202.29.57.103 - IPInfo

Basic Info

City: unknown

Region: unknown

Country: Thailand

Internet Service Provider: Uninet

Hostname: unknown

Organization: Sisaket Rajabhat University

Usage Type: Fixed Line ISP

Comments:

Make a comment on this IP

Type	Details	Datetime
attackbots	11/29/2019-01:28:54.005473 202.29.57.103 Protocol: 6 ET SCAN NMAP -sS window 1024	2019-11-29 15:45:04
attackbots	38081/tcp 8555/tcp 38082/tcp... [2019-09-25/11-26]1928pkt,23pt.(tcp)	2019-11-26 14:01:11
attackbots	Portscan or hack attempt detected by psad/fwsnort	2019-11-26 04:47:46
attackbotsspam	202.29.57.103 was recorded 89 times by 31 hosts attempting to connect to the following ports: 28081,8895,20332,18082,10331,8555,38082,10332,6588,20334,26969,26968,36968,8546,9656,8547,38081,8588,10334,18081,28082,36969. Incident counter (4h, 24h, all-time): 89, 424, 3983	2019-11-21 08:21:11
attackspam	Connection by 202.29.57.103 on port: 8545 got caught by honeypot at 11/4/2019 7:00:31 PM	2019-11-05 04:43:00
attackspambots	10/21/2019-07:45:37.614107 202.29.57.103 Protocol: 6 ET SCAN NMAP -sS window 1024	2019-10-21 20:24:13
attackspambots	10/13/2019-07:55:06.502177 202.29.57.103 Protocol: 6 ET SCAN NMAP -sS window 1024	2019-10-13 21:34:22
attackbots	Sep 16 10:32:46 lenivpn01 kernel: \[855554.676089\] \[UFW BLOCK\] IN=eth0 OUT= MAC=96:00:00:2f:6c:1b:d2:74:7f:6e:37:e3:08:00 SRC=202.29.57.103 DST=195.201.121.15 LEN=40 TOS=0x00 PREC=0x00 TTL=243 ID=54832 PROTO=TCP SPT=32767 DPT=8545 WINDOW=1024 RES=0x00 SYN URGP=0 Sep 16 11:25:43 lenivpn01 kernel: \[858731.856319\] \[UFW BLOCK\] IN=eth0 OUT= MAC=96:00:00:2f:6c:1b:d2:74:7f:6e:37:e3:08:00 SRC=202.29.57.103 DST=195.201.121.15 LEN=40 TOS=0x00 PREC=0x00 TTL=243 ID=54832 PROTO=TCP SPT=32767 DPT=8545 WINDOW=1024 RES=0x00 SYN URGP=0 Sep 16 13:33:04 lenivpn01 kernel: \[866372.884603\] \[UFW BLOCK\] IN=eth0 OUT= MAC=96:00:00:2f:6c:1b:d2:74:7f:6e:37:e3:08:00 SRC=202.29.57.103 DST=195.201.121.15 LEN=40 TOS=0x00 PREC=0x00 TTL=243 ID=54832 PROTO=TCP SPT=32767 DPT=8545 WINDOW=1024 RES=0x00 SYN URGP=0 ...	2019-09-16 20:12:34
attack	09/11/2019-14:58:11.536691 202.29.57.103 Protocol: 6 ET SCAN NMAP -sS window 1024	2019-09-12 04:31:04
attackspam	firewall-block, port(s): 8545/tcp	2019-09-12 02:16:55
