This IP address has been reported a total of
38
times from
21 distinct
sources.
109.248.59.254 was first reported on
, and the most recent report was
.
Recent Reports:
We have received reports of abusive activity from this IP address within the last week. It is
potentially still actively engaged in abusive activities.
Auto-ban: single probe for restricted files (.env / backups / admin endpoints). Likely mass-scan on ...
show moreAuto-ban: single probe for restricted files (.env / backups / admin endpoints). Likely mass-scan on 2026-07-16.
show less
(modsecurity) srv201 ModSecurity 109.248.59.254 (RU/Russia/186847.msk.web.highserver.ru): 10 in the ...
show more(modsecurity) srv201 ModSecurity 109.248.59.254 (RU/Russia/186847.msk.web.highserver.ru): 10 in the last 3600 secs; Ports: *; Direction: inout; Trigger: LF_CUSTOMTRIGGER; Logs:
show less
(mod_security) mod_security (id:210492) triggered by 109.248.59.254 (186847.msk.web.highserver.ru): ...
show more(mod_security) mod_security (id:210492) triggered by 109.248.59.254 (186847.msk.web.highserver.ru): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Thu Jul 16 23:46:23.355187 2026] [security2:error] [pid 8334:tid 8334] [client 109.248.59.254:45690] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "www.yalaz.qcyprus.com"] [uri "/.env.dev"] [unique_id "almlj1nIOICtcGOOi4MxNwAAAAQ"]
show less
Brute-Force
Bad Web Bot
Web App Attack
Anonymous
{"reqId":"rLUVBo2a35lqu8akOEIk","level":1,"time":"2026-07-17T05:06:23+02:00","remoteAddr":"109.248.5 ...
show more{"reqId":"rLUVBo2a35lqu8akOEIk","level":1,"time":"2026-07-17T05:06:23+02:00","remoteAddr":"109.248.59.254","user":"--","app":"core","method":"GET","url":"/settings.js","scriptName":"/index.php","message":"Trusted domain error. \"109.248.59.254\" tried to access using \"shield.khomri.com\" as host.","userAgent":"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/136.0.0.0 Safari/537.36 (Silvy X Ran; +https://silvyxran.love; +https://silver.inc)","version":"34.0.1.2","data":{"app":"core"}}
{"reqId":"LSyMxmBDtSNZIXcVPMb4","level":1,"time":"2026-07-17T05:06:24+02:00","remoteAddr":"109.248.59.254","user":"--","app":"core","method":"GET","url":"/settings.json","scriptName":"/index.php","message":"Trusted domain error. \"109.248.59.254\" tried to access using \"shield.khomri.com\" as host.","userAgent":"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/136.0.0.0 Safari/537.36 (Silvy X Ran; +https://silvyxran.love; +htt
...
show less
Web App Attack
Showing 1 to
15
of 38 reports
Think this IP has been falsely reported? You may request to have the associated
reports reviewed and removed.
Request Takedown ๐ฉ