+1
Name: OMEGATECH
Country: Netherlands
CIDRs: 158.94.210.0/24
Parent: 158.94.208.0 - 158.94.211.255
Registrant(s):
- Name: Abuse Contact (CA12141-RIPE)
Address: [email protected]
- Name: lir-tr-mgn-1-MNT (lir-tr-mgn-1-MNT)
Address:
- Name: Omegatech LTD (ORG-OL329-RIPE)
Address: HOUSE OF FRANCIS ROOM 303, ILE DU PORT, MAHE, SEYCHELLES
On 2026-06-02 08:13, Randolf Richardson, Postmaster via mailop wrote:
Am 02.06.26 um 12:07 schrieb Alessandro Vesely via mailop:
On 02/06/2026 08:56, Benoit Panizzon via mailop wrote:
From: DH Lieferung Kundenbetreuung<[email protected]>
To: panizzon@*
Message-ID:<[email protected]>
X-Mailer: Python SMTP Client
inetnum: 158.94.210.0 - 158.94.210.255
netname: OMEGATECH
country: NL
You don't seem to be the only victim: AbuseIPDB says:
*158.94.210.98* <https://www.abuseipdb.com/check/158.94.210.98> was
found in our database!
This IP was reported *130* times. Confidence of Abuse is *100%*:
That /24 range seems to be rented out to a spamming/scamming operation using
victim addresses for both sender and recipient:
Jun 1 14:02:53 localhost postfix/smtpd[3568196]: NOQUEUE: reject: RCPT from
unknown[158.94.210.212]: 450 4.7.25 Client
host rejected: cannot find your hostname, [158.94.210.212]; from=<info@*domain*.de>
to=<info@*domain*.de> proto=ESMTP
helo=<[158.94.210.212]>
I've seen this pattern (sender address = recipient) mostly with sextortion or
fake security breach attempts, so it may
be possible that those hosts are compromised and the actual miscreant is
sitting elsewhere.
From my spam blocking database, I see that I labeled 158.94.208.0/22 as
spamming, as well as AS214943 which it was
apparently part of at some time. No reported false positives yet.
I just grepped the logs from a few of our busier mail servers, and
various IP addresses from that /24 have been trying to hack into
various user accounts since as far back as 2026-May-24 (possibly
earlier too, but I didn't bother to check).
Mostly they're trying to figure out SMTP passwords, and a few
attempts at IMAP4 are also showing up.
158.94.210/24 is bad news. I recommending blocking the whole /24
without counter-measures in place.
--
"Catch the Magic of Linux..."
------------------------------------------------------------------------
Michael Peddemors, President/CEO LinuxMagic Inc.
Visit us at http://www.linuxmagic.com @linuxmagic
A Wizard IT Company - For More Info http://www.wizard.ca
"LinuxMagic" a Registered TradeMark of Wizard Tower TechnoServices Ltd.
------------------------------------------------------------------------
604-682-0300 Beautiful British Columbia, Canada
_______________________________________________
mailop mailing list
[email protected]
https://list.mailop.org/listinfo/mailop
