According to Talos it could be safe to block the whole /19 as I can't see other senders that could be involved: https://www.talosintelligence.com/reputation_center/lookup?search=63.250.0.0%2F19 Thousands of IPs in the block follow the same naming patterns...
According to Arin: https://whois.arin.net/rest/net/NET-63-250-0-0-1/pft?s=63.250.13.148 It is allocated to Webhosting.Net, Inc., Miami: https://whois.arin.net/rest/org/WEBHOS-10 And here are other nets assigned to the same entity: https://whois.arin.net/rest/org/WEBHOS-10/nets Maybe it worth checking traffic from the other networks, too. Stefano On 9 March 2018 at 15:47, Al Iverson <aiver...@wombatmail.com> wrote: > Wow, those IPs have really poor reputations. I'm curious to know who > this is if you end up figuring it out. > > Smells like an email validation service. Very disappointing that the > domains vary and are ownership info is hidden from public view. > > I've had one such vendor tell me that they don't care if they get > blocked, they'll just spin up more IPs and domains. It was a while > ago, though, I don't recall which vendor it was. Pretty unethical, > though, in my opinion. > > Cheers, > Al Iverson > > On Thu, Mar 8, 2018 at 8:39 PM, Michael Peddemors > <mich...@linuxmagic.com> wrote: >> Speaking of.. >> >> Does anyone know this actor? >> Is this a list washing service.. >> >> Lot's of 'invalid users' however, large amounts of email at once to those >> invalid users.. Fairly big IP Space.. >> >> 63.250.8.14 1 william1.expedite.scanprofile.net >> 63.250.8.19 1 liam2.epromo.scanprofile.net >> 63.250.10.16 1 janus1.min.metricgeneral.com >> 63.250.11.15 1 hera1.display.verifymetric.net >> 63.250.12.18 1 hephaestus.min.profilescan.net >> 63.250.16.12 2 ethan.verify.scanverify.net >> 63.250.16.14 1 alexander1.erep.scanverify.net >> 63.250.16.20 1 zeus.min.scanverify.net >> 63.250.17.15 2 noah1.rev.livelymetrics.com >> 63.250.17.21 2 hera1.pursue.livelymetrics.com >> 63.250.19.13 1 hypno.mind.profileinquiries.com >> 63.250.20.13 1 adv.edisplay.activeinquiries.com >> 63.250.20.14 1 ares2.fuse.activeinquiries.com >> 63.250.20.16 2 net1.broadcast.activeinquiries.com >> 63.250.21.18 1 hephaestus1.sponser.livelyscan.com >> 63.250.22.14 1 central1.tech.scangeneral.net >> 63.250.22.20 2 hera.verify.scangeneral.net >> 63.250.23.12 1 thor1.edisplay.scanprofiles.com >> 63.250.23.13 1 bishop2.edisplay.scanprofiles.com >> 63.250.23.14 1 ares1.long.scanprofiles.com >> 63.250.23.16 1 main2.ediscover.scanprofiles.com >> 63.250.24.14 1 names2.mind.metricsverify.com >> 63.250.25.17 1 main2.digital.scangeneral.com >> 63.250.26.14 1 hera2.effect.verifyscan.net >> 63.250.27.17 1 names2.live.activemonitor.net >> 63.250.27.21 1 nemesis2.edirect.activemonitor.net >> 63.250.28.15 1 nemesis.transaction.profilemetric.net >> 63.250.28.16 1 elijah.note.profilemetric.net >> 63.250.28.17 1 janus2.note.profilemetric.net >> 63.250.28.19 1 net.tech.profilemetric.net >> 63.250.29.13 1 prime.edrive.activeprofile.net >> 63.250.29.16 1 ironman1.question.activeprofile.net >> 63.250.29.20 1 main.action.activeprofile.net >> 63.250.30.21 1 net2.relay.profileverify.net >> 63.250.31.15 1 irishecate.secure.metricgeneral.net >> 63.250.31.18 1 demeter.remark.metricgeneral.net >> 63.250.31.19 1 poseidon.remark.metricgeneral.net >> > > -- > al iverson // wombatmail // miami > http://www.aliverson.com > http://www.spamresource.com > > _______________________________________________ > mailop mailing list > mailop@mailop.org > https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop _______________________________________________ mailop mailing list mailop@mailop.org https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop
