45.61.142.129 - IPInfo

Basic Info

City: unknown

Region: unknown

Country: Netherlands

Internet Service Provider: Frantech Solutions

Hostname: unknown

Organization: unknown

Usage Type: Data Center/Web Hosting/Transit

Comments:

Make a comment on this IP

Type	Details	Datetime
attack	UDP 45.61.142.129:10668 -> port 161, len 85	2020-08-13 04:06:13

Comments on same subnet:

IP	Type	Details	Datetime
45.61.142.93	attack	45.61.142.93 - - [04/Aug/2020:05:20:31 -0400] "GET /welcome/images/about.png HTTP/1.1" 304 - "https://ghostgamingvpn.io/welcome/" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/84.0.4147.105 Safari/537.36" 45.61.142.93 - - [04/Aug/2020:05:20:31 -0400] "GET /welcome/images/team-7.jpg HTTP/1.1" 304 - "https://ghostgamingvpn.io/welcome/" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/84.0.4147.105 Safari/537.36" 45.61.142.93 - - [04/Aug/2020:05:20:31 -0400] "GET /welcome/images/team-1.jpg HTTP/1.1" 304 - "https://ghostgamingvpn.io/welcome/" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/84.0.4147.105 Safari/537.36" 45.61.142.93 - - [04/Aug/2020:05:20:31 -0400] "GET /welcome/images/accepted-worldwide.svg HTTP/1.1" 304 - "https://ghostgamingvpn.io/welcome/" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/84.0.4147.105 Safari/5 ...	2020-08-05 00:42:33
45.61.142.140	attackspam	SYN FLOOD ATTACK SINCE YESTERDAY 07/10/2020-10:50:06.783825 [] [1:2210023:2] SURICATA STREAM ESTABLISHED SYNACK resend with different ACK [] [Classification: Generic Protocol Command Decode] [Priority: 3] {TCP} ***:80 -> 45.61.142.140:9978 07/10/2020-10:50:10.816101 [] [1:2210023:2] SURICATA STREAM ESTABLISHED SYNACK resend with different ACK [] [Classification: Generic Protocol Command Decode] [Priority: 3] {TCP} ***:80 -> 45.61.142.140:9978	2020-07-10 15:58:49
45.61.142.32	attack	Hacking	2020-07-01 09:31:04

Type

Details

Datetime

45.61.142.93

attack

45.61.142.93 - - [04/Aug/2020:05:20:31 -0400] "GET /welcome/images/about.png HTTP/1.1" 304 - "https://ghostgamingvpn.io/welcome/" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/84.0.4147.105 Safari/537.36"
45.61.142.93 - - [04/Aug/2020:05:20:31 -0400] "GET /welcome/images/team-7.jpg HTTP/1.1" 304 - "https://ghostgamingvpn.io/welcome/" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/84.0.4147.105 Safari/537.36"
45.61.142.93 - - [04/Aug/2020:05:20:31 -0400] "GET /welcome/images/team-1.jpg HTTP/1.1" 304 - "https://ghostgamingvpn.io/welcome/" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/84.0.4147.105 Safari/537.36"
45.61.142.93 - - [04/Aug/2020:05:20:31 -0400] "GET /welcome/images/accepted-worldwide.svg HTTP/1.1" 304 - "https://ghostgamingvpn.io/welcome/" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/84.0.4147.105 Safari/5
...

2020-08-05 00:42:33

45.61.142.140

attackspam

SYN FLOOD ATTACK SINCE YESTERDAY 07/10/2020-10:50:06.783825  [**] [1:2210023:2] SURICATA STREAM ESTABLISHED SYNACK resend with different ACK [**] [Classification: Generic Protocol Command Decode] [Priority: 3] {TCP} *****:80 -> 45.61.142.140:9978
07/10/2020-10:50:10.816101  [**] [1:2210023:2] SURICATA STREAM ESTABLISHED SYNACK resend with different ACK [**] [Classification: Generic Protocol Command Decode] [Priority: 3] {TCP} *****:80 -> 45.61.142.140:9978

2020-07-10 15:58:49

45.61.142.32

attack

Hacking

2020-07-01 09:31:04

Whois info:

Dig info:

; <<>> DiG 9.10.3-P4-Ubuntu <<>> 45.61.142.129
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 40816
;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;45.61.142.129.			IN	A

;; AUTHORITY SECTION:
.			171	IN	SOA	a.root-servers.net. nstld.verisign-grs.com. 2020081202 1800 900 604800 86400

;; Query time: 406 msec
;; SERVER: 183.60.83.19#53(183.60.83.19)
;; WHEN: Thu Aug 13 04:06:10 CST 2020
;; MSG SIZE  rcvd: 117

Host info

129.142.61.45.in-addr.arpa domain name pointer unassigned.octosec.io.

