Compromised server emitting phish spam starting Wed, 05 Jan 2022 03:00 UTC.
Envelope sender forged to be the recipient address.
solarwind.eu.com. 38400 IN A 91.121.238.33
ns303b.espace2001.com. 38400 IN A 91.121.238.33
inetnum: 91.121.238.32 — 91.121.238.47
netname: espace2001-3
country: FR
descr: espace2001-3
org: ORG-EA521-RIPE
admin-c: OTC2-RIPE
tech-c: OTC2-RIPE
=================================================================
Received: from ns303b.espace2001.com (HELO ns303b.espace2001.com) (91.121.238.33)
by x (x) with (AES256-SHA encrypted) ESMTPS; Wed, 05 Jan 2022 xx:xx:xx +0000
Received: (qmail x invoked by uid 90); 5 Jan 2022 xx:xx:xx -0000
Received: from unknown (HELO kian.com) (cm@solarwind.eu.com@181.214.133.157)
by ns303b.espace2001.com with ESMTPA; 5 Jan 2022 xx:xx:xx -0000
From: «x» <x>
To: x
Subject: Pending Undelivered Mail to Recipient
Date: 04 Jan 2022 xx:xx:xx -0800
Message-ID: <x@x>
MIME-Version: 1.0
Content-Type: text/html;
charset=»iso-8859-1″
Content-Transfer-Encoding: quoted-printable
This email ιs from a trusted sοurce.
Blocked incoming messages for x
Delivery has failed to these recipients or groups:
You have 10 pending messages for delivery to your mail box.
Click here to release these messages to your inbox folder
[…]
<A […] href=»http://groupalbinali.com/site/Webmail/mail.php?email=x» target=_blank>(more…6)</A>
[…]