45.61.142.140 - IPInfo

Basic Info

City: unknown

Region: unknown

Country: United States

Internet Service Provider: Frantech Solutions

Hostname: unknown

Organization: unknown

Usage Type: Data Center/Web Hosting/Transit

Comments:

Make a comment on this IP

Type	Details	Datetime
attackspam	SYN FLOOD ATTACK SINCE YESTERDAY 07/10/2020-10:50:06.783825 [] [1:2210023:2] SURICATA STREAM ESTABLISHED SYNACK resend with different ACK [] [Classification: Generic Protocol Command Decode] [Priority: 3] {TCP} ***:80 -> 45.61.142.140:9978 07/10/2020-10:50:10.816101 [] [1:2210023:2] SURICATA STREAM ESTABLISHED SYNACK resend with different ACK [] [Classification: Generic Protocol Command Decode] [Priority: 3] {TCP} ***:80 -> 45.61.142.140:9978	2020-07-10 15:58:49

Type

Details

Datetime

attackspam

SYN FLOOD ATTACK SINCE YESTERDAY 07/10/2020-10:50:06.783825  [**] [1:2210023:2] SURICATA STREAM ESTABLISHED SYNACK resend with different ACK [**] [Classification: Generic Protocol Command Decode] [Priority: 3] {TCP} *****:80 -> 45.61.142.140:9978
07/10/2020-10:50:10.816101  [**] [1:2210023:2] SURICATA STREAM ESTABLISHED SYNACK resend with different ACK [**] [Classification: Generic Protocol Command Decode] [Priority: 3] {TCP} *****:80 -> 45.61.142.140:9978

2020-07-10 15:58:49

Comments on same subnet:

IP	Type	Details	Datetime
45.61.142.129	attack	UDP 45.61.142.129:10668 -> port 161, len 85	2020-08-13 04:06:13
45.61.142.93	attack	45.61.142.93 - - [04/Aug/2020:05:20:31 -0400] "GET /welcome/images/about.png HTTP/1.1" 304 - "https://ghostgamingvpn.io/welcome/" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/84.0.4147.105 Safari/537.36" 45.61.142.93 - - [04/Aug/2020:05:20:31 -0400] "GET /welcome/images/team-7.jpg HTTP/1.1" 304 - "https://ghostgamingvpn.io/welcome/" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/84.0.4147.105 Safari/537.36" 45.61.142.93 - - [04/Aug/2020:05:20:31 -0400] "GET /welcome/images/team-1.jpg HTTP/1.1" 304 - "https://ghostgamingvpn.io/welcome/" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/84.0.4147.105 Safari/537.36" 45.61.142.93 - - [04/Aug/2020:05:20:31 -0400] "GET /welcome/images/accepted-worldwide.svg HTTP/1.1" 304 - "https://ghostgamingvpn.io/welcome/" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/84.0.4147.105 Safari/5 ...	2020-08-05 00:42:33
45.61.142.32	attack	Hacking	2020-07-01 09:31:04

Type

Details

Datetime

45.61.142.129

attack

 UDP 45.61.142.129:10668 -> port 161, len 85

2020-08-13 04:06:13

45.61.142.93

attack

45.61.142.93 - - [04/Aug/2020:05:20:31 -0400] "GET /welcome/images/about.png HTTP/1.1" 304 - "https://ghostgamingvpn.io/welcome/" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/84.0.4147.105 Safari/537.36"
45.61.142.93 - - [04/Aug/2020:05:20:31 -0400] "GET /welcome/images/team-7.jpg HTTP/1.1" 304 - "https://ghostgamingvpn.io/welcome/" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/84.0.4147.105 Safari/537.36"
45.61.142.93 - - [04/Aug/2020:05:20:31 -0400] "GET /welcome/images/team-1.jpg HTTP/1.1" 304 - "https://ghostgamingvpn.io/welcome/" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/84.0.4147.105 Safari/537.36"
45.61.142.93 - - [04/Aug/2020:05:20:31 -0400] "GET /welcome/images/accepted-worldwide.svg HTTP/1.1" 304 - "https://ghostgamingvpn.io/welcome/" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/84.0.4147.105 Safari/5
...

2020-08-05 00:42:33

45.61.142.32

attack

Hacking

2020-07-01 09:31:04

Whois info:

Dig info:

; <<>> DiG 9.10.3-P4-Ubuntu <<>> 45.61.142.140
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 55530
;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;45.61.142.140.			IN	A

;; AUTHORITY SECTION:
.			526	IN	SOA	a.root-servers.net. nstld.verisign-grs.com. 2020070902 1800 900 604800 86400

;; Query time: 93 msec
;; SERVER: 183.60.83.19#53(183.60.83.19)
;; WHEN: Fri Jul 10 11:53:03 CST 2020
;; MSG SIZE  rcvd: 117

Host info

140.142.61.45.in-addr.arpa domain name pointer unassigned.octosec.io.

Nslookup info:

Server:		183.60.83.19
Address:	183.60.83.19#53

Non-authoritative answer:
140.142.61.45.in-addr.arpa	name = unassigned.octosec.io.

Authoritative answers can be found from:
142.61.45.in-addr.arpa	nameserver = pns102.cloudns.net.
142.61.45.in-addr.arpa	nameserver = pns104.cloudns.net.
142.61.45.in-addr.arpa	nameserver = pns103.cloudns.net.
142.61.45.in-addr.arpa	nameserver = pns101.cloudns.net.

