This IP address has been reported a total of
15
times from
12 distinct
sources.
198.46.241.22 was first reported on
, and the most recent report was
.
Recent Reports:
We have received reports of abusive activity from this IP address within the last week. It is
potentially still actively engaged in abusive activities.
Attempt to access invalid virtual host name (###.###.###.###). Typically used to access "internal" ...
show moreAttempt to access invalid virtual host name (###.###.###.###). Typically used to access "internal" resources improperly exposed externally and "protected" only by a lack of external DNS resolution.
198.46.241.22 - - [09/May/2026:05:37:37 +0000] "GET /.env HTTP/1.1" 403 555 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.140 Safari/537.36" "-"
show less
ban-reviewer auto report; ip=198.46.241.22; scenario=http:scan; verdict=valid_ban; confidence=0.85; ...
show moreban-reviewer auto report; ip=198.46.241.22; scenario=http:scan; verdict=valid_ban; confidence=0.85; categories=14,15,18; active_decisions=1; lookback_decisions=1; nginx_requests=0; appsec_matches=0; auth_events=0; kernel_events=0; signals=IP flagged for 'http:scan' scenario; AbuseIPDB category 14 (Port Scan) is applicable; Decision made within a short time window indicating immediate threat; No evidence of legitimate activity in the summary
show less
Attempt to access invalid virtual host name (###.###.###.###). Typically used to access "internal" ...
show moreAttempt to access invalid virtual host name (###.###.###.###). Typically used to access "internal" resources improperly exposed externally and "protected" only by a lack of external DNS resolution.
198.46.241.22 - - [13/Jan/2026:17:21:16 +0000] "GET /.env HTTP/1.1" 403 555 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.140 Safari/537.36" "-"
show less
Malicious IP detected by WAF with anomaly score 11.0. Attack types: ... and more, Timestamp deviates ...
show moreMalicious IP detected by WAF with anomaly score 11.0. Attack types: ... and more, Timestamp deviates by 2.8 hours, Exposure of environment file (.env) (+8 more). Activity: 2888 requests to 50 URLs. Time: 2025-08-16 07:10:01 (America/Bogota). Origin: US. Source: Automated WAF log analysis.
show less
ThreatBook Intelligence: Zombie,Spam more details on https://threatbook.io/ip/198.46.241.22
2025-06- ...
show moreThreatBook Intelligence: Zombie,Spam more details on https://threatbook.io/ip/198.46.241.22
2025-06-22 04:06:23 /.env
2025-06-22 04:06:23 /,{"body":"0x%5B%5D=androxgh0st","content_type":"application/x-www-form-urlencoded","header":{"Accept":["*/*"],"Accept-Encoding":["gzip"],"Connection":["close"],"Content-Length":["20"],"Content-Type":["application/x-www-form-urlencoded"],"User-Agent":["Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.140 Safari/537.36"]},"host":"44.243.95.195","method":"POST","proto":"HTTP/1.1","remote_addr":"198.46.241.22:56389","status_code":200,"url":"/","user_agent":"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.140 Safari/537.36"}
show less