202.29.57.1 - IPInfo

Basic Info

City: Si Sa Ket

Region: Si Sa Ket

Country: Thailand

Internet Service Provider: unknown

Hostname: unknown

Organization: unknown

Usage Type: unknown

Comments:

Make a comment on this IP

No discussion about this IP yet. Click above link to make one.

Comments on same subnet:

IP	Type	Details	Datetime
202.29.57.103	attackbots	11/29/2019-01:28:54.005473 202.29.57.103 Protocol: 6 ET SCAN NMAP -sS window 1024	2019-11-29 15:45:04
202.29.57.103	attackbots	38081/tcp 8555/tcp 38082/tcp... [2019-09-25/11-26]1928pkt,23pt.(tcp)	2019-11-26 14:01:11
202.29.57.103	attackbots	Portscan or hack attempt detected by psad/fwsnort	2019-11-26 04:47:46
202.29.57.103	attackbotsspam	202.29.57.103 was recorded 89 times by 31 hosts attempting to connect to the following ports: 28081,8895,20332,18082,10331,8555,38082,10332,6588,20334,26969,26968,36968,8546,9656,8547,38081,8588,10334,18081,28082,36969. Incident counter (4h, 24h, all-time): 89, 424, 3983	2019-11-21 08:21:11
202.29.57.103	attackspam	Connection by 202.29.57.103 on port: 8545 got caught by honeypot at 11/4/2019 7:00:31 PM	2019-11-05 04:43:00
202.29.57.103	attackspambots	10/21/2019-07:45:37.614107 202.29.57.103 Protocol: 6 ET SCAN NMAP -sS window 1024	2019-10-21 20:24:13
202.29.57.103	attackspambots	10/13/2019-07:55:06.502177 202.29.57.103 Protocol: 6 ET SCAN NMAP -sS window 1024	2019-10-13 21:34:22
202.29.57.103	attackbots	Sep 16 10:32:46 lenivpn01 kernel: \[855554.676089\] \[UFW BLOCK\] IN=eth0 OUT= MAC=96:00:00:2f:6c:1b:d2:74:7f:6e:37:e3:08:00 SRC=202.29.57.103 DST=195.201.121.15 LEN=40 TOS=0x00 PREC=0x00 TTL=243 ID=54832 PROTO=TCP SPT=32767 DPT=8545 WINDOW=1024 RES=0x00 SYN URGP=0 Sep 16 11:25:43 lenivpn01 kernel: \[858731.856319\] \[UFW BLOCK\] IN=eth0 OUT= MAC=96:00:00:2f:6c:1b:d2:74:7f:6e:37:e3:08:00 SRC=202.29.57.103 DST=195.201.121.15 LEN=40 TOS=0x00 PREC=0x00 TTL=243 ID=54832 PROTO=TCP SPT=32767 DPT=8545 WINDOW=1024 RES=0x00 SYN URGP=0 Sep 16 13:33:04 lenivpn01 kernel: \[866372.884603\] \[UFW BLOCK\] IN=eth0 OUT= MAC=96:00:00:2f:6c:1b:d2:74:7f:6e:37:e3:08:00 SRC=202.29.57.103 DST=195.201.121.15 LEN=40 TOS=0x00 PREC=0x00 TTL=243 ID=54832 PROTO=TCP SPT=32767 DPT=8545 WINDOW=1024 RES=0x00 SYN URGP=0 ...	2019-09-16 20:12:34
202.29.57.103	attack	09/11/2019-14:58:11.536691 202.29.57.103 Protocol: 6 ET SCAN NMAP -sS window 1024	2019-09-12 04:31:04
202.29.57.103	attackspam	firewall-block, port(s): 8545/tcp	2019-09-12 02:16:55
202.29.57.103	attackbots	Port scan on 1 port(s): 8545	2019-08-29 09:08:17
202.29.57.103	attackspambots	Splunk® : port scan detected: Aug 24 20:29:15 testbed kernel: Firewall: TCP_IN Blocked IN=eth0 OUT= MAC=82:c6:52:d1:6e:53:64:c3:d6:0b:ef:f0:08:00 SRC=202.29.57.103 DST=104.248.11.191 LEN=40 TOS=0x00 PREC=0x00 TTL=239 ID=8329 PROTO=TCP SPT=32767 DPT=8545 WINDOW=1024 RES=0x00 SYN URGP=0	2019-08-25 10:14:40
202.29.57.103	attackbots	08/22/2019-14:37:43.702514 202.29.57.103 Protocol: 6 ET SCAN NMAP -sS window 1024	2019-08-23 03:03:06
202.29.57.103	attack	Splunk® : port scan detected: Aug 19 16:00:45 testbed kernel: Firewall: TCP_IN Blocked IN=eth0 OUT= MAC=82:c6:52:d1:6e:53:64:c3:d6:0b:ef:f0:08:00 SRC=202.29.57.103 DST=104.248.11.191 LEN=40 TOS=0x00 PREC=0x00 TTL=239 ID=15797 PROTO=TCP SPT=32767 DPT=8545 WINDOW=1024 RES=0x00 SYN URGP=0	2019-08-20 04:40:03
202.29.57.103	attack	08/15/2019-16:11:17.265586 202.29.57.103 Protocol: 6 ET SCAN NMAP -sS window 1024	2019-08-16 04:12:34