Related IP info:

Related comments:

IP	Type	Details	Datetime
89.248.160.150	attackbotsspam	scans 12 times in preceeding hours on the ports (in chronological order) 7936 7954 7994 8500 10006 10008 10016 19222 19222 25159 27015 28003 resulting in total of 143 scans from 89.248.160.0-89.248.174.255 block.	2020-04-24 20:26:26
47.94.155.233	attack	47.94.155.233 - - [24/Apr/2020:14:10:03 +0200] "GET /wp-login.php HTTP/1.1" 200 5686 "-" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0" 47.94.155.233 - - [24/Apr/2020:14:10:12 +0200] "POST /wp-login.php HTTP/1.1" 200 5937 "-" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0" 47.94.155.233 - - [24/Apr/2020:14:10:15 +0200] "POST /xmlrpc.php HTTP/1.1" 200 427 "-" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0"	2020-04-24 20:40:51
52.177.119.170	attackbots	[portscan] Port scan	2020-04-24 20:15:17
185.156.73.57	attackbotsspam	Apr 24 14:37:43 debian-2gb-nbg1-2 kernel: \[9990807.572687\] \[UFW BLOCK\] IN=eth0 OUT= MAC=96:00:00:0e:18:f4:d2:74:7f:6e:37:e3:08:00 SRC=185.156.73.57 DST=195.201.40.59 LEN=40 TOS=0x00 PREC=0x00 TTL=247 ID=62197 PROTO=TCP SPT=46901 DPT=1234 WINDOW=1024 RES=0x00 SYN URGP=0	2020-04-24 20:39:48
46.101.151.52	attackbots	Apr 24 14:24:08 OPSO sshd\[21143\]: Invalid user supported from 46.101.151.52 port 45860 Apr 24 14:24:08 OPSO sshd\[21143\]: pam_unix\(sshd:auth\): authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=46.101.151.52 Apr 24 14:24:09 OPSO sshd\[21143\]: Failed password for invalid user supported from 46.101.151.52 port 45860 ssh2 Apr 24 14:28:33 OPSO sshd\[22977\]: Invalid user kdh from 46.101.151.52 port 59010 Apr 24 14:28:33 OPSO sshd\[22977\]: pam_unix\(sshd:auth\): authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=46.101.151.52	2020-04-24 20:31:15
36.229.83.146	attackspambots	20/4/24@08:10:09: FAIL: IoT-Telnet address from=36.229.83.146 ...	2020-04-24 20:47:30
104.236.224.69	attackbots	Invalid user q from 104.236.224.69 port 44226	2020-04-24 20:10:52
187.178.68.35	attackbotsspam	Automatic report - Port Scan Attack	2020-04-24 20:17:02
103.145.13.12	attack	Apr 24 14:12:49 debian-2gb-nbg1-2 kernel: \[9989314.302649\] \[UFW BLOCK\] IN=eth0 OUT= MAC=96:00:00:0e:18:f4:d2:74:7f:6e:37:e3:08:00 SRC=103.145.13.12 DST=195.201.40.59 LEN=441 TOS=0x08 PREC=0x20 TTL=51 ID=35745 DF PROTO=UDP SPT=5074 DPT=5060 LEN=421	2020-04-24 20:50:45
131.161.170.6	attackbotsspam	[Fri Apr 24 10:36:39 2020 GMT] "Atendimento" [URIBL_INV], Subject: RESUMO DA REDE DE ATENDIMENTO EM SÃO PAULO.	2020-04-24 20:34:09
78.27.145.135	attackbotsspam	Apr 24 17:32:04 gw1 sshd[28595]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=78.27.145.135 Apr 24 17:32:06 gw1 sshd[28605]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=78.27.145.135 ...	2020-04-24 20:35:39
142.93.68.181	attack	2020-04-24 11:51:13,115 fail2ban.actions [22360]: NOTICE [sshd] Ban 142.93.68.181 2020-04-24 12:26:39,172 fail2ban.actions [22360]: NOTICE [sshd] Ban 142.93.68.181 2020-04-24 12:59:58,136 fail2ban.actions [22360]: NOTICE [sshd] Ban 142.93.68.181 2020-04-24 13:36:09,526 fail2ban.actions [22360]: NOTICE [sshd] Ban 142.93.68.181 2020-04-24 14:10:41,026 fail2ban.actions [22360]: NOTICE [sshd] Ban 142.93.68.181 ...	2020-04-24 20:17:31
201.249.99.238	attack	firewall-block, port(s): 1433/tcp	2020-04-24 20:32:12
89.248.168.51	attackbots	Icarus honeypot on github	2020-04-24 20:39:10
183.159.114.151	attack	[Fri Apr 24 09:43:55 2020 GMT] meini@hotmail.com [RDNS_NONE], Subject: 发票 13690131927	2020-04-24 20:44:27

Recently Reported IPs

41.108.241.249	188.0.146.253	103.17.49.2	5.253.52.69
14.177.151.123	187.212.82.234	103.212.140.101	177.229.73.210
94.152.193.95	143.165.206.65	243.2.76.142	119.96.126.82
68.183.90.28	151.230.25.51	89.204.154.177	113.172.123.52
185.182.56.229	190.114.161.176	129.213.38.54	165.35.137.159