JavaScript is disabled. Some features of this site may not work properly. For a smoother experience, please enable JavaScript in your browser settings.

AbuseIPDB » 198.46.246.59

198.46.246.59 was found in our database!

This IP was reported 16 times. Confidence of Abuse is 4%: ?

ISP	HostPapa
Usage Type	Data Center/Web Hosting/Transit
ASN	AS36352
Hostname(s)	198-46-246-59-host.colocrossing.com
Domain Name	colocrossing.com
Country	🇺🇸 United States of America
City	Los Angeles, California

IP info including ISP, Usage Type, and Location provided by IPInfo. Updated weekly.

Report 198.46.246.59

Whois 198.46.246.59

IP Abuse Reports for 198.46.246.59:

This IP address has been reported a total of 16 times from 6 distinct sources. 198.46.246.59 was first reported on September 22nd 2024, and the most recent report was 5 days ago.

Recent Reports: We have received reports of abusive activity from this IP address within the last week. It is potentially still actively engaged in abusive activities.

Reporter	IoA Timestamp (UTC)	Comment	Categories
🇫🇷 bigorre.org	2026-06-14 15:24:52 (5 days ago)	Excessive crawling : exceed crawl-delay defined in robots.txt	Bad Web Bot
🇺🇸 TPI-Abuse	2026-02-01 12:51:58 (4 months ago)	(mod_security) mod_security (id:210492) triggered by 198.46.246.59 (198-46-246-59-host.colocrossing. ... show more (mod_security) mod_security (id:210492) triggered by 198.46.246.59 (198-46-246-59-host.colocrossing.com): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sun Feb 01 07:51:50.966385 2026] [security2:error] [pid 483:tid 664] [client 198.46.246.59:53017] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "cpcalendars.kettlehill.net"] [uri "/.env.www"] [unique_id "aX9MZgMxl-cQ0UzvOvSjtwAAAFI"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2026-01-16 15:53:49 (5 months ago)	(mod_security) mod_security (id:210492) triggered by 198.46.246.59 (198-46-246-59-host.colocrossing. ... show more (mod_security) mod_security (id:210492) triggered by 198.46.246.59 (198-46-246-59-host.colocrossing.com): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Fri Jan 16 10:53:45.326189 2026] [security2:error] [pid 1421:tid 1421] [client 198.46.246.59:44285] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "ftp.nbcnewsradio.com"] [uri "/.env"] [unique_id "aWpfCXGyt40lsGBgjVliKgAAAAY"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2025-12-03 02:06:44 (6 months ago)	(mod_security) mod_security (id:221260) triggered by 198.46.246.59 (198-46-246-59-host.colocrossing. ... show more (mod_security) mod_security (id:221260) triggered by 198.46.246.59 (198-46-246-59-host.colocrossing.com): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Tue Dec 02 21:06:41.468058 2025] [security2:error] [pid 8872:tid 8872] [client 198.46.246.59:58929] ModSecurity: Access denied with code 403 (phase 1). Pattern match "^(?:\\\\'\\\\w+?=)?\\\\(\\\\)\\\\s{" at MATCHED_VAR. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "77"] [id "221260"] [rev "3"] [msg "COMODO WAF: Shellshock Command Injection Vulnerabilities in GNU Bash through 4.3 bash43-026 (CVE-2014-7187, CVE-2014-7186, CVE-2014-7169, CVE-2014-6278, CVE-2014-6277, CVE-2014-6271)\|\|webmail.farmers123.com:80\|F\|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "webmail.farmers123.com"] [uri "/cgi-bin/status"] [unique_id "aS-bMTdHyeK5y_9x5XkkFQAAAAI"], referer: () { ignored; }; echo Content-Type: text/html; echo ; /bin/cat /etc/passwd show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2025-12-01 06:15:24 (6 months ago)	(mod_security) mod_security (id:210492) triggered by 198.46.246.59 (198-46-246-59-host.colocrossing. ... show more (mod_security) mod_security (id:210492) triggered by 198.46.246.59 (198-46-246-59-host.colocrossing.com): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Mon Dec 01 01:15:17.737163 2025] [security2:error] [pid 8488:tid 8562] [client 198.46.246.59:36075] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "kettlehill.com"] [uri "/.env.kettlehill"] [unique_id "aS0yddZHHfu_5jcVG6pkQQAAAYc"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2025-10-28 23:44:49 (7 months ago)	(mod_security) mod_security (id:210492) triggered by 198.46.246.59 (198-46-246-59-host.colocrossing. ... show more (mod_security) mod_security (id:210492) triggered by 198.46.246.59 (198-46-246-59-host.colocrossing.com): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Tue Oct 28 19:44:44.954921 2025] [security2:error] [pid 29619:tid 29619] [client 198.46.246.59:52705] ModSecurity: Access denied with code 403 (phase 1). Matched phrase ".htaccess" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "nbcnewsradio.com"] [uri "/a.htaccess"] [unique_id "aQFVbIo0TpVuQEN0TleZ9QAAAA0"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2025-10-01 15:04:27 (8 months ago)	(mod_security) mod_security (id:211190) triggered by 198.46.246.59 (198-46-246-59-host.colocrossing. ... show more (mod_security) mod_security (id:211190) triggered by 198.46.246.59 (198-46-246-59-host.colocrossing.com): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Wed Oct 01 11:04:10.901112 2025] [security2:error] [pid 17241:tid 17262] [client 198.46.246.59:33795] ModSecurity: Access denied with code 403 (phase 2). Match of "contains cpanel" against "REQUEST_URI" required. