nanog mailing list archives

Re: 29 May 2019: Emotet malspam: 'Mykolab Ref Id: I32560' [Was: Re: Spamming of NANOG list members]

From: Dan Hollis <goemon () sasami anime net>
Date: Wed, 29 May 2019 17:25:43 -0700 (PDT)

On Wed, 29 May 2019, Paul Ferguson wrote:

AS      | IP               | AS Name
14061   | 68.183.65[.]234    | DIGITALOCEAN-ASN - DigitalOcean, LLC, US (shared hosting)
16276   | 158.69.127[.]22    | OVH, FR (shared hosting)
51167   | 173.249.2[.]31     | CONTABO, DE (shared hosting)
46475   | 74.63.242[.]18     | LIMESTONENETWORKS - Limestone Networks, Inc., US (shared hosting)
33182   | 185.38.44[.]163    | DIMENOC - HostDime.com, Inc., US (shared hosting)
44099   | 31.12.67[.]62      | RUNISO-AS RUNISO Autonomous System, FR (appears to be stand-alone IP, no PTR record)


few suprises here. known complacent/spam-friendly providers.

-Dan

Current thread:

29 May 2019: Emotet malspam: 'Mykolab Ref Id: I32560' [Was: Re: Spamming of NANOG list members] Paul Ferguson (May 29)
- Re: 29 May 2019: Emotet malspam: 'Mykolab Ref Id: I32560' [Was: Re: Spamming of NANOG list members] Niels Bakker (May 29)
  - Re: 29 May 2019: Emotet malspam: 'Mykolab Ref Id: I32560' [Was: Re: Spamming of NANOG list members] Paul Ferguson (May 29)
- Re: 29 May 2019: Emotet malspam: 'Mykolab Ref Id: I32560' [Was: Re: Spamming of NANOG list members] Dan Hollis (May 29)