207.248.109.244

Basic Info

City: unknown

Region: unknown

Country: Mexico

Internet Service Provider: Redes Y Comunicaciones de Michoacan S.A. de C.V.

Hostname: unknown

Organization: unknown

Usage Type: Fixed Line ISP

Comments:

Make a comment on this IP

Type	Details	Datetime
attack	Sep 13 17:57:25 mail.srvfarm.net postfix/smtpd[1214684]: warning: unknown[207.248.109.244]: SASL PLAIN authentication failed: Sep 13 17:57:25 mail.srvfarm.net postfix/smtpd[1214684]: lost connection after AUTH from unknown[207.248.109.244] Sep 13 18:04:17 mail.srvfarm.net postfix/smtps/smtpd[1216382]: warning: unknown[207.248.109.244]: SASL PLAIN authentication failed: Sep 13 18:04:17 mail.srvfarm.net postfix/smtps/smtpd[1216382]: lost connection after AUTH from unknown[207.248.109.244] Sep 13 18:06:58 mail.srvfarm.net postfix/smtpd[1215356]: warning: unknown[207.248.109.244]: SASL PLAIN authentication failed:	2020-09-15 03:44:16
attackbotsspam	Sep 13 17:57:25 mail.srvfarm.net postfix/smtpd[1214684]: warning: unknown[207.248.109.244]: SASL PLAIN authentication failed: Sep 13 17:57:25 mail.srvfarm.net postfix/smtpd[1214684]: lost connection after AUTH from unknown[207.248.109.244] Sep 13 18:04:17 mail.srvfarm.net postfix/smtps/smtpd[1216382]: warning: unknown[207.248.109.244]: SASL PLAIN authentication failed: Sep 13 18:04:17 mail.srvfarm.net postfix/smtps/smtpd[1216382]: lost connection after AUTH from unknown[207.248.109.244] Sep 13 18:06:58 mail.srvfarm.net postfix/smtpd[1215356]: warning: unknown[207.248.109.244]: SASL PLAIN authentication failed:	2020-09-14 19:41:12

Type

Details

Datetime

attack

Sep 13 17:57:25 mail.srvfarm.net postfix/smtpd[1214684]: warning: unknown[207.248.109.244]: SASL PLAIN authentication failed: 
Sep 13 17:57:25 mail.srvfarm.net postfix/smtpd[1214684]: lost connection after AUTH from unknown[207.248.109.244]
Sep 13 18:04:17 mail.srvfarm.net postfix/smtps/smtpd[1216382]: warning: unknown[207.248.109.244]: SASL PLAIN authentication failed: 
Sep 13 18:04:17 mail.srvfarm.net postfix/smtps/smtpd[1216382]: lost connection after AUTH from unknown[207.248.109.244]
Sep 13 18:06:58 mail.srvfarm.net postfix/smtpd[1215356]: warning: unknown[207.248.109.244]: SASL PLAIN authentication failed:

2020-09-15 03:44:16

attackbotsspam

Sep 13 17:57:25 mail.srvfarm.net postfix/smtpd[1214684]: warning: unknown[207.248.109.244]: SASL PLAIN authentication failed: 
Sep 13 17:57:25 mail.srvfarm.net postfix/smtpd[1214684]: lost connection after AUTH from unknown[207.248.109.244]
Sep 13 18:04:17 mail.srvfarm.net postfix/smtps/smtpd[1216382]: warning: unknown[207.248.109.244]: SASL PLAIN authentication failed: 
Sep 13 18:04:17 mail.srvfarm.net postfix/smtps/smtpd[1216382]: lost connection after AUTH from unknown[207.248.109.244]
Sep 13 18:06:58 mail.srvfarm.net postfix/smtpd[1215356]: warning: unknown[207.248.109.244]: SASL PLAIN authentication failed:

2020-09-14 19:41:12

Comments on same subnet:

No discussion about this subnet yet..

