nanog mailing list archives
Looking for PoCs of rootlayer.net in Amsterdam. - AS51447 and in upstream providers
From: "irish.masms" <irish.masms () gmail com>
Date: Sun, 5 Feb 2023 21:17:25 -0800
Hello NANOG – longtime lurker, first time poster.I am requesting some assistance today with stopping a pervasive malware campaign being sent via email from multiple open proxies in the following IP blocks:
45.137.20.0 - 45.137.23.255 185.222.56.0 - 185.222.59.255 This IP space is assigned to rootlayer.net in Amsterdam. - AS51447 % Abuse contact for 'AS51447' is 'complain () rootlayer net'All email has contained some sort of malicious code: ransomware, trojans, info sealers, and other various malware (some known and some brand new/not detected yet). The email content is spoofing various legitimate companies and banks.
Since the beginning of the year when I became involved in a particular customer (elderly owner of a small business), we have been sending at least 5 complaints a day (one for each email) to complain () rootlayer net, all reporting has been ignored. The most recent spoof & malware email was received at 16:33 PM PST 5 Feb 2023.
Frankly, we have grown tired of filing abuse complaints into the black hole while an elderly gentleman is being targeted. I am not sure a contact at Rootlayer will be helpful at this point, but if someone has a contact it would be appreciated.
More importantly, anyone have a contact at their upstream providers that may be able to beat down these criminal activities and Rootlayer?
AS49981 - WorldStream B.V. AS49453 - Global Layer B.V. Any assistance would be greatly appreciated – thank you. Stay safe,
Current thread:
- Looking for PoCs of rootlayer.net in Amsterdam. - AS51447 and in upstream providers irish.masms (Feb 08)