I've seen this IP range you are talking about in cerber/ransomware
variants doing scans on 6892/udp
On 10/13/2016 02:37 PM, Benoit Panizzon wrote:
> Hi Stefan
>> the question is what's behind those domains? i didn't have the time to
>> analyze it, yet.
> I had a bit a deeper look into it.
> The Emails them self come from various IP Addresses. It's obviously a
> Almost all those xyz domains resolve to an IP within a /24 from AS41122.
> So I suppose this is a rogue Hoster as a quick search with google had
> quite some hits.
> AS41122 has just two upstream peers. So maybe if some more drop them a
> hint, they could issue a severe warning, or even de-peer AS41122.
> -Benoît Panizzon-
> mailop mailing list
mailop mailing list