Hi Alex > Let me guess: You've got an abuse report to your abuse e-mail address > about some IP ranges and domains (including up-network.ch) which have > no relation to your AS at all? > > If yes: You're not the only one.
Yes after the 3rd report, from yet another source we got after I sent the email, the joe-job got quite apparent. The first report was rather short but could be understood as are report about https://dashboard.myrdp.gg/login being a phishing site hosted by one of our customers under the IP: 45.158.77.203 dashboard.myrdp.gg points to a cloudflare proxy. This would not be the first time somebody sends a complaint to cloudflare, cloudflare discloses the IP addresses in question. Phishing sites are often hosted on multiple compromised sites. So that one ip in our network could be involved, was plausible to me. So I replied this IP is not in our network and they should check again with Cloudflare and if an ip was in our network, tell us which one so we could check with the affected customer. On Tuesday we got 3 more report from another sender sent to different abuse and NOC addresses regarding the same phishing site, not the full URL anymore, but a more sensible list of affected IP addresses: 45.148.119.0/24 171.22.147.0/24 45.148.116.0/24 MyRDP.gg up-network.ch Four lines pointing to up-network. So I guess this is some kind of campaign targeting up-network. Mit freundlichen Grüssen -Benoît Panizzon- -- I m p r o W a r e A G - Leiter Commerce Kunden ______________________________________________________ Zurlindenstrasse 29 Tel +41 61 826 93 00 CH-4133 Pratteln Fax +41 61 826 93 01 Schweiz Web http://www.imp.ch ______________________________________________________ _______________________________________________ swinog mailing list -- swinog@lists.swinog.ch To unsubscribe send an email to swinog-le...@lists.swinog.ch
