29 May 2019: Emotet malspam: 'Mykolab Ref Id: I32560' [Was: Re: Spamming of NANOG list members]

Dan Hollis goemon at sasami.anime.net
Thu May 30 00:25:43 UTC 2019


On Wed, 29 May 2019, Paul Ferguson wrote:
> AS      | IP               | AS Name
> 14061   | 68.183.65[.]234    | DIGITALOCEAN-ASN - DigitalOcean, LLC, US (shared hosting)
> 16276   | 158.69.127[.]22    | OVH, FR (shared hosting)
> 51167   | 173.249.2[.]31     | CONTABO, DE (shared hosting)
> 46475   | 74.63.242[.]18     | LIMESTONENETWORKS - Limestone Networks, Inc., US (shared hosting)
> 33182   | 185.38.44[.]163    | DIMENOC - HostDime.com, Inc., US (shared hosting)
> 44099   | 31.12.67[.]62      | RUNISO-AS RUNISO Autonomous System, FR (appears to be stand-alone IP, no PTR record)

few suprises here. known complacent/spam-friendly providers.

-Dan



More information about the NANOG mailing list