phish source at

Server emitting phish spam to steal access credentials, probably thanks to a compromised password.

Problem started around Thu, 28 Oct 2021 23:30 UTC, still going on on Sun, 31 Oct 2021.

The compromised machine appears to be, but the spam is delivered through 300 IN A (source is .89) 300 IN A

Return-Path: <>
Received: from (HELO (
by x (x) with (AES256-SHA encrypted) ESMTPS; Fri, 29 Oct 2021 xx:xx:xx +0000
Received: from (unknown [])
by (Postfix) with ESMTPS id x;
Fri, 29 Oct 2021 xx:xx:xx -0700 (PDT)
Content-Type: multipart/alternative; boundary=»===============x==»
Subject: Your mailbox quota is almost full.
To: Recipients <>
From: Mail System Administrator <>
Date: Fri, 29 Oct 2021 xx:xx:xx +0000

Your mailbox quota is almost full. Do this now in order to prevent your account from being blocked.
Click <A href=»»>Login Here</A> to reduce size automatically, so that all pending mails can be delivered to you. Dear User
3840MB 4096MB
Current size Maximum size
Thanks, Mail System Administrator This notification was sent to you Unsubscribe now.

В рубрике

Добавить комментарий

Ваш адрес email не будет опубликован. Обязательные поля помечены *