I'm wondering, are others noticing abuse from different IP addresses in this /22, attempting to hack into mostly non-existent POP3 and IMAP4 accounts, and sending excessive quantities of spam (usually high volume in short bursts)?
Here's one of their IP addresses, which is in 43 out of 157 blacklists (multiple reasons, including spamming and dark hacking): https://multirbl.valli.org/lookup/64.89.160.120.html We're firewalling their entire /22 and including it in our block-and-forget lists because they've been launching their failed attacks from multiple IP addresses for more than 1 month (probably longer, but we didn't bother to check). Given the excessive quantities of abuse from across their network, we don't even care to try to contact them, but if they're part of Mailop then we may be willing to reconsider after the abuse stops. WHOIS records for 64.89.160/22... # start NetRange: 64.89.160.0 - 64.89.163.255 CIDR: 64.89.160.0/22 NetName: NETIFACE-NA1 NetHandle: NET-64-89-160-0-1 Parent: NET64 (NET-64-0-0-0-0) NetType: Direct Allocation OriginAS: Organization: Netiface America, Inc. (NA-520) RegDate: 2026-01-13 Updated: 2026-01-13 Ref: https://rdap.arin.net/registry/ip/64.89.160.0 OrgName: Netiface America, Inc. OrgId: NA-520 Address: 212 N. 2nd St. STE 100 City: Richmond StateProv: KY PostalCode: 40475 Country: US RegDate: 2024-12-29 Updated: 2026-04-29 Ref: https://rdap.arin.net/registry/entity/NA-520 OrgAbuseHandle: ABUSE9563-ARIN OrgAbuseName: Abuse OrgAbusePhone: +447404814404 OrgAbuseEmail: [email protected] OrgAbuseRef: https://rdap.arin.net/registry/entity/ABUSE9563-ARIN OrgTechHandle: ADMIN8922-ARIN OrgTechName: Administrator OrgTechPhone: +1-332-240-5494 OrgTechEmail: [email protected] OrgTechRef: https://rdap.arin.net/registry/entity/ADMIN8922-ARIN # end # start NetRange: 64.89.160.0 - 64.89.161.255 CIDR: 64.89.160.0/23 NetName: GHOSTY-NETWORKS-LU NetHandle: NET-64-89-160-0-2 Parent: NETIFACE-NA1 (NET-64-89-160-0-1) NetType: Reassigned OriginAS: Customer: Ghosty Networks LLC (C11486629) RegDate: 2026-01-25 Updated: 2026-02-07 Comment: Abuse: [email protected] Comment: Geofeed https://api.geofeed.space/a7283d0a-24e8-4744-8d7b-b5087cf20755/geofeed .csv Ref: https://rdap.arin.net/registry/ip/64.89.160.0 CustName: Ghosty Networks LLC Address: 12D Impasse Drosbach City: Luxembourg StateProv: Luxembourg PostalCode: L-1882 Country: LU RegDate: 2026-01-25 Updated: 2026-02-07 Ref: https://rdap.arin.net/registry/entity/C11486629 OrgAbuseHandle: ABUSE9563-ARIN OrgAbuseName: Abuse OrgAbusePhone: +447404814404 OrgAbuseEmail: [email protected] OrgAbuseRef: https://rdap.arin.net/registry/entity/ABUSE9563-ARIN OrgTechHandle: ADMIN8922-ARIN OrgTechName: Administrator OrgTechPhone: +1-332-240-5494 OrgTechEmail: [email protected] OrgTechRef: https://rdap.arin.net/registry/entity/ADMIN8922-ARIN # end # start NetRange: 64.89.162.0 - 64.89.162.255 CIDR: 64.89.162.0/24 NetName: MEOWCORE NetHandle: NET-64-89-162-0-1 Parent: NETIFACE-NA1 (NET-64-89-160-0-1) NetType: Reassigned OriginAS: Customer: Meowcore (C11480522) RegDate: 2026-01-20 Updated: 2026-01-20 Ref: https://rdap.arin.net/registry/ip/64.89.162.0 CustName: Meowcore Address: Kabelweg 48a City: Amsterdam StateProv: PostalCode: 1014BV Country: NL RegDate: 2026-01-20 Updated: 2026-01-20 Ref: https://rdap.arin.net/registry/entity/C11480522 OrgAbuseHandle: ABUSE9563-ARIN OrgAbuseName: Abuse OrgAbusePhone: +447404814404 OrgAbuseEmail: [email protected] OrgAbuseRef: https://rdap.arin.net/registry/entity/ABUSE9563-ARIN OrgTechHandle: ADMIN8922-ARIN OrgTechName: Administrator OrgTechPhone: +1-332-240-5494 OrgTechEmail: [email protected] OrgTechRef: https://rdap.arin.net/registry/entity/ADMIN8922-ARIN # end # start NetRange: 64.89.163.0 - 64.89.163.255 CIDR: 64.89.163.0/24 NetName: MEOWCORE NetHandle: NET-64-89-163-0-1 Parent: NETIFACE-NA1 (NET-64-89-160-0-1) NetType: Reassigned OriginAS: Customer: Meowcore Softworks LLC (C11476912) RegDate: 2026-01-14 Updated: 2026-02-07 Comment: Geofeed https://api.geofeed.space/5dc8415b-82d7-4883-9570-6927f213a76e/geofeed .csv Ref: https://rdap.arin.net/registry/ip/64.89.163.0 CustName: Meowcore Softworks LLC Address: Robert-Bosch-Strasse 25 City: Langen StateProv: PostalCode: Country: DE RegDate: 2026-01-14 Updated: 2026-02-07 Ref: https://rdap.arin.net/registry/entity/C11476912 OrgAbuseHandle: ABUSE9563-ARIN OrgAbuseName: Abuse OrgAbusePhone: +447404814404 OrgAbuseEmail: [email protected] OrgAbuseRef: https://rdap.arin.net/registry/entity/ABUSE9563-ARIN OrgTechHandle: ADMIN8922-ARIN OrgTechName: Administrator OrgTechPhone: +1-332-240-5494 OrgTechEmail: [email protected] OrgTechRef: https://rdap.arin.net/registry/entity/ADMIN8922-ARIN # end -- Postmaster - [email protected] Randolf Richardson, CNA - [email protected] Inter-Corporate Computer & Network Services, Inc. Vancouver, Beautiful British Columbia, Canada https://www.inter-corporate.com/ _______________________________________________ mailop mailing list [email protected] https://list.mailop.org/listinfo/mailop
