Am 02.06.26 um 12:07 schrieb Alessandro Vesely via mailop:
On 02/06/2026 08:56, Benoit Panizzon via mailop wrote:
From: DH Lieferung Kundenbetreuung<[email protected]>
To: panizzon@*
Message-ID:<[email protected]>
X-Mailer: Python SMTP Client
inetnum: 158.94.210.0 - 158.94.210.255
netname: OMEGATECH
country: NL
You don't seem to be the only victim: AbuseIPDB says:
*158.94.210.98* <https://www.abuseipdb.com/check/158.94.210.98> was found
in our database!
This IP was reported *130* times. Confidence of Abuse is *100%*:
That /24 range seems to be rented out to a spamming/scamming operation using
victim addresses for both sender and recipient:
Jun 1 14:02:53 localhost postfix/smtpd[3568196]: NOQUEUE: reject: RCPT from unknown[158.94.210.212]: 450 4.7.25 Client
host rejected: cannot find your hostname, [158.94.210.212]; from=<info@*domain*.de> to=<info@*domain*.de> proto=ESMTP
helo=<[158.94.210.212]>
I've seen this pattern (sender address = recipient) mostly with sextortion or fake security breach attempts, so it may
be possible that those hosts are compromised and the actual miscreant is sitting elsewhere.
From my spam blocking database, I see that I labeled 158.94.208.0/22 as spamming, as well as AS214943 which it was
apparently part of at some time. No reported false positives yet.
Cheers,
Hans-Martin
_______________________________________________
mailop mailing list
[email protected]
https://list.mailop.org/listinfo/mailop
