2.58.148.50 - IPInfo

Basic Info

City: Dulles Town Center

Region: Virginia

Country: United States

Internet Service Provider: unknown

Hostname: unknown

Organization: unknown

Usage Type: unknown

Comments:

Make a comment on this IP

No discussion about this IP yet. Click above link to make one.

Comments on same subnet:

IP	Type	Details	Datetime
2.58.148.71	spamattack	PHISHING AND SPAM ATTACK GROUP USES LayerHost, IP SERVER LLC, Root Networks LLC, Serverion BV, XSServer GmbH, Xervers, Colocrossing 104.148.18.18 Bitcoin Select arianna.lavoi@boschbuy.club, Dividends Paid Every 60 Minutes - New underground DeFi crypto, 05 Jul 2021 2.58.148.71 Save on the Cost of Gas - Effuel@shofybox.us, This Simple Device Saves You 25% on Your Car's Fuel Consumption, Wed, 7 Jul inetnum: 2.58.148.0 - 2.58.149.255 org-name: Serverion BV inetnum: 5.252.192.0 - 5.252.195.255 org-name: IP SERVER LLC NetRange: 23.247.0.0 - 23.247.127.255 OrgName: LayerHost NetRange: 31.210.22.0 - 31.210.23.255 org-name: Serverion BV NetRange: 103.73.156.0 - 103.73.156.255 OrgName: LayerHost NetRange: 104.148.0.0 - 104.148.127.255 OrgName: LayerHost NetRange: 104.223.128.0 - 104.223.255.255 OrgName: LayerHost NetRange: 107.179.0.0 - 107.179.127.255 OrgName: LayerHost NetRange: 134.73.0.0 - 134.73.255.255 CustName: Root Networks LLC NetRange: 157.52.128.0 - 157.52.255.255 OrgName: LayerHost NetRange: 185.239.242.0 - 185.239.242.255 org-name: Serverion BV inetnum: 194.59.216.0 - 194.59.217.255 org-name: Serverion BV inetnum: 195.62.32.0 - 195.62.33.255 org-name: XSServer GmbH inetnum: 195.133.12.0 - 195.133.15.255 netname: Xervers inetnum: 195.133.39.0 - 195.133.39.255 org-name: Serverion BV NetRange: 198.12.64.0 - 198.12.127.255 OrgName: ColoCrossing Some similar emails from same group 5.252.194.15 Plansforsheds - EasyShedPlans@ultraboostz.co, Discover The Easiest Way To Build Beautiful Sheds..., 15 Jun 2021 31.210.22.9 Fat belly - info@bloodpressure.buzz, Japanese “Fix” for Belly Fat?, 17 Jun 2021 31.210.22.106 On Hold - OnHold@ecobuds.us, Your FREE Red Laser Targeting System, 21 Jun 2021	2021-07-08 06:00:22

