JavaScript is disabled. Some features of this site may not work properly. For a smoother experience, please enable JavaScript in your browser settings.

AbuseIPDB » 198.46.241.116

198.46.241.116 was found in our database!

This IP was reported 13 times. Confidence of Abuse is 3%: ?

ISP	HostPapa
Usage Type	Data Center/Web Hosting/Transit
ASN	AS36352
Hostname(s)	198-46-241-116-host.colocrossing.com
Domain Name	hostpapa.com
Country	🇺🇸 United States of America
City	Los Angeles, California

IP info including ISP, Usage Type, and Location provided by IPInfo. Updated weekly.

Report 198.46.241.116

Whois 198.46.241.116

IP Abuse Reports for 198.46.241.116:

This IP address has been reported a total of 13 times from 7 distinct sources. 198.46.241.116 was first reported on July 1st 2025, and the most recent report was 1 week ago.

Old Reports: The most recent abuse report for this IP address is from 1 week ago . It is possible that this IP is no longer involved in abusive activities.

Reporter	IoA Timestamp (UTC)	Comment	Categories
🇺🇸 TPI-Abuse	2026-06-01 03:27:14 (1 week ago)	(mod_security) mod_security (id:210730) triggered by 198.46.241.116 (198-46-241-116-host.colocrossin ... show more (mod_security) mod_security (id:210730) triggered by 198.46.241.116 (198-46-241-116-host.colocrossing.com): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sun May 31 23:27:07.747079 2026] [security2:error] [pid 7572:tid 7654] [client 198.46.241.116:41401] ModSecurity: Access denied with code 403 (phase 2). Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy\|\|kettlehill.com\|F\|2"] [data ".php.bak"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] [hostname "kettlehill.com"] [uri "/footer.php.bak"] [unique_id "ahz8C4dYk5YR-blX3soc0wAAAIQ"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2026-04-08 20:51:16 (2 months ago)	(mod_security) mod_security (id:212620) triggered by 198.46.241.116 (198-46-241-116-host.colocrossin ... show more (mod_security) mod_security (id:212620) triggered by 198.46.241.116 (198-46-241-116-host.colocrossing.com): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Wed Apr 08 16:51:11.719047 2026] [security2:error] [pid 96944:tid 96944] [client 198.46.241.116:39901] ModSecurity: Access denied with code 403 (phase 2). Pattern match "<script\\\\b" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/07_XSS_XSS.conf"] [line "65"] [id "212620"] [rev "4"] [msg "COMODO WAF: Cross-site Scripting (XSS) Attack\|\|ftp.nbcnewsradio.com\|F\|2"] [data "Matched Data: <script found within REQUEST_URI: /error?msg=</script><script>alert(document.domain)</script>"] [severity "CRITICAL"] [tag "CWAF"] [tag "XSS"] [hostname "ftp.nbcnewsradio.com"] [uri "/error"] [unique_id "ada_v7DI3BolTbobM60b6AAAABA"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2025-12-02 23:26:43 (6 months ago)	(mod_security) mod_security (id:210492) triggered by 198.46.241.116 (198-46-241-116-host.colocrossin ... show more (mod_security) mod_security (id:210492) triggered by 198.46.241.116 (198-46-241-116-host.colocrossing.com): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Tue Dec 02 18:26:40.842274 2025] [security2:error] [pid 15601:tid 15601] [client 198.46.241.116:53511] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "webdisk.farmers123.com"] [uri "/.env.stage"] [unique_id "aS91sDubJsYtF_WRsxZHDQAAABM"] show less	Brute-Force Bad Web Bot Web App Attack
🇦🇹 Erpelstolz	2025-11-25 11:30:41 (6 months ago)	VM 131: 198.46.241.116 - - [25/Nov/2025:12:30:40 +0100] "GET /partymgr/control/getJSONuiLabel HTTP/1 ... show more VM 131: 198.46.241.116 - - [25/Nov/2025:12:30:40 +0100] "GET /partymgr/control/getJSONuiLabel HTTP/1.1" 301 753 show less	Web App Attack
