Spam from an IP range...

Kai Schaetzl maillists at
Sun Feb 22 21:31:16 GMT 2009

Jason Ede wrote on Sun, 22 Feb 2009 09:06:42 +0000:

> Does anyone else know much about this range and if could just safely block the entire /24 range?

Just grep your logs and if there is no legitimate traffic, block the CIDR that 
includes all the mail you got.
It's common that ISP give whole netblocks to a client rack.
And contact the abuse dept. of that ISP in case it's not a safe haven.

OrgName:    WebHostPlus Inc 
OrgID:      WEBHO-3
Address:    1021 Market Street
City:       Paterson
StateProv:  NJ
PostalCode: 07513
Country:    US

ReferralServer: rwhois://

NetRange: - 
NetName:    NET-209-152-160-0-19
NetHandle:  NET-209-152-160-0-2
Parent:     NET-209-0-0-0-0
NetType:    Direct Allocation
RegDate:    2002-06-12
Updated:    2008-02-25

OrgAbuseHandle: ABUSE396-ARIN
OrgAbuseName:   Abuse 
OrgAbusePhone:  +1-212-600-9290
OrgAbuseEmail:  abuse at

OrgTechHandle: WEBHO1-ARIN
OrgTechName:   Network Operations Center 
OrgTechPhone:  +1-212-600-6290
OrgTechEmail:  noc at

# ARIN WHOIS database, last updated 2009-02-21 19:10
# Enter ? for additional hints on searching ARIN's WHOIS database.


Kai Schätzl, Berlin, Germany
Get your web at Conactive Internet Services:

More information about the MailScanner mailing list