Type

Details

Datetime

2.58.148.71

spamattack

PHISHING AND SPAM ATTACK
GROUP USES LayerHost, IP SERVER LLC, Root Networks LLC, Serverion BV, XSServer GmbH, Xervers, Colocrossing
104.148.18.18	Bitcoin Select arianna.lavoi@boschbuy.club, Dividends Paid Every 60 Minutes - New underground DeFi crypto, 05 Jul 2021
2.58.148.71	Save on the Cost of Gas - Effuel@shofybox.us, This Simple Device Saves You 25% on Your Car's Fuel Consumption, Wed, 7 Jul 
inetnum:        2.58.148.0 - 2.58.149.255	org-name:       Serverion BV
inetnum:        5.252.192.0 - 5.252.195.255	org-name:       IP SERVER LLC
NetRange:       23.247.0.0 - 23.247.127.255	OrgName:        LayerHost
NetRange:       31.210.22.0 - 31.210.23.255	org-name:       Serverion BV
NetRange:       103.73.156.0 - 103.73.156.255	OrgName:        LayerHost
NetRange:       104.148.0.0 - 104.148.127.255	OrgName:        LayerHost
NetRange:       104.223.128.0 - 104.223.255.255 OrgName:        LayerHost
NetRange:       107.179.0.0 - 107.179.127.255	OrgName:        LayerHost
NetRange:       134.73.0.0 - 134.73.255.255	CustName:       Root Networks LLC
NetRange:       157.52.128.0 - 157.52.255.255	OrgName:        LayerHost
NetRange:       185.239.242.0 - 185.239.242.255	org-name:       Serverion BV
inetnum:        194.59.216.0 - 194.59.217.255	org-name:       Serverion BV
inetnum:        195.62.32.0 - 195.62.33.255	org-name:       XSServer GmbH
inetnum:        195.133.12.0 - 195.133.15.255   netname:        Xervers
inetnum:        195.133.39.0 - 195.133.39.255	org-name:       Serverion BV
NetRange:       198.12.64.0 - 198.12.127.255	OrgName:        ColoCrossing
Some similar emails from same group
5.252.194.15  	Plansforsheds - EasyShedPlans@ultraboostz.co, Discover The Easiest Way To Build Beautiful Sheds..., 15 Jun 2021 
31.210.22.9    	Fat belly - info@bloodpressure.buzz,  Japanese “Fix” for Belly Fat?, 17 Jun 2021
31.210.22.106  	On Hold - OnHold@ecobuds.us, Your FREE Red Laser Targeting System, 21 Jun 2021

2021-07-08 06:00:22

Whois info:

Dig info:

; <<>> DiG 9.10.3-P4-Ubuntu <<>> 2.58.148.50
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 1798
;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 0

;; QUESTION SECTION:
;2.58.148.50.			IN	A

;; AUTHORITY SECTION:
.			17	IN	SOA	a.root-servers.net. nstld.verisign-grs.com. 2023080701 1800 900 604800 86400

;; Query time: 60 msec
;; SERVER: 183.60.83.19#53(183.60.83.19)
;; WHEN: Tue Aug 08 03:37:16 CST 2023
;; MSG SIZE  rcvd: 104

Host info

50.148.58.2.in-addr.arpa domain name pointer ongkongpoly.com.

Nslookup info:

Server:		183.60.83.19
Address:	183.60.83.19#53

Non-authoritative answer:
50.148.58.2.in-addr.arpa	name = ongkongpoly.com.

Authoritative answers can be found from:

Related IP info:

Related comments:

