29 May 2019: Emotet malspam: 'Mykolab Ref Id: I32560' [Was: Re: Spamming of NANOG list members]
Dan Hollis
goemon at sasami.anime.net
Thu May 30 00:25:43 UTC 2019
On Wed, 29 May 2019, Paul Ferguson wrote:
> AS | IP | AS Name
> 14061 | 68.183.65[.]234 | DIGITALOCEAN-ASN - DigitalOcean, LLC, US (shared hosting)
> 16276 | 158.69.127[.]22 | OVH, FR (shared hosting)
> 51167 | 173.249.2[.]31 | CONTABO, DE (shared hosting)
> 46475 | 74.63.242[.]18 | LIMESTONENETWORKS - Limestone Networks, Inc., US (shared hosting)
> 33182 | 185.38.44[.]163 | DIMENOC - HostDime.com, Inc., US (shared hosting)
> 44099 | 31.12.67[.]62 | RUNISO-AS RUNISO Autonomous System, FR (appears to be stand-alone IP, no PTR record)
few suprises here. known complacent/spam-friendly providers.
-Dan
More information about the NANOG
mailing list