Hey All, I get 1000+ clicks per month from one IP. I got a scrub report from a CPC network that is scrubbing all the clicks on the IP. So I matched it up and about 92% of the emails that have clicked through that IP are unique. I talked to another mailer that has 2 CPC networks scrubbing the same exact IP. So, I can block all those emails clicking from that IP but I'm really wondering if the IP belongs to a large dial up (I know I know), Wireless, or other ISP. I get dupes on other IPs (maybe 10-20 per month) but nothing like the thousands from this IP: This is the IP: 199.250.232.5 Overland Sailing IS-OVERLANDSAILING (NET-199-250-232-0-1) 199.250.232.0 - 199.250.232.255 Internet South, Inc. SOUTH (NET-199-250-128-0-1) 199.250.128.0 - 199.250.255.255 I'm trying to contact Overland Sailing with no results and have tried Internet South just today. Georeports show the IP in Nevada so maybe all the casinos use the same IP? Unlikely I know. But this is strange enough I had to ask. Could be a weird proxy company or a cellular IP (I'm on Sprint and my IP always shows up as in another state). Anyone else see this IP or have a suggestion for tracking it down? Thanks
199.250.232.5 Server Details IP address: 199.250.232.5 Server Location: Hogansville, GA in United States ISP: Internet South
Geo IP shows it in Las Vegas: Host Name: 199.250.232.5 IP Address: 199.250.232.5 Country: United States Country code: US (USA) Region: Nevada City: Las Vegas Postal code: 89128 I emailed Internet South with no response yet.
route: 199.250.224.0/20 descr: Internet South(added by MAINT-AS6517) origin: AS6517 remarks: ------------------------------------------------- remarks: - This route object was registered by - remarks: - Reliance Globalcom Services, Inc MAINT-AS6517- remarks: - on behalf of their customer: - remarks: - Internet South - remarks: ------------------------------------------------- notify: [email protected] mnt-by: MAINT-AS6517 changed: [email protected] 20120905 source: RADB route: 199.250.224.0/19 descr: Proxy-registered route object origin: AS30137 remarks: This route object is for an InfoRelay customer route remarks: which is being exported under this origin AS. remarks: remarks: This route object was created because no existing remarks: route object with the same origin was found, and remarks: since some InfoRelay peers filter based on these objects remarks: this route may be rejected if this object is not created. remarks: remarks: Please contact [email protected] if you have any remarks: questions regarding this object. mnt-by: MAINT-AS33597 changed: [email protected] 20130422 source: ALTDB route: 199.250.224.0/19 descr: Epoch Internet origin: AS4565 mnt-by: MAINT-AS4565 changed: [email protected] 20010709 source: EPOCH route: 199.250.224.0/20 descr: Internet South (added by MAINT-AS6517) origin: AS6517 remarks: ------------------------------------------------- remarks: - This route object was registered by - remarks: - Reliance Globalcom Services, Inc MAINT-AS6517 - remarks: - on behalf of their customer: - remarks: - Internet South - remarks: ------------------------------------------------- notify: [email protected] mnt-by: MAINT-AS6517 changed: [email protected] 20120905 source: LEVEL3
Thanks... I'll try a couple other emails there. Not sure Reliance will help but maybe I'll hit them up too. If not maybe I'll head to Vegas for the weekend
Edit: thread I linked to is in the PH, sorry. Long and short of it, block the /24. I haven't seen any proof that there's anything legitimate attached to that range. They're all from Yahoo addresses, right?
95%+ are indeed yahoo, but that matches our list makeup as well. I could block the whole range. What I don't understand is how there are 1000 different emails clicking from that IP in one month. Yes, many of the emails have duplicate clicks across a few months time. But 1000+ unique emails have clicked. We've been scanning through the data trying to see any pattern. If they are legitimate emails I don't want to block all of them.