JavaScript is disabled. Some features of this site may not work properly. For a smoother experience, please enable JavaScript in your browser settings.

AbuseIPDB » 109.248.170.54

109.248.170.54 was found in our database!

This IP was reported 94 times. Confidence of Abuse is 100%: ?

100%

ISP	GOhost.KZ
Usage Type	Data Center/Web Hosting/Transit
ASN	AS203087
Domain Name	gohost.kz
Country	🇰🇿 Kazakhstan
City	Karagandy, Karaganda

IP info including ISP, Usage Type, and Location provided by IPInfo. Updated weekly.

Report 109.248.170.54

Whois 109.248.170.54

IP Abuse Reports for 109.248.170.54:

This IP address has been reported a total of 94 times from 70 distinct sources. 109.248.170.54 was first reported on June 11th 2026, and the most recent report was 5 days ago.

Recent Reports: We have received reports of abusive activity from this IP address within the last week. It is potentially still actively engaged in abusive activities.

Reporter	IoA Timestamp (UTC)	Comment	Categories
🇬🇧 andypiper	2026-06-13 01:01:13 (5 days ago)	CrowdSec ban for AbuseIPDB Top List	Brute-Force Web App Attack
🇦🇹 urnilxfgbez	2026-06-12 22:45:00 (5 days ago)	Last 24 Hours suspicious: (DPT=445\|DPT=3389\|DPT=22\|DPT=3306\|DPT=8080\|DPT=23\|DPT=5900\|DPT=1433)	Port Scan
🇫🇷 HerrWolf	2026-06-12 08:15:03 (5 days ago)	CrowdSec Detection: crowdsecurity/ssh-slow-bf	Brute-Force SSH
🇩🇪 barbarella	2026-06-12 08:13:37 (5 days ago)	Multiple (46) times attack on https port 443: illegal attempt to access local shell (POST /cgi-bin/. ... show more Multiple (46) times attack on https port 443: illegal attempt to access local shell (POST /cgi-bin/.%2e/.%2e/.%2e/.%2e/.%2e/.%2e/.%2e/.%2e/.%2e/.%2e/bin/sh) 10:13:37 illegal attempt to access local shell (POST /cgi-bin/%%32%65%%32%65/%%32%65%%32%65/%%32%65%%32%65/%%32%65%%32%65/%%32%65%%32%65/%%32%65%%32%65/%%32%65%%32%65/bin/sh) 10:13:37 Command Injection for PHP Vulnerablity CVE-2024-4577 (POST /hello.world?%ADd+allow_url_include%3d1+%ADd+auto_prepend_file%3dphp://input) 10:13:38 Command Injection for PHP Vulnerablity CVE-2024-4577 (POST /?%ADd+allow_url_include%3d1+%ADd+auto_prepend_file%3dphp://input) 10:13:38 scanning for exposed directories (GET /vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php) 10:13:38 scanning for exposed directories (GET /vendor/phpunit/phpunit/Util/PHP/eval-stdin.php) 10:13:38 scanning for exposed directories (GET /vendor/phpunit/src/Util/PHP/eval-stdin.php) 10:13:38 scanning for exposed directories (GET /vendor/phpunit/Util/PHP/eval-stdin.php) 10 show less	Hacking Web App Attack
🇺🇸 yzfdude1	2026-06-12 08:08:20 (5 days ago)	Jun 12 02:08:17 deimos sshd[169666]: Invalid user orangepi from 109.248.170.54 port 36154 Jun 12 02: ... show more Jun 12 02:08:17 deimos sshd[169666]: Invalid user orangepi from 109.248.170.54 port 36154 Jun 12 02:08:17 deimos sshd[169666]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=109.248.170.54 Jun 12 02:08:19 deimos sshd[169666]: Failed password for invalid user orangepi from 109.248.170.54 port 36154 ssh2 ... show less	Brute-Force SSH
🇺🇸 bigscoots.com	2026-06-12 08:06:49 (5 days ago)	(sshd) Failed SSH login from 109.248.170.54 (KZ/Kazakhstan/-): 5 in the last 3600 secs; Ports: ; Di ... show more (sshd) Failed SSH login from 109.248.170.54 (KZ/Kazakhstan/-): 5 in the last 3600 secs; Ports: ; Direction: 1; Trigger: LF_SSHD; Logs: Jun 12 03:05:34 14175 sshd[17370]: Invalid user admin from 109.248.170.54 port 57590 Jun 12 03:05:36 14175 sshd[17370]: Failed password for invalid user admin from 109.248.170.54 port 57590 ssh2 Jun 12 03:06:08 14175 sshd[17729]: Invalid user orangepi from 109.248.170.54 port 34360 Jun 12 03:06:09 14175 sshd[17729]: Failed password for invalid user orangepi from 109.248.170.54 port 34360 ssh2 Jun 12 03:06:41 14175 sshd[17867]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=109.248.170.54 user=root show less	Brute-Force SSH
🇺🇸 conrad10781	2026-06-12 08:03:51 (5 days ago)	nginx-cgi-bin	Web App Attack
