System distributing spam containing malware.
eloquent-lamport.13-89-57-189.plesk.page. 3600 IN A 13.89.57.189
=====================================================================================
Return-Path: <customer@ups.com>
Received: from eloquent-lamport.13-89-57-189.plesk.page (unknown [13.89.57.189])
(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits))
(No client certificate requested)
by x (Postfix) with ESMTPS id x
for <x>; Wed, 28 Oct 2020 xx:xx:xx +0100 (CET)
Received: from SEND.yanhhzixwcpupp3w3haliaqwtd.bx.internal.cloudapp.net (unknown [13.68.146.125])
by eloquent-lamport.13-89-57-189.plesk.page (Postfix) with ESMTPSA id x;
Wed, 28 Oct 2020 xx:xx:xx +0000 (UTC)
Authentication-Results: eloquent-lamport.13-89-57-189.plesk.page;
spf=pass (sender IP is 13.68.146.125) smtp.mailfrom=customer@ups.com smtp.helo=SEND.yanhhzixwcpupp3w3haliaqwtd.bx.internal.cloudapp.net
Received-SPF: pass (eloquent-lamport.13-89-57-189.plesk.page: connection is authenticated)
Content-Type: multipart/mixed; boundary=»===============x==»
MIME-Version: 1.0
Subject: UPS — Pending delivery
To: Recipients <customer@ups.com>
From: UPS Customer Service <customer@ups.com>
Date: Wed, 28 Oct 2020 xx:xx:xx +0000
Dear Customer,
We attempted to deliver your item at 3:30pm on 27th Oct, 2020. (Read enclosed file details)
The delivery attempt failed because nobody was present at the shipping address, so this notification has been automatically sent.
If the parcel is not scheduled for re-delivery or picked up within 72 hours, it will be returned to the sender.
Label Number: (Read enclosed file details)
Class: Package Services
Service(s): (Read enclosed file details)
Status: e-Notification sent
Read the enclosed file for details.
UPS Customer Service.
[— Attachment #2: UPS_DETAILS.ISO —]
[— Type: application/octet-stream, Encoding: base64, Size: 2.1M —]
[…]