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "55"] [id "211190"] [rev "9"] [msg "COMODO WAF: Remote File Access Attempt\|\|ftp.kettlehill.com\|F\|2"] [data "Matched Data: /etc/ found within REQUEST_URI: /?patron_only_image=../../../../../../../../../../etc/passwd&patreon_action=serve_patron_only_image"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "ftp.kettlehill.com"] [uri "/"] [unique_id "aN1C6qh4GLz6vZLSqByxfQAAAI8"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2025-09-22 20:40:40 (8 months ago)	(mod_security) mod_security (id:210492) triggered by 198.46.246.59 (198-46-246-59-host.colocrossing. ... show more (mod_security) mod_security (id:210492) triggered by 198.46.246.59 (198-46-246-59-host.colocrossing.com): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Mon Sep 22 16:40:36.569966 2025] [security2:error] [pid 1649:tid 1649] [client 198.46.246.59:43083] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "120"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "www.deandobkin.com"] [uri "/.env.www"] [unique_id "aNG0RI4LmqkQq463SMzg9gAAABs"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2025-08-01 07:01:26 (10 months ago)	(mod_security) mod_security (id:210730) triggered by 198.46.246.59 (198-46-246-59-host.colocrossing. ... show more (mod_security) mod_security (id:210730) triggered by 198.46.246.59 (198-46-246-59-host.colocrossing.com): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Fri Aug 01 03:01:18.967948 2025] [security2:error] [pid 3331491:tid 3331526] [client 198.46.246.59:41985] ModSecurity: Access denied with code 403 (phase 2). Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy\|\|www.kettlehill.kettlehill.com\|F\|2"] [data ".kettlehill.kettlehill.com.db"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] [hostname "www.kettlehill.kettlehill.com"] [uri "/www.kettlehill.kettlehill.com.db"] [unique_id "aIxmPlQiAcb55uv05QoxzQAAAkg"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2025-06-01 10:11:49 (1 year ago)	(mod_security) mod_security (id:210730) triggered by 198.46.246.59 (198-46-246-59-host.colocrossing. ... show more (mod_security) mod_security (id:210730) triggered by 198.46.246.59 (198-46-246-59-host.colocrossing.com): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sun Jun 01 06:11:42.228892 2025] [security2:error] [pid 2863390:tid 2863505] [client 198.46.246.59:34161] ModSecurity: Access denied with code 403 (phase 2). Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy\|\|mail.kettlehill.net\|F\|2"] [data ".php.bak"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] [hostname "mail.kettlehill.net"] [uri "/db.php.bak"] [unique_id "aDwnXomk0cNjkOYTn0L2IgAAAME"] show less	Brute-Force Bad Web Bot Web App Attack
Anonymous	2025-05-31 23:00:02 (1 year ago)	\| Common web attack.	Hacking SQL Injection Web App Attack
🇺🇸 TPI-Abuse	2025-05-28 20:32:40 (1 year ago)	(mod_security) mod_security (id:210730) triggered by 198.46.246.59 (198-46-246-59-host.colocrossing. ... show more (mod_security) mod_security (id:210730) triggered by 198.46.246.59 (198-46-246-59-host.colocrossing.com): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Wed May 28 16:32:33.225989 2025] [security2:error] [pid 1870675:tid 1870675] [client 198.46.246.59:57633] ModSecurity: Access denied with code 403 (phase 2). Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy\|\|autodiscover.farmers123.com\|F\|2"] [data ".key"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] [hostname "autodiscover.farmers123.com"] [uri "/my.key"] [unique_id "aDdy4YpplqieJz1-1Wc5OgAAAAU"] show less	Brute-Force Bad Web Bot Web App Attack
Anonymous	2025-05-13 04:14:36 (1 year ago)	Malicious activity detected	Hacking Web App Attack
🇦🇺 advena	2025-02-21 06:30:59 (1 year ago)	198.46.246.59 (AS36352 AS-COLOCROSSING) was intercepted at 2025-02-21T06:27:42Z after violating WAF ... show more 198.46.246.59 (AS36352 AS-COLOCROSSING) was intercepted at 2025-02-21T06:27:42Z after violating WAF directive: 874a3e315c344b1281ad4f00046aab6f. Pre-cautionary/corrective action applied: managed_challenge. show less	Web Spam Hacking Brute-Force Web App Attack
Anonymous	2024-09-24 14:24:00 (1 year ago)	Web App Attack	Web App Attack

Showing 1 to 15 of 16 reports

Think this IP has been falsely reported? You may request to have the associated reports reviewed and removed. Request Takedown 🚩

Recently Reported IPs:

🇺🇸 209.222.101.194

🇮🇩 180.253.189.140

🇺🇸 165.227.209.27

🇨🇳 112.28.130.136

🇧🇩 103.183.62.0

🇺🇸 102.129.137.96

🇵🇹 89.181.145.236

🇷🇴 80.94.92.182

🇨🇳 58.210.182.18

🇳🇱 45.148.10.151

🇹🇳 197.28.30.102

🇮🇳 182.95.116.66

🇦🇷 181.116.43.183

🇩🇪 165.227.159.13

🇯🇵 152.32.201.247

🇷🇴 141.98.83.186

🇹🇷 85.106.116.153

🇬🇧 81.19.219.198

🇪🇸 79.117.252.164

🇺🇸 72.180.209.122