Whois info:

Dig info:

; <<>> DiG 9.10.3-P4-Ubuntu <<>> 207.248.109.244
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 36120
;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;207.248.109.244.		IN	A

;; AUTHORITY SECTION:
.			386	IN	SOA	a.root-servers.net. nstld.verisign-grs.com. 2020091400 1800 900 604800 86400

;; Query time: 45 msec
;; SERVER: 183.60.83.19#53(183.60.83.19)
;; WHEN: Mon Sep 14 19:41:08 CST 2020
;; MSG SIZE  rcvd: 119

Host info

244.109.248.207.in-addr.arpa domain name pointer ggadol-207.248.109.244.redes.rcm.net.mx.

Nslookup info:

Server:		100.100.2.138
Address:	100.100.2.138#53

Non-authoritative answer:
244.109.248.207.in-addr.arpa	name = ggadol-207.248.109.244.redes.rcm.net.mx.

Authoritative answers can be found from:

Related IP info:

Related comments:

IP	Type	Details	Datetime
61.118.35.94	attackspam	Jul 1 10:56:20 mail01 postfix/postscreen[9075]: CONNECT from [61.118.35.94]:47333 to [94.130.181.95]:25 Jul 1 10:56:20 mail01 postfix/dnsblog[9078]: addr 61.118.35.94 listed by domain bl.blocklist.de as 127.0.0.9 Jul 1 10:56:20 mail01 postfix/dnsblog[9076]: addr 61.118.35.94 listed by domain ix.dnsbl.xxxxxx.net as 127.0.0.2 Jul 1 10:56:20 mail01 postfix/dnsblog[9077]: addr 61.118.35.94 listed by domain zen.spamhaus.org as 127.0.0.3 Jul 1 10:56:20 mail01 postfix/dnsblog[9077]: addr 61.118.35.94 listed by domain zen.spamhaus.org as 127.0.0.4 Jul 1 10:56:21 mail01 postfix/postscreen[9075]: PREGREET 16 after 0.72 from [61.118.35.94]:47333: EHLO 163bj.com Jul 1 10:56:21 mail01 postfix/postscreen[9075]: DNSBL rank 5 for [61.118.35.94]:47333 Jul x@x Jul x@x Jul 1 10:56:24 mail01 postfix/postscreen[9075]: HANGUP after 2.6 from [61.118.35.94]:47333 in tests after SMTP handshake Jul 1 10:56:24 mail01 postfix/postscreen[9075]: DISCONNECT [61.118.35.94]:47333 ........ -----------------------------------------	2019-07-02 06:52:44
61.30.201.113	attackspambots	MultiHost/MultiPort Probe, Scan, Hack -	2019-07-02 06:41:57
182.35.86.88	attackbotsspam	Bad Postfix AUTH attempts ...	2019-07-02 06:22:04
60.242.32.144	attack	MultiHost/MultiPort Probe, Scan, Hack -	2019-07-02 06:25:09
54.38.82.14	attackbotsspam	Jul 1 18:59:25 vps200512 sshd\[3125\]: pam_unix\(sshd:auth\): authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=54.38.82.14 user=root Jul 1 18:59:27 vps200512 sshd\[3125\]: Failed password for root from 54.38.82.14 port 52065 ssh2 Jul 1 18:59:28 vps200512 sshd\[3127\]: Invalid user admin from 54.38.82.14 Jul 1 18:59:29 vps200512 sshd\[3127\]: pam_unix\(sshd:auth\): authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=54.38.82.14 Jul 1 18:59:31 vps200512 sshd\[3127\]: Failed password for invalid user admin from 54.38.82.14 port 38544 ssh2	2019-07-02 07:07:39
122.228.19.80	attackbotsspam	01.07.2019 22:12:22 Connection to port 5901 blocked by firewall	2019-07-02 06:36:05
152.250.252.179	attack	SSH Bruteforce Attack	2019-07-02 06:51:44