attackbots	Port scan on 1 port(s): 8545	2019-08-29 09:08:17
attackspambots	Splunk® : port scan detected: Aug 24 20:29:15 testbed kernel: Firewall: TCP_IN Blocked IN=eth0 OUT= MAC=82:c6:52:d1:6e:53:64:c3:d6:0b:ef:f0:08:00 SRC=202.29.57.103 DST=104.248.11.191 LEN=40 TOS=0x00 PREC=0x00 TTL=239 ID=8329 PROTO=TCP SPT=32767 DPT=8545 WINDOW=1024 RES=0x00 SYN URGP=0	2019-08-25 10:14:40
attackbots	08/22/2019-14:37:43.702514 202.29.57.103 Protocol: 6 ET SCAN NMAP -sS window 1024	2019-08-23 03:03:06
attack	Splunk® : port scan detected: Aug 19 16:00:45 testbed kernel: Firewall: TCP_IN Blocked IN=eth0 OUT= MAC=82:c6:52:d1:6e:53:64:c3:d6:0b:ef:f0:08:00 SRC=202.29.57.103 DST=104.248.11.191 LEN=40 TOS=0x00 PREC=0x00 TTL=239 ID=15797 PROTO=TCP SPT=32767 DPT=8545 WINDOW=1024 RES=0x00 SYN URGP=0	2019-08-20 04:40:03
attack	08/15/2019-16:11:17.265586 202.29.57.103 Protocol: 6 ET SCAN NMAP -sS window 1024	2019-08-16 04:12:34
attack	MultiHost/MultiPort Probe, Scan, Hack -	2019-08-15 15:12:10
attackbotsspam	08/07/2019-18:00:48.343569 202.29.57.103 Protocol: 6 ET SCAN NMAP -sS window 1024	2019-08-08 08:15:37
attack	MultiHost/MultiPort Probe, Scan, Hack -	2019-07-29 12:42:05
attack	Splunk® : port scan detected: Jul 24 23:07:29 testbed kernel: Firewall: TCP_IN Blocked IN=eth0 OUT= MAC=82:c6:52:d1:6e:53:64:c3:d6:0b:ef:f0:08:00 SRC=202.29.57.103 DST=104.248.11.191 LEN=40 TOS=0x00 PREC=0x00 TTL=239 ID=42135 PROTO=TCP SPT=32767 DPT=8545 WINDOW=1024 RES=0x00 SYN URGP=0	2019-07-25 12:23:55
attackbots	Splunk® : port scan detected: Jul 23 09:16:29 testbed kernel: Firewall: TCP_IN Blocked IN=eth0 OUT= MAC=82:c6:52:d1:6e:53:64:c3:d6:0b:ef:f0:08:00 SRC=202.29.57.103 DST=104.248.11.191 LEN=40 TOS=0x00 PREC=0x00 TTL=239 ID=54825 PROTO=TCP SPT=32767 DPT=8545 WINDOW=1024 RES=0x00 SYN URGP=0	2019-07-24 04:16:35
attackspam	firewall-block, port(s): 8545/tcp	2019-07-21 00:45:37
attackspam	Test report from splunk app	2019-07-16 08:32:29
attack	1 attempts last 24 Hours	2019-07-05 22:52:51
attack	MultiHost/MultiPort Probe, Scan, Hack -	2019-07-04 04:33:01
attackspam	Port scan attempt detected by AWS-CCS, CTS, India	2019-07-01 13:55:20
attackbotsspam	" "	2019-06-27 15:52:40
attackspam	Port scan attempt detected by AWS-CCS, CTS, India	2019-06-23 12:00:29