Whois info:

Dig info:

; <<>> DiG 9.10.3-P4-Ubuntu <<>> 202.29.57.1
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 55148
;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 0

;; QUESTION SECTION:
;202.29.57.1.			IN	A

;; AUTHORITY SECTION:
.			488	IN	SOA	a.root-servers.net. nstld.verisign-grs.com. 2022121300 1800 900 604800 86400

;; Query time: 65 msec
;; SERVER: 183.60.83.19#53(183.60.83.19)
;; WHEN: Tue Dec 13 18:01:00 CST 2022
;; MSG SIZE  rcvd: 104

Host info

Host 1.57.29.202.in-addr.arpa. not found: 3(NXDOMAIN)

Nslookup info:

Server:		183.60.83.19
Address:	183.60.83.19#53

** server can't find 1.57.29.202.in-addr.arpa: NXDOMAIN

Related IP info:

Related comments:

IP	Type	Details	Datetime
187.58.65.21	attack	Aug 8 21:25:55 gospond sshd[28556]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=187.58.65.21 user=root Aug 8 21:25:58 gospond sshd[28556]: Failed password for root from 187.58.65.21 port 31314 ssh2 ...	2020-08-09 06:52:27
77.109.173.12	attack	2020-08-08T23:20:54.411504snf-827550 sshd[18500]: Failed password for root from 77.109.173.12 port 47264 ssh2 2020-08-08T23:25:14.853823snf-827550 sshd[20623]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=77.109.173.12 user=root 2020-08-08T23:25:16.366163snf-827550 sshd[20623]: Failed password for root from 77.109.173.12 port 58298 ssh2 ...	2020-08-09 07:25:27
89.248.169.143	attackspam	Port Scan detected from 89.248.169.143 (DE/Germany/Hesse/Frankfurt am Main/-). 4 hits in the last 221 seconds	2020-08-09 07:14:33
106.54.86.87	attackbotsspam	SCAN: Host Sweep CloudCIX Reconnaissance Scan Detected, PTR: PTR record not found	2020-08-09 07:17:50
173.249.55.57	attack	SCAN: Host Sweep CloudCIX Reconnaissance Scan Detected, PTR: vmi350026.contaboserver.net.	2020-08-09 07:14:20
187.189.15.119	attackbots	Port Scan detected from 187.189.15.119 (MX/Mexico/Mexico City/Mexico City (Jardines del Pedregal)/fixed-187-189-15-119.totalplay.net). 4 hits in the last 80 seconds	2020-08-09 07:26:28
159.65.13.233	attackspambots	Aug 8 14:25:30 Host-KLAX-C sshd[32637]: User root from 159.65.13.233 not allowed because not listed in AllowUsers ...	2020-08-09 07:11:36
180.242.183.199	attackbotsspam	Aug 9 02:53:38 gw1 sshd[11882]: Failed password for root from 180.242.183.199 port 5077 ssh2 ...	2020-08-09 07:10:00
80.86.45.98	attackspambots	Port probing on unauthorized port 8080	2020-08-09 07:08:52
92.63.196.25	attackspam	08/08/2020-18:58:24.509144 92.63.196.25 Protocol: 6 ET SCAN NMAP -sS window 1024	2020-08-09 06:58:54
132.232.4.33	attackbots	Aug 8 22:07:50 ovpn sshd\[21423\]: pam_unix\(sshd:auth\): authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=132.232.4.33 user=root Aug 8 22:07:52 ovpn sshd\[21423\]: Failed password for root from 132.232.4.33 port 50524 ssh2 Aug 8 22:22:15 ovpn sshd\[25087\]: pam_unix\(sshd:auth\): authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=132.232.4.33 user=root Aug 8 22:22:17 ovpn sshd\[25087\]: Failed password for root from 132.232.4.33 port 36870 ssh2 Aug 8 22:25:23 ovpn sshd\[25906\]: pam_unix\(sshd:auth\): authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=132.232.4.33 user=root	2020-08-09 07:17:00
180.166.150.114	attackbotsspam	(sshd) Failed SSH login from 180.166.150.114 (CN/China/-): 5 in the last 3600 secs; Ports: *; Direction: inout; Trigger: LF_SSHD; Logs: Aug 8 23:44:05 amsweb01 sshd[5714]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=180.166.150.114 user=root Aug 8 23:44:06 amsweb01 sshd[5714]: Failed password for root from 180.166.150.114 port 22472 ssh2 Aug 8 23:48:38 amsweb01 sshd[6379]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=180.166.150.114 user=root Aug 8 23:48:40 amsweb01 sshd[6379]: Failed password for root from 180.166.150.114 port 40247 ssh2 Aug 8 23:52:22 amsweb01 sshd[7012]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=180.166.150.114 user=root	2020-08-09 06:56:45
171.251.159.3	attackbots	Multiport scan 55 ports : 839 927 1035 1226 1313 2503 2753 2778 3214 3599 4330 4356 4904 5642 6653 6967 8483 10502 11442 12214 12361 12766 12942 13811 13841 15107 15244 15906 16265 16354 17039 17837 18048 18254 18778 20014 20250 20253 20955 21482 22213 22385 23373 23859 24188 24514 25341 25584 26763 26929 26934 29482 29779 31619 31712	2020-08-09 07:01:26
81.68.72.231	attack	web-1 [ssh] SSH Attack	2020-08-09 07:04:32
175.24.34.90	attackbots	Aug 5 16:43:43 ahost sshd[28602]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=175.24.34.90 user=r.r Aug 5 16:43:44 ahost sshd[28602]: Failed password for r.r from 175.24.34.90 port 33656 ssh2 Aug 5 16:43:45 ahost sshd[28602]: Received disconnect from 175.24.34.90: 11: Bye Bye [preauth] Aug 5 16:53:22 ahost sshd[28742]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=175.24.34.90 user=r.r Aug 5 16:53:24 ahost sshd[28742]: Failed password for r.r from 175.24.34.90 port 33420 ssh2 Aug 5 16:53:25 ahost sshd[28742]: Received disconnect from 175.24.34.90: 11: Bye Bye [preauth] Aug 5 16:58:35 ahost sshd[28857]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=175.24.34.90 user=r.r Aug 5 16:58:37 ahost sshd[28857]: Failed password for r.r from 175.24.34.90 port 54400 ssh2 Aug 5 16:58:37 ahost sshd[28857]: Received disconnect from 175.24.34.90: 11........ ------------------------------	2020-08-09 07:02:00

Recently Reported IPs

171.67.70.1	63.142.113.83	93.77.97.62	75.0.244.154
158.69.250.40	56.126.102.27	55.168.33.51	54.67.63.103
5.107.34.56	41.127.91.142	36.29.210.115	33.122.113.99
27.242.90.159	27.170.161.84	254.109.130.149	26.171.152.37
246.199.115.210	244.30.43.62	243.25.77.187	238.53.96.13