🇭🇰 amyriad	2026-06-12 07:58:51 (5 days ago)	2026-06-12T15:53:00.945828+08:00 twy-ubuntu sshd[557895]: Invalid user admin from 109.248.170.54 por ... show more 2026-06-12T15:53:00.945828+08:00 twy-ubuntu sshd[557895]: Invalid user admin from 109.248.170.54 port 41432 2026-06-12T15:53:32.664207+08:00 twy-ubuntu sshd[557904]: Invalid user orangepi from 109.248.170.54 port 36090 2026-06-12T15:57:15.623824+08:00 twy-ubuntu sshd[557972]: Invalid user test from 109.248.170.54 port 49070 2026-06-12T15:57:47.484599+08:00 twy-ubuntu sshd[558012]: Invalid user user from 109.248.170.54 port 60430 2026-06-12T15:58:51.124387+08:00 twy-ubuntu sshd[558042]: Invalid user admin from 109.248.170.54 port 42738 ... show less	DDoS Attack Hacking Brute-Force
🇺🇸 antlac1	2026-06-12 07:55:28 (5 days ago)	Automatic report - Banned IP Access	Brute-Force SSH
🇺🇸 TPI-Abuse	2026-06-12 07:55:23 (5 days ago)	(mod_security) mod_security (id:218420) triggered by 109.248.170.54 (-): 1 in the last 300 secs; Por ... show more (mod_security) mod_security (id:218420) triggered by 109.248.170.54 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Fri Jun 12 03:55:16.217571 2026] [security2:error] [pid 21133:tid 21140] [client 109.248.170.54:35164] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i)php://(std(in\|out\|err)\|(in\|out)put\|fd\|memory\|temp\|filter)" at ARGS_NAMES:\\xadd allow_url_include=1 \\xadd auto_prepend_file=php://input. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/21_PHP_PHPGen.conf"] [line "22"] [id "218420"] [rev "2"] [msg "COMODO WAF: PHP Injection Attack: I/O Stream Found\|\|192.64.150.21:80\|F\|2"] [data "Matched Data: php://input found within ARGS_NAMES:\\x5cxadd allow_url_include=1 \\x5cxadd auto_prepend_file=php://input: \\xadd allow_url_include=1 \\xadd auto_prepend_file=php://input"] [severity "CRITICAL"] [tag "CWAF"] [tag "PHPGen"] [hostname "192.64.150.21"] [uri "/hello.world"] [unique_id "aiu7ZCq5n_4QNEmxbYYYGQAAAAU"] show less	Brute-Force Bad Web Bot Web App Attack
Anonymous	2026-06-12 07:54:22 (5 days ago)	2026-06-12T09:53:44.523618+02:00 ubuntu sshd-session[1976222]: Invalid user orangepi from 109.248.17 ... show more 2026-06-12T09:53:44.523618+02:00 ubuntu sshd-session[1976222]: Invalid user orangepi from 109.248.170.54 port 52060 2026-06-12T09:53:44.528696+02:00 ubuntu sshd-session[1976222]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=109.248.170.54 2026-06-12T09:53:46.715859+02:00 ubuntu sshd-session[1976222]: Failed password for invalid user orangepi from 109.248.170.54 port 52060 ssh2 2026-06-12T09:54:19.143858+02:00 ubuntu sshd-session[1976334]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=109.248.170.54 user=root 2026-06-12T09:54:21.656923+02:00 ubuntu sshd-session[1976334]: Failed password for root from 109.248.170.54 port 58468 ssh2 ... show less	Brute-Force
🇫🇷 antivirus_5846	2026-06-12 07:34:35 (5 days ago)	2026-06-12T07:30:30.652364+00:00 hms84483 sshd-session[3908405]: Failed password for root from 109.2 ... show more 2026-06-12T07:30:30.652364+00:00 hms84483 sshd-session[3908405]: Failed password for root from 109.248.170.54 port 50960 ssh2 2026-06-12T07:32:33.092566+00:00 hms84483 sshd-session[3908537]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=109.248.170.54 user=root 2026-06-12T07:32:34.970426+00:00 hms84483 sshd-session[3908537]: Failed password for root from 109.248.170.54 port 44050 ssh2 2026-06-12T07:34:32.527925+00:00 hms84483 sshd-session[3908684]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=109.248.170.54 user=root 2026-06-12T07:34:34.438970+00:00 hms84483 sshd-session[3908684]: Failed password for root from 109.248.170.54 port 40226 ssh2 ... show less	Brute-Force SSH
🇨🇦 hpg	2026-06-12 06:55:09 (5 days ago)	49 invalid SSH login attempts from 109.248.170.54 in the last 6.2 hours	Brute-Force SSH
🇺🇸 MPL	2026-06-12 06:54:08 (5 days ago)	tcp/80 (2 or more attempts)	Port Scan
Anonymous	2026-06-12 06:41:43 (5 days ago)	SIEM ALERT AUTO REPORT	Email Spam

Showing 1 to 15 of 94 reports

Think this IP has been falsely reported? You may request to have the associated reports reviewed and removed. Request Takedown 🚩

Recently Reported IPs:

🇺🇸 152.32.207.197

🇹🇭 118.194.250.127

🇮🇩 103.182.189.90

🇺🇸 64.62.197.32

🇳🇱 45.86.200.50

🇺🇸 2604:a940:301:225:0:17::

🇩🇪 193.124.20.226

🇨🇳 118.196.142.135

🇫🇷 62.171.175.230

🇮🇳 49.156.104.74

🇹🇼 211.78.63.153

🇨🇳 113.219.177.95

🇺🇸 107.174.194.115

🇨🇳 59.48.39.222

🇳🇱 45.140.222.120

🇧🇪 34.156.119.248

🇹🇷 5.11.162.163

🇮🇸 213.190.100.140

🇮🇷 193.151.133.105

🇩🇪 192.109.200.189