I haven't seen that but I do have recent activity from that IP,
examples:
lucy.mxrouting.net: 2021-08-26 09:38:25
H=ec2-18-215-245-250.compute-1.amazonaws.com (cluster-3.mogonodo.com)
[18.215.245.250] X=TLS1.2:ECDHE-RSA-AES128-GCM-SHA256:128 CV=no
F=<[email protected]> rejected RCPT
safari.mxrouting.net: 2021-08-24 14:18:42
H=ec2-18-215-245-250.compute-1.amazonaws.com (cluster-3.mogonodo.com)
[18.215.245.250] X=TLS1.2:ECDHE-RSA-AES128-GCM-SHA256:128 CV=no
F=<[email protected]> rejected RCPT
The recipients they're trying to send to look like randomly generated
strings @ a few user domains. Makes me wonder what this is:
http://mogonodo.com/
On 2021-08-26 13:45, Mary via mailop wrote:
We've noticed an increase of email scans from AWS IP addresses, they
seem to be testing for variations of the same email:
ec2-18-215-245-250.compute-1.amazonaws.com[18.215.245.250]: 550 5.1.1
<foo-bar@domain>
ec2-18-215-245-250.compute-1.amazonaws.com[18.215.245.250]: 550 5.1.1
<foobar@domain>
ec2-18-215-245-250.compute-1.amazonaws.com[18.215.245.250]: 550 5.1.1
<foo@domain>
ec2-18-215-245-250.compute-1.amazonaws.com[18.215.245.250]: 550 5.1.1
<fb@domain>
ec2-34-207-218-228.compute-1.amazonaws.com[34.207.218.228]: 550 5.1.1
<foo.bar@domain>
ec2-34-207-218-228.compute-1.amazonaws.com[34.207.218.228]: 550 5.1.1
<foo_bar@domain>
ec2-34-207-218-228.compute-1.amazonaws.com[34.207.218.228]: 550 5.1.1
<foo.b@domain>
ec2-54-145-213-229.compute-1.amazonaws.com[54.145.213.229]: 550 5.1.1
<bar@domain>
ec2-54-145-213-229.compute-1.amazonaws.com[54.145.213.229]: 550 5.1.1
<f-b@domain>
ec2-54-145-213-229.compute-1.amazonaws.com[54.145.213.229]: 550 5.1.1
<bar-foo@domain>
Anyone seen this before?
_______________________________________________
mailop mailing list
[email protected]
https://list.mailop.org/listinfo/mailop
_______________________________________________
mailop mailing list
[email protected]
https://list.mailop.org/listinfo/mailop