🇺🇸 TPI-Abuse	2025-10-28 21:04:03 (7 months ago)	(mod_security) mod_security (id:210492) triggered by 198.46.241.116 (198-46-241-116-host.colocrossin ... show more (mod_security) mod_security (id:210492) triggered by 198.46.241.116 (198-46-241-116-host.colocrossing.com): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Tue Oct 28 17:03:57.290183 2025] [security2:error] [pid 15069:tid 15069] [client 198.46.241.116:41239] ModSecurity: Access denied with code 403 (phase 1). Matched phrase ".htaccess" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "whm.nbcnewsradio.com"] [uri "/a.htaccess"] [unique_id "aQEvvSGoMF1ijAT2NCZphQAAAAM"] show less	Brute-Force Bad Web Bot Web App Attack
🇮🇹 mgarofano80	2025-10-22 19:53:11 (7 months ago)		Brute-Force Web App Attack
🇺🇸 sailor	2025-10-18 17:41:00 (7 months ago)	blocked by firewall for SQL Injection in POST body:	Hacking Web App Attack
🇺🇸 TPI-Abuse	2025-09-22 21:35:59 (8 months ago)	(mod_security) mod_security (id:210492) triggered by 198.46.241.116 (198-46-241-116-host.colocrossin ... show more (mod_security) mod_security (id:210492) triggered by 198.46.241.116 (198-46-241-116-host.colocrossing.com): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Mon Sep 22 17:35:52.938189 2025] [security2:error] [pid 804:tid 804] [client 198.46.241.116:35405] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "120"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "cpcontacts.deandobkin.com"] [uri "/api/.env"] [unique_id "aNHBOCbYQga42rYnOxwF4gAAAAY"] show less	Brute-Force Bad Web Bot Web App Attack
🇯🇵 KuhA	2025-09-22 05:58:26 (8 months ago)	GET /control/stream?contentId=%27\\%22%3E%3Csvg/onload=alert(/xss/)%3E	Hacking Web App Attack
Anonymous	2025-08-08 11:20:34 (10 months ago)	Malicious activity detected	Hacking Web App Attack
🇺🇸 TPI-Abuse	2025-08-05 19:34:16 (10 months ago)	(mod_security) mod_security (id:210730) triggered by 198.46.241.116 (198-46-241-116-host.colocrossin ... show more (mod_security) mod_security (id:210730) triggered by 198.46.241.116 (198-46-241-116-host.colocrossing.com): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Tue Aug 05 15:34:08.568799 2025] [security2:error] [pid 23600:tid 23600] [client 198.46.241.116:38733] ModSecurity: Access denied with code 403 (phase 2). Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy\|\|ftp.nbcnewsradio.com\|F\|2"] [data ".log"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] [hostname "ftp.nbcnewsradio.com"] [uri "/errors/errors.log"] [unique_id "aJJcsBaqmw53Rq88Do4rJgAAAAo"] show less	Brute-Force Bad Web Bot Web App Attack
Anonymous	2025-07-20 06:10:02 (10 months ago)	\| Common web attack.	Hacking SQL Injection Web App Attack
🇺🇸 TPI-Abuse	2025-07-01 06:51:51 (11 months ago)	(mod_security) mod_security (id:210492) triggered by 198.46.241.116 (198-46-241-116-host.colocrossin ... show more (mod_security) mod_security (id:210492) triggered by 198.46.241.116 (198-46-241-116-host.colocrossing.com): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Tue Jul 01 02:51:43.804521 2025] [security2:error] [pid 32047:tid 32122] [client 198.46.241.116:41455] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/sftp-config.json" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "autoconfig.kettlehill.net"] [uri "/sftp-config.json"] [unique_id "aGOFfwF1tdoO2im1K3VyEgAAAI0"] show less	Brute-Force Bad Web Bot Web App Attack

Showing 1 to 13 of 13 reports

Think this IP has been falsely reported? You may request to have the associated reports reviewed and removed. Request Takedown 🚩

Recently Reported IPs:

🇯🇵 47.79.37.117

🇧🇪 207.175.11.57

🇬🇧 193.163.125.24

🇺🇸 138.113.23.170

🇨🇳 123.160.232.18

🇨🇳 111.7.96.135

🇬🇧 45.82.76.138

🇺🇸 34.138.146.10

🇨🇳 14.103.120.132

🇯🇵 218.219.193.151

🇨🇳 218.13.26.42

🇳🇱 185.226.197.27

🇮🇳 182.95.185.14

🇨🇦 170.52.119.234

🇵🇰 160.250.51.2

🇨🇳 120.195.50.149

🇮🇳 117.252.93.114

🇮🇹 91.80.181.155

🇨🇳 82.156.229.107

🇬🇧 80.1.51.168