104.236.25.157	attackspam	Jul 1 09:52:35 xtremcommunity sshd\[32168\]: Invalid user shui from 104.236.25.157 port 46564 Jul 1 09:52:35 xtremcommunity sshd\[32168\]: pam_unix\(sshd:auth\): authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=104.236.25.157 Jul 1 09:52:37 xtremcommunity sshd\[32168\]: Failed password for invalid user shui from 104.236.25.157 port 46564 ssh2 Jul 1 09:54:59 xtremcommunity sshd\[32180\]: Invalid user anonymous from 104.236.25.157 port 35112 Jul 1 09:54:59 xtremcommunity sshd\[32180\]: pam_unix\(sshd:auth\): authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=104.236.25.157 ...	2019-07-02 06:48:41
60.22.207.125	attack	60001/tcp 5555/tcp 23/tcp [2019-06-29/30]3pkt	2019-07-02 06:22:56
185.53.88.45	attackspam	\[2019-07-01 18:26:11\] SECURITY\[13451\] res_security_log.c: SecurityEvent="FailedACL",EventTV="2019-07-01T18:26:11.279-0400",Severity="Error",Service="SIP",EventVersion="1",AccountID="9011441217900519",SessionID="0x7f02f810d9f8",LocalAddress="IPV4/UDP/192.168.244.6/5060",RemoteAddress="IPV4/UDP/185.53.88.45/49301",ACLName="no_extension_match" \[2019-07-01 18:28:54\] SECURITY\[13451\] res_security_log.c: SecurityEvent="FailedACL",EventTV="2019-07-01T18:28:54.421-0400",Severity="Error",Service="SIP",EventVersion="1",AccountID="011441217900519",SessionID="0x7f02f8118488",LocalAddress="IPV4/UDP/192.168.244.6/5060",RemoteAddress="IPV4/UDP/185.53.88.45/58507",ACLName="no_extension_match" \[2019-07-01 18:31:47\] SECURITY\[13451\] res_security_log.c: SecurityEvent="FailedACL",EventTV="2019-07-01T18:31:47.923-0400",Severity="Error",Service="SIP",EventVersion="1",AccountID="9011441217900519",SessionID="0x7f02f810d9f8",LocalAddress="IPV4/UDP/192.168.244.6/5060",RemoteAddress="IPV4/UDP/185.53.88.45/55693",ACLName="no_e	2019-07-02 06:40:42
62.103.236.252	attackbots	MultiHost/MultiPort Probe, Scan, Hack -	2019-07-02 06:47:04
101.71.2.111	attack	Jul 1 13:28:59 MK-Soft-VM3 sshd\[21291\]: Invalid user project from 101.71.2.111 port 47332 Jul 1 13:28:59 MK-Soft-VM3 sshd\[21291\]: pam_unix\(sshd:auth\): authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=101.71.2.111 Jul 1 13:29:01 MK-Soft-VM3 sshd\[21291\]: Failed password for invalid user project from 101.71.2.111 port 47332 ssh2 ...	2019-07-02 06:24:11
61.162.171.209	attackbots	MultiHost/MultiPort Probe, Scan, Hack -	2019-07-02 06:29:46
62.117.92.100	attackbotsspam	MultiHost/MultiPort Probe, Scan, Hack -	2019-07-02 06:49:31
193.169.252.18	attackspambots	Trying to log into mailserver (postfix/smtp) using multiple names and passwords	2019-07-02 06:47:24

Recently Reported IPs

197.50.187.142	175.30.205.146	117.50.14.130	3.236.236.164
186.29.183.108	104.131.183.44	62.234.124.172	185.247.224.64
189.84.209.205	93.70.33.185	21.150.123.37	112.14.84.20
67.63.84.35	200.39.29.245	52.217.94.101	66.35.92.71
194.5.49.16	84.178.54.84	177.99.184.146	20.8.8.100