 39728 [preauth] May 18 19:13:50 **** sshd[31749]: Connection closed by authenticating user root 89.181 show less	Port Scan Web App Attack
🇪🇸 saima	2026-05-18 00:00:02 (1 month ago)	Detected 288 times. SSH Brute-Force from address 89.181.4.9	SSH Brute-Force
🇳🇱 huckjones.strawberryforum.org	2026-05-17 13:43:56 (1 month ago)	May 17 13:43:36 maguro sshd[1618840]: pam_unix(sshd:auth): authentication failure; logname= uid=0 eu ... show more May 17 13:43:36 maguro sshd[1618840]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=89.181.4.9 user=root May 17 13:43:39 maguro sshd[1618840]: Failed password for root from 89.181.4.9 port 38722 ssh2 May 17 13:43:54 maguro sshd[1618860]: Invalid user access from 89.181.4.9 port 38728 May 17 13:43:54 maguro sshd[1618860]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=89.181.4.9 May 17 13:43:56 maguro sshd[1618860]: Failed password for invalid user access from 89.181.4.9 port 38728 ssh2 ... show less	Brute-Force SSH
🇭🇰 edisonjwa	2026-05-17 05:31:31 (1 month ago)	2026-05-17T05:29:59.979435+00:00 localhost sshd-session[148892]: Invalid user tomcat from 89.181.4.9 ... show more 2026-05-17T05:29:59.979435+00:00 localhost sshd-session[148892]: Invalid user tomcat from 89.181.4.9 port 39984 2026-05-17T05:30:37.874523+00:00 localhost sshd-session[148905]: Invalid user testftp from 89.181.4.9 port 39998 2026-05-17T05:30:50.812791+00:00 localhost sshd-session[148911]: Invalid user user from 89.181.4.9 port 40002 2026-05-17T05:31:16.520173+00:00 localhost sshd-session[148916]: Invalid user ftptest from 89.181.4.9 port 40012 2026-05-17T05:31:29.994172+00:00 localhost sshd-session[148919]: Invalid user admin from 89.181.4.9 port 40016 ... show less	Port Scan Brute-Force SSH
🇫🇷 Fasetech	2026-05-15 18:04:56 (1 month ago)	SecLedge detected suspicious activity. Score: 945.12. Sensor: T-Pot.	Brute-Force Web App Attack
🇫🇷 Fasetech	2026-05-10 12:45:31 (1 month ago)	SecLedge detected suspicious activity. Score: 945.12. Sensor: T-Pot.	Brute-Force Web App Attack
🇫🇷 Fasetech	2026-05-08 09:31:32 (1 month ago)	SecLedge detected suspicious activity. Score: 945.12. Sensor: T-Pot.	Brute-Force Web App Attack
🇮🇳 evicky2002	2026-05-04 06:00:00 (1 month ago)	Confirmed malicious by STILWaters CTI platform (score=88, sources=1)	Hacking Brute-Force SSH
🇨🇳 ThreatBook.io	2026-05-01 00:38:51 (1 month ago)	ThreatBook Intelligence: Scanner,Dynamic IP more details on https://threatbook.io/ip/89.181.4.9	SSH
🇫🇷 Fasetech	2026-04-30 20:54:46 (1 month ago)	SecLedge detected suspicious activity. Score: 945.12. Sensor: T-Pot.	Brute-Force Web App Attack
🇯🇵 iBug	2026-04-26 16:57:59 (1 month ago)	2026-04-27T00:55:01.613879+08:00 rosemary sshd-session[315307]: Connection closed by 89.181.4.9 port ... show more 2026-04-27T00:55:01.613879+08:00 rosemary sshd-session[315307]: Connection closed by 89.181.4.9 port 54352 [preauth] 2026-04-27T00:57:44.728254+08:00 rosemary sshd-session[316680]: Connection closed by authenticating user root 89.181.4.9 port 54358 [preauth] 2026-04-27T00:57:58.527255+08:00 rosemary sshd-session[316755]: Invalid user moodog from 89.181.4.9 port 54360 ... show less	Brute-Force SSH

Showing 1 to 15 of 90 reports

Think this IP has been falsely reported? You may request to have the associated reports reviewed and removed. Request Takedown 🚩

Recently Reported IPs:

🇧🇷 177.63.47.75

🇳🇱 176.65.139.56

🇺🇸 74.125.77.144

🇷🇺 217.149.191.246

🇨🇦 209.50.188.124

🇬🇧 195.206.182.215

🇲🇽 187.190.35.163

🇺🇸 162.216.149.121

🇩🇪 84.170.221.9

🇸🇬 74.114.31.144

🇩🇪 43.165.62.10

🇬🇵 5.187.97.40

🇺🇸 195.184.76.118

🇩🇪 167.233.94.3

🇫🇮 147.185.133.222

🇨🇳 118.122.87.186

🇨🇳 112.86.225.26

🇺🇸 104.207.36.219

🇩🇪 69.5.169.253

🇳🇱 45.148.10.141