Comments on same subnet:

IP	Type	Details	Datetime
202.29.57.111	attackspambots	Sun, 21 Jul 2019 07:36:45 +0000 likely compromised host or open proxy. ddos rate spidering	2019-07-21 20:48:39

Whois info:

Dig info:


; <<>> DiG 9.10.3-P4-Ubuntu <<>> 202.29.57.103
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 63641
;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;202.29.57.103.			IN	A

;; AUTHORITY SECTION:
.			1616	IN	SOA	a.root-servers.net. nstld.verisign-grs.com. 2019032800 1800 900 604800 86400

;; Query time: 110 msec
;; SERVER: 183.60.82.98#53(183.60.82.98)
;; WHEN: Thu Mar 28 23:02:22 CST 2019
;; MSG SIZE  rcvd: 117

Host info

Host 103.57.29.202.in-addr.arpa. not found: 3(NXDOMAIN)

Nslookup info:

Server:		183.60.83.19
Address:	183.60.83.19#53

Non-authoritative answer:
*** Can't find 103.57.29.202.in-addr.arpa.: No answer

Authoritative answers can be found from:

Related IP info:

Related comments:

IP	Type	Details	Datetime
177.92.16.186	attackspambots	Nov 26 13:18:59 localhost sshd\[126466\]: pam_unix\(sshd:auth\): authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=177.92.16.186 user=www-data Nov 26 13:19:01 localhost sshd\[126466\]: Failed password for www-data from 177.92.16.186 port 59060 ssh2 Nov 26 13:27:34 localhost sshd\[126695\]: Invalid user admin from 177.92.16.186 port 9956 Nov 26 13:27:34 localhost sshd\[126695\]: pam_unix\(sshd:auth\): authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=177.92.16.186 Nov 26 13:27:37 localhost sshd\[126695\]: Failed password for invalid user admin from 177.92.16.186 port 9956 ssh2 ...	2019-11-26 21:43:55
66.70.189.209	attack	Nov 26 10:26:42 venus sshd\[18659\]: Invalid user server from 66.70.189.209 port 57113 Nov 26 10:26:42 venus sshd\[18659\]: pam_unix\(sshd:auth\): authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=66.70.189.209 Nov 26 10:26:44 venus sshd\[18659\]: Failed password for invalid user server from 66.70.189.209 port 57113 ssh2 ...	2019-11-26 21:36:59
146.120.18.189	attackspambots	blacklist	2019-11-26 21:10:22
111.255.29.213	attackbotsspam	firewall-block, port(s): 23/tcp	2019-11-26 21:23:26
191.235.93.236	attack	F2B jail: sshd. Time: 2019-11-26 11:04:19, Reported by: VKReport	2019-11-26 21:41:52
106.13.62.194	attackbotsspam	SSH brute-force: detected 18 distinct usernames within a 24-hour window.	2019-11-26 21:36:39
77.42.93.144	attack	Automatic report - Port Scan Attack	2019-11-26 21:21:29
85.114.21.234	attackbots	firewall-block, port(s): 37777/tcp	2019-11-26 21:27:20
66.249.64.89	attack	66.249.64.89 - - [26/Nov/2019:07:19:33 +0100] "GET /wp/wp-login.php HTTP/1.1" 301 250 "-" "Mozilla/5.0 (Linux; Android 6.0.1; Nexus 5X Build/MMB29P) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/41.0.2272.96 Mobile Safari/537.36 (compatible; Googlebot/2.1; +http://www.google.com/bot.html)"	2019-11-26 21:45:26
74.82.47.59	attack	Unauthorised access (Nov 26) SRC=74.82.47.59 LEN=40 TTL=241 ID=54321 TCP DPT=23 WINDOW=65535 SYN	2019-11-26 21:13:54
149.202.18.43	attackspam	11/26/2019-06:28:07.212384 149.202.18.43 Protocol: 17 ET SCAN Sipvicious Scan	2019-11-26 21:38:49
106.54.237.74	attackspambots	Invalid user glassman from 106.54.237.74 port 43872	2019-11-26 21:32:44
129.28.177.29	attackbots	Nov 26 10:33:23 ovpn sshd\[22631\]: Invalid user nfs from 129.28.177.29 Nov 26 10:33:23 ovpn sshd\[22631\]: pam_unix\(sshd:auth\): authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=129.28.177.29 Nov 26 10:33:26 ovpn sshd\[22631\]: Failed password for invalid user nfs from 129.28.177.29 port 33864 ssh2 Nov 26 10:37:46 ovpn sshd\[23766\]: pam_unix\(sshd:auth\): authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=129.28.177.29 user=root Nov 26 10:37:48 ovpn sshd\[23766\]: Failed password for root from 129.28.177.29 port 41642 ssh2	2019-11-26 21:55:16
45.80.64.246	attackbots	Invalid user qwe from 45.80.64.246 port 46760	2019-11-26 21:16:36
95.24.202.39	attackspam	Brute-force attempt banned	2019-11-26 21:31:50

Recently Reported IPs

64.91.7.203	197.51.150.125	195.231.6.213	58.60.228.242
49.204.89.226	200.119.214.19	198.50.150.83	113.10.173.99
92.63.197.100	192.140.146.192	93.170.122.30	52.66.143.216
23.125.62.70	185.132.127.132	159.89.169.109	52.44.241.10
209.45.67.228	190.7.30.138	185.254.122.17	81.22.17.250