Nslookup info:

Server:		183.60.83.19
Address:	183.60.83.19#53

Non-authoritative answer:
129.142.61.45.in-addr.arpa	name = unassigned.octosec.io.

Authoritative answers can be found from:
142.61.45.in-addr.arpa	nameserver = pns103.cloudns.net.
142.61.45.in-addr.arpa	nameserver = pns102.cloudns.net.
142.61.45.in-addr.arpa	nameserver = pns104.cloudns.net.
142.61.45.in-addr.arpa	nameserver = pns101.cloudns.net.

Related IP info:

Related comments:

IP	Type	Details	Datetime
14.237.67.117	attackbots	Honeypot attack, port: 5555, PTR: static.vnpt.vn.	2020-01-30 23:01:21
181.115.156.59	attack	Jan 30 15:03:51 server sshd\[8375\]: Invalid user ujjendra from 181.115.156.59 Jan 30 15:03:51 server sshd\[8375\]: pam_unix\(sshd:auth\): authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=181.115.156.59 Jan 30 15:03:53 server sshd\[8375\]: Failed password for invalid user ujjendra from 181.115.156.59 port 48220 ssh2 Jan 30 17:34:11 server sshd\[32192\]: Invalid user nachni from 181.115.156.59 Jan 30 17:34:11 server sshd\[32192\]: pam_unix\(sshd:auth\): authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=181.115.156.59 ...	2020-01-30 22:39:46
222.186.175.151	attackbots	pam_unix\(sshd:auth\): authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=222.186.175.151 user=root Failed password for root from 222.186.175.151 port 46582 ssh2 Failed password for root from 222.186.175.151 port 46582 ssh2 Failed password for root from 222.186.175.151 port 46582 ssh2 Failed password for root from 222.186.175.151 port 46582 ssh2	2020-01-30 23:02:55
112.116.155.205	attack	Unauthorized connection attempt detected from IP address 112.116.155.205 to port 2220 [J]	2020-01-30 22:31:47
107.189.10.44	attack	Unauthorized connection attempt detected from IP address 107.189.10.44 to port 22 [J]	2020-01-30 22:36:05
132.148.105.132	attack	Automatic report - XMLRPC Attack	2020-01-30 22:23:40
118.99.109.208	attack	Mail/25/465/587-993/995 Probe, Reject, BadAuth, Hack, SPAM -	2020-01-30 22:37:58
182.176.91.245	attack	Unauthorized connection attempt detected from IP address 182.176.91.245 to port 2220 [J]	2020-01-30 23:04:54
49.88.112.113	attack	Jan 30 04:50:39 web9 sshd\[11658\]: pam_unix\(sshd:auth\): authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=49.88.112.113 user=root Jan 30 04:50:41 web9 sshd\[11658\]: Failed password for root from 49.88.112.113 port 64844 ssh2 Jan 30 04:51:41 web9 sshd\[11779\]: pam_unix\(sshd:auth\): authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=49.88.112.113 user=root Jan 30 04:51:43 web9 sshd\[11779\]: Failed password for root from 49.88.112.113 port 32319 ssh2 Jan 30 04:52:45 web9 sshd\[11902\]: pam_unix\(sshd:auth\): authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=49.88.112.113 user=root	2020-01-30 23:00:32
218.92.0.148	attackbots	Jan 30 15:41:11 vpn01 sshd[17811]: Failed password for root from 218.92.0.148 port 44070 ssh2 Jan 30 15:41:26 vpn01 sshd[17811]: error: maximum authentication attempts exceeded for root from 218.92.0.148 port 44070 ssh2 [preauth] ...	2020-01-30 22:50:55
104.152.52.27	attack	Unauthorized connection attempt detected from IP address 104.152.52.27 to port 691	2020-01-30 22:48:38
201.184.121.98	attack	Honeypot attack, port: 445, PTR: static-adsl201-184-121-98.une.net.co.	2020-01-30 22:59:32
107.150.23.245	attackbots	Mail/25/465/587-993/995 Probe, Reject, BadAuth, Hack, SPAM -	2020-01-30 22:57:30
217.182.129.39	attack	Unauthorized connection attempt detected from IP address 217.182.129.39 to port 2220 [J]	2020-01-30 22:51:30
146.88.240.4	attack	146.88.240.4 was recorded 8 times by 6 hosts attempting to connect to the following ports: 53,3702. Incident counter (4h, 24h, all-time): 8, 232, 47365	2020-01-30 22:30:00

Recently Reported IPs

113.166.85.98	111.75.226.53	176.12.217.182	79.126.50.82
78.87.179.58	59.127.154.96	59.126.27.63	59.97.43.217
52.184.167.86	45.231.30.129	45.137.22.62	157.157.71.10
37.49.230.130	23.94.160.120	222.102.210.39	213.87.255.221
210.72.68.224	209.59.154.141	202.88.241.118	192.3.105.180