IP	Type	Details	Datetime
118.89.39.81	attack	2020-01-11T07:14:36.553907shield sshd\[6488\]: Invalid user uez from 118.89.39.81 port 45550 2020-01-11T07:14:36.560054shield sshd\[6488\]: pam_unix\(sshd:auth\): authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=118.89.39.81 2020-01-11T07:14:38.468482shield sshd\[6488\]: Failed password for invalid user uez from 118.89.39.81 port 45550 ssh2 2020-01-11T07:21:26.920993shield sshd\[8980\]: pam_unix\(sshd:auth\): authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=118.89.39.81 user=root 2020-01-11T07:21:28.448598shield sshd\[8980\]: Failed password for root from 118.89.39.81 port 35266 ssh2	2020-01-11 15:26:05
181.30.101.162	attackspambots	Jan 11 07:53:06 v22018076622670303 sshd\[6778\]: Invalid user ftp_user from 181.30.101.162 port 41586 Jan 11 07:53:06 v22018076622670303 sshd\[6778\]: pam_unix\(sshd:auth\): authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=181.30.101.162 Jan 11 07:53:08 v22018076622670303 sshd\[6778\]: Failed password for invalid user ftp_user from 181.30.101.162 port 41586 ssh2 ...	2020-01-11 15:54:20
222.186.30.114	attackbots	Jan 11 08:55:00 h2177944 sshd\[28823\]: pam_unix\(sshd:auth\): authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=222.186.30.114 user=root Jan 11 08:55:01 h2177944 sshd\[28823\]: Failed password for root from 222.186.30.114 port 52853 ssh2 Jan 11 08:55:03 h2177944 sshd\[28823\]: Failed password for root from 222.186.30.114 port 52853 ssh2 Jan 11 08:55:05 h2177944 sshd\[28823\]: Failed password for root from 222.186.30.114 port 52853 ssh2 ...	2020-01-11 15:56:41
128.199.253.133	attack	Jan 11 05:55:02 hosting180 sshd[25888]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=128.199.253.133 user=root Jan 11 05:55:04 hosting180 sshd[25888]: Failed password for root from 128.199.253.133 port 51834 ssh2 ...	2020-01-11 15:41:09
117.102.127.130	attackbots	firewall-block, port(s): 445/tcp	2020-01-11 15:42:42
222.186.42.136	attackspam	Jan 11 04:37:30 firewall sshd[5336]: Failed password for root from 222.186.42.136 port 61700 ssh2 Jan 11 04:37:32 firewall sshd[5336]: Failed password for root from 222.186.42.136 port 61700 ssh2 Jan 11 04:37:34 firewall sshd[5336]: Failed password for root from 222.186.42.136 port 61700 ssh2 ...	2020-01-11 15:49:09
103.99.15.175	attackbots	Attempt to attack host OS, exploiting network vulnerabilities, on 11-01-2020 04:55:09.	2020-01-11 15:34:15
106.12.159.235	attack	SSH Brute-Force reported by Fail2Ban	2020-01-11 15:53:55
177.228.78.205	attackspambots	Jan 11 05:55:09 grey postfix/smtpd\[17169\]: NOQUEUE: reject: RCPT from unknown\[177.228.78.205\]: 554 5.7.1 Service unavailable\; Client host \[177.228.78.205\] blocked using truncate.gbudb.net\; http://www.gbudb.com/truncate/ \[177.228.78.205\]\; from=\ to=\ proto=ESMTP helo=\ ...	2020-01-11 15:36:01
59.42.37.48	attackbots	Jan 11 07:07:02 * sshd[17605]: Address 59.42.37.48 maps to 48.37.42.59.broad.gz.gd.dynamic.163data.com.cn, but this does not map back to the address - POSSIBLE BREAK-IN ATTEMPT! Jan 11 07:07:02 * sshd[17605]: Invalid user xwu from 59.42.37.48 Jan 11 07:07:02 * sshd[17605]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=59.42.37.48 Jan 11 07:07:04 * sshd[17605]: Failed password for invalid user xwu from 59.42.37.48 port 53279 ssh2 Jan 11 07:07:05 *** sshd[17605]: Received disconnect from 59.42.37.48: 11: Bye Bye [preauth] ........ ----------------------------------------------- https://www.blocklist.de/en/view.html?ip=59.42.37.48	2020-01-11 15:55:06
82.64.25.207	attackbotsspam	Brute force attempt	2020-01-11 15:46:08
54.183.166.71	attack	Unauthorized connection attempt detected from IP address 54.183.166.71 to port 8888	2020-01-11 15:31:31
197.50.238.133	attack	Unauthorized connection attempt detected from IP address 197.50.238.133 to port 80	2020-01-11 15:26:41
79.3.6.207	attack	"Fail2Ban detected SSH brute force attempt"	2020-01-11 15:17:49
46.10.135.187	attack	Jan 11 05:54:34 grey postfix/smtpd\[10128\]: NOQUEUE: reject: RCPT from 46-10-135-187.ip.btc-net.bg\[46.10.135.187\]: 554 5.7.1 Service unavailable\; Client host \[46.10.135.187\] blocked using cbl.abuseat.org\; Blocked - see http://www.abuseat.org/lookup.cgi\?ip=46.10.135.187\; from=\ to=\ proto=ESMTP helo=\<46-10-135-187.ip.btc-net.bg\> ...	2020-01-11 15:57:39

Recently Reported IPs

185.176.220.126	185.28.39.9	63.141.202.160	118.50.138.14
185.81.145.228	50.161.222.255	189.21.167.14	174.70.141.187
107.189.5.233	154.66.120.79	6.124.103.71	199.130.199.9
159.168.195.198	62.200.35.149	140.254.104.194	184.105.139.0
163.152.121.228	149.129.222.203	13.228.24.148	175.200.234.189