This IP address has been reported a total of 1,643
times from 367 distinct
sources.
46.101.1.225 was first reported on ,
and the most recent report was .
Recent Reports:
We have received reports of abusive activity from this IP address within the last week. It is
potentially still actively engaged in abusive activities.
6 attacks on PHP URLs, config grabbing URLs, password grabbing URLs, env grabbing URLs, VC URLs, Con ... show more6 attacks on PHP URLs, config grabbing URLs, password grabbing URLs, env grabbing URLs, VC URLs, Confluence URLs:
GET /info.php HTTP/1.1
GET /.DS_Store HTTP/1.1
GET /.vscode/sftp.json HTTP/1.1
GET /.env HTTP/1.1
GET /.git/config HTTP/1.1
GET /login.action HTTP/1.1 show less
"Restricted File Access Attempt - Matched Data: /.DS_Store found within REQUEST_FILENAME: /.ds_store ... show more"Restricted File Access Attempt - Matched Data: /.DS_Store found within REQUEST_FILENAME: /.ds_store" show less
2025-02-11T20:59:01.232242+00:00 eu-north-sto1 sshd[3238734]: banner exchange: Connection from 46.10 ... show more2025-02-11T20:59:01.232242+00:00 eu-north-sto1 sshd[3238734]: banner exchange: Connection from 46.101.1.225 port 42226: invalid format
2025-02-11T20:59:01.301496+00:00 eu-north-sto1 sshd[3238735]: banner exchange: Connection from 46.101.1.225 port 42232: invalid format
2025-02-11T20:59:01.540570+00:00 eu-north-sto1 sshd[3238744]: Connection reset by authenticating user root 46.101.1.225 port 42234 [preauth]
... show less
"Restricted File Access Attempt - Matched Data: /.DS_Store found within REQUEST_FILENAME: /.ds_store ... show more"Restricted File Access Attempt - Matched Data: /.DS_Store found within REQUEST_FILENAME: /.ds_store" show less
2025-02-09T18:04:22.004492 rhel-20gb-ash-1 sshd[506334]: banner exchange: Connection from 46.101.1.2 ... show more2025-02-09T18:04:22.004492 rhel-20gb-ash-1 sshd[506334]: banner exchange: Connection from 46.101.1.225 port 45050: invalid format
... show less
(mod_security) mod_security (id:210492) triggered by 46.101.1.225 (GB/United Kingdom/b812f4218d.scan ... show more(mod_security) mod_security (id:210492) triggered by 46.101.1.225 (GB/United Kingdom/b812f4218d.scan.leakix.org): N in the last X secs show less
[SunFeb0902:55:24.6063972025][security2:error][pid1968596:tid1968673][client46.101.1.225:0][client46 ... show more[SunFeb0902:55:24.6063972025][security2:error][pid1968596:tid1968673][client46.101.1.225:0][client46.101.1.225]ModSecurity:Accessdeniedwithcode403\(phase2\).Patternmatch\"\\\\\\\\.vscode/\"atREQUEST_FILENAME.[file\"/etc/apache2/conf.d/modsec_rules/10_asl_rules.conf\"][line\"1189\"][id\"350593\"][rev\"1\"][msg\"Atomicorp.comWAFRules:AttackBlocked-Dataleakage-attempttoaccessstoredvscodepasswords\"][severity\"CRITICAL\"][hostname\"swiss-web-hosting.ch\"][uri\"/.vscode/sftp.json\"][unique_id\"Z6gLDP16j9j2uLeBRw4lyQAAAFU\"][SunFeb0902:55:25.3031792025][security2:error][pid1968596:tid1968673][client46.101.1.225:0][client46.101.1.225]ModSecurity:Accessdeniedwithcode403\(phase2\).Patternmatch\"\(\?:\\\\\\\\b\(\?:\\\\\\\\.\(\?:ht\(\?:access\|passwd\|group\)\|www_\?acl\)\|global\\\\\\\\.asa\|httpd\\\\\\\\.conf\|boot\\\\\\\\.ini\|web.config\)\\\\\\\\b\|\(\|\^\|\\\\\\\\.\\\\\\\\.\)/etc/\|/\\\\\\\\.\(\?:history\|bash_history\|sh_history\|env\)\$\)\"atREQUEST_FILENAME.[file\"/etc/apache2/conf.d/modsec_rules/10_asl_rules.co show less