49.158.41.54 - IPInfo

Basic Info

City: Taipei

Region: Taipei City

Country: Taiwan, China

Internet Service Provider: TFN Media Co. Ltd.

Hostname: unknown

Organization: unknown

Usage Type: Fixed Line ISP

Comments:

Make a comment on this IP

Type	Details	Datetime
attack	[portscan] Port scan	2020-06-03 06:33:00

Comments on same subnet:

No discussion about this subnet yet..

Whois info:

Dig info:

; <<>> DiG 9.10.3-P4-Ubuntu <<>> 49.158.41.54
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 18169
;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;49.158.41.54.			IN	A

;; AUTHORITY SECTION:
.			131	IN	SOA	a.root-servers.net. nstld.verisign-grs.com. 2020060202 1800 900 604800 86400

;; Query time: 102 msec
;; SERVER: 183.60.83.19#53(183.60.83.19)
;; WHEN: Wed Jun 03 06:32:56 CST 2020
;; MSG SIZE  rcvd: 116

Host info

54.41.158.49.in-addr.arpa domain name pointer 49-158-41-54.dynamic.elinx.com.tw.

Nslookup info:

Server:		183.60.83.19
Address:	183.60.83.19#53

Non-authoritative answer:
54.41.158.49.in-addr.arpa	name = 49-158-41-54.dynamic.elinx.com.tw.

Authoritative answers can be found from:

Related IP info:

Related comments:

IP	Type	Details	Datetime
187.167.73.202	attack	MultiHost/MultiPort Probe, Scan, Hack -	2019-10-25 20:11:29
45.121.105.106	attack	Oct 25 03:41:48 DDOS Attack: SRC=45.121.105.106 DST=[Masked] LEN=48 TOS=0x00 PREC=0x00 TTL=245 DF PROTO=TCP SPT=80 DPT=21489 WINDOW=8192 RES=0x00 ACK SYN URGP=0	2019-10-25 20:10:43
89.46.196.10	attack	2019-10-25T12:08:24.793234shield sshd\[25447\]: Invalid user harkonnen from 89.46.196.10 port 41712 2019-10-25T12:08:24.798303shield sshd\[25447\]: pam_unix\(sshd:auth\): authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=89.46.196.10 2019-10-25T12:08:26.939060shield sshd\[25447\]: Failed password for invalid user harkonnen from 89.46.196.10 port 41712 ssh2 2019-10-25T12:12:01.208397shield sshd\[26156\]: Invalid user +++ from 89.46.196.10 port 52340 2019-10-25T12:12:01.216906shield sshd\[26156\]: Failed password for invalid user +++ from 89.46.196.10 port 52340 ssh2	2019-10-25 20:12:54
165.22.16.90	attack	Oct 24 22:32:57 askasleikir sshd[1060469]: Failed password for root from 165.22.16.90 port 42316 ssh2	2019-10-25 20:06:15
62.234.96.175	attackspambots	Oct 25 14:01:37 nextcloud sshd\[15811\]: pam_unix\(sshd:auth\): authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=62.234.96.175 user=root Oct 25 14:01:40 nextcloud sshd\[15811\]: Failed password for root from 62.234.96.175 port 33504 ssh2 Oct 25 14:11:33 nextcloud sshd\[30634\]: pam_unix\(sshd:auth\): authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=62.234.96.175 user=root ...	2019-10-25 20:28:46
94.180.106.94	attackbotsspam	B: Abusive content scan (301)	2019-10-25 19:56:56
115.159.65.195	attackspambots	Invalid user tlchannel from 115.159.65.195 port 35326 pam_unix\(sshd:auth\): authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=115.159.65.195 Failed password for invalid user tlchannel from 115.159.65.195 port 35326 ssh2 pam_unix\(sshd:auth\): authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=115.159.65.195 user=root Failed password for root from 115.159.65.195 port 41936 ssh2	2019-10-25 20:24:23
51.91.36.28	attackspambots	Invalid user abbi from 51.91.36.28 port 35380	2019-10-25 20:02:01
104.211.242.189	attack	Oct 25 14:08:11 markkoudstaal sshd[8373]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=104.211.242.189 Oct 25 14:08:12 markkoudstaal sshd[8373]: Failed password for invalid user postgres from 104.211.242.189 port 1984 ssh2 Oct 25 14:12:20 markkoudstaal sshd[8836]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=104.211.242.189	2019-10-25 20:25:10
24.128.136.73	attackspam	(From aaron@sked.life) Hi Dr. Anderson! I’m Aaron, a customer success advocate at SKED! Did you know that you can now automate your office’s scheduling, send appointment reminders via SMS, and encourage care plans via an app that integrates with your EHR system? If you are interested in learning how you can significantly reduce no-show and missed appointments with friendly, customizable appointment reminders via SMS, push, or email, check out our SKED scheduling app here: http://go.sked.life/automate-my-office If you are not the correct person, would you mind passing this message on to the correct person? Thanks and I look forward to hearing back from you! Aaron Van Duinen Customer Success Advocate SKED, Inc. Phone: 616-258-2201 https://sked.life	2019-10-25 20:23:57
145.253.118.157	attackspambots	Spam Timestamp : 25-Oct-19 12:24 BlockList Provider combined abuse (491)	2019-10-25 20:32:26
139.155.112.250	attack	[FriOct2514:11:21.4169642019][:error][pid1421:tid47701213783808][client139.155.112.250:60799][client139.155.112.250]ModSecurity:Accessdeniedwithcode403\(phase2\).Patternmatch"\(\?:\\\\\\\\\(chr\?\\\\\\\\\(\?[0-9]{1\,3}\?\\\\\\\\\)\\|\?=\?f\(\?:open\\|write\)\?\\\\\\\\\(\\|\\\\\\\\b\(\?:passthru\\|serialize\\|php_uname\\|phpinfo\\|shell_exec\\|preg_\\\\\\\\w \\|mysql_query\\|exec\\|eval\\|base64_decode\\|decode_base64\\|rot13\\|base64_url_decode\\|gz\(\?:inflate\\|decode\\|uncompress\)\\|strrev\\|zlib_\\\\\\\\w \)\\\\\\\\b\?\(\?..."atARGS:admin.[file"/etc/apache2/conf.d/modsec_rules/10_asl_rules.conf"][line"767"][id"340095"][rev"53"][msg"Atomicorp.comWAFRules:AttackBlocked-PHPfunctioninArgument-thismaybeanattack."][data"die\(@md5\,ARGS:admin"][severity"CRITICAL"][hostname"81.17.25.249"][uri"/f9191151/admin.php"][unique_id"XbLmacNXCkF4FjfX4daRyAAAAQ4"][FriOct2514:11:22.4158652019][:error][pid1421:tid47701213783808][client139.155.112.250:60799][client139.155.112.250]ModSecurity:Accessdeniedwithcode403\(phase2\	2019-10-25 20:33:01
183.103.35.206	attack	Oct 25 13:44:08 icinga sshd[61658]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=183.103.35.206 Oct 25 13:44:10 icinga sshd[61658]: Failed password for invalid user robert from 183.103.35.206 port 56962 ssh2 Oct 25 14:15:23 icinga sshd[19175]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=183.103.35.206 ...	2019-10-25 20:20:19
125.74.47.230	attack	Oct 25 02:06:38 php1 sshd\[4954\]: Invalid user connect from 125.74.47.230 Oct 25 02:06:38 php1 sshd\[4954\]: pam_unix\(sshd:auth\): authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=125.74.47.230 Oct 25 02:06:40 php1 sshd\[4954\]: Failed password for invalid user connect from 125.74.47.230 port 33428 ssh2 Oct 25 02:11:46 php1 sshd\[5467\]: pam_unix\(sshd:auth\): authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=125.74.47.230 user=root Oct 25 02:11:48 php1 sshd\[5467\]: Failed password for root from 125.74.47.230 port 38766 ssh2	2019-10-25 20:19:51
81.43.39.87	attack	Spam Timestamp : 25-Oct-19 12:57 BlockList Provider combined abuse (492)	2019-10-25 20:31:30

Recently Reported IPs

221.209.201.241	54.80.42.228	93.60.156.107	59.146.235.175
5.27.230.74	92.40.52.87	207.180.222.54	191.241.130.12
114.218.97.107	96.3.23.41	204.78.53.158	210.140.188.118
17.42.125.219	187.120.94.222	98.14.107.2	83.70.65.183
78.22.44.114	23.127.33.102	84.30.97.31	176.148.91.32