Today 2 different accounts sent me an impersonating email from cPanel about the account related is almost full.
How may I can report this to you? Is there a way that cPanel could block this type of phishing/scam?
Never the less, I have already updated my filters to block emails like this, but think that cPanel should do a kind of KEY to prevent scammers to impersonate this or any other email coming from the OS in the servers.
Here are the related Email headers, I have suppressed any info about my servers or accounts:
======================
Received from IP 81.169.146.201:
======================
======================
Received from IP 27.123.24.218:
Received: from mail-62-r20.ipv4.per01.ds.network ([27.123.24.218]:50604)
by WHIPED FROM REPORT
(envelope-from <[email protected]01.ds.network>)
id WHIPED FROM REPORT
for WHIPED FROM REPORT; WHIPED FROM REPORT
Received: from cp-wc87.per01.ds.network (cp-wc87.per01.ds.network [103.67.235.61])
by halon-out02.au.ds.network (Halon) with ESMTPS
id WHIPED FROM REPORT;
WHIPED FROM REPORT
DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed;
d=test.artworkexpert.com.au; s=default; h=Date:Message-Id:Reply-To:From:
Content-Type:MIME-Version:Subject:To:Sender:Cc:Content-Transfer-Encoding:
Content-ID:Content-Description:Resent-Date:Resent-From:Resent-Sender:
Resent-To:Resent-Cc:Resent-Message-ID:In-Reply-To:References:List-Id:
List-Help:List-Unsubscribe:List-Subscribe:List-Post:List-Owner:List-Archive;
bh=TEqqyGSV1Ad5Xu2o/Hdb+/GyX/OKCfZWE2pkJHX/B1g=; b=MosumGZiICSi+YqtHjqIIvt42v
ThIJfDOQR/Qw+RyfSG7TH4AWfazfN0Xz0FfMBOrvi9mNzvpfJyII79bX6gJ0qxKn0+IlCg9pqvu37
oXSocMdE+UmBVGojYC5orehkEOh5FZTQW9Pdid/2s65Ct1pWxBdK2jEiFMRbhSNnmplfYMVw8g8VL
fobj0KEP+eQ5bc681alWwxKQ9KK+DGQAZkAOIOVmUhEZ0IY2ReBSLiVGf0TO+lA2ZJCRgL1FJ92XS
mhZzDqRp5qjKO/TyMIodDIHBBj+fTX74Eb0T0aEa9YPJSj2Tcarh6q92zQoSzYADy4Inl92sSXpRj
wIK5nbtw==;
Received: from bmaproje by cp-wc87.per01.ds.network with local (Exim 4.94.2)
(envelope-from <[email protected]01.ds.network>)
id WHIPED FROM REPORT
for WHIPED FROM REPORT; WHIPED FROM REPORT
To: WHIPED FROM REPORT
Subject: [ WHIPED FROM REPORT ] WARNING The domain "WHIPED FROM REPORT" has reached their disk quota.
X-PHP-Script: test.artworkexpert.com.au/class.lib.php for 91.207.102.163, 141.101.77.234
X-PHP-Filename: /home3/bmaproje/public_html/class.lib.php REMOTE_ADDR: 141.101.77.234
MIME-Version: 1.0
Content-Type: multipart/alternative;boundary=4e1ca46924d55f68a4d2093989c69b55
From: cPanel on WHIPED FROM REPORT <cPanelonWHIPED FROM REPORT@test.artworkexpert.com.au>
Reply-To: cPanelonWHIPED FROM REPORT@test.artworkexpert.com.au
Message-Id: <E1mey77-001ikG-MM@cp-wc87.per01.ds.network>
Date: WHIPED FROM REPORT
X-AntiAbuse: This header was added to track abuse, please include it with any abuse report
X-AntiAbuse: Primary Hostname - cp-wc87.per01.ds.network
X-AntiAbuse: Original Domain - WHIPED FROM REPORT
X-AntiAbuse: Originator/Caller UID/GID - [3198 991] / [47 12]
X-AntiAbuse: Sender Address Domain - cp-wc87.per01.ds.network
X-Get-Message-Sender-Via: cp-wc87.per01.ds.network: authenticated_id: bmaproje/from_h
X-Authenticated-Sender: cp-wc87.per01.ds.network: cPanelonWHIPED FROM REPORT@test.artworkexpert.com.au
X-Source:
X-Source-Args:
X-Source-Dir: /
======================
How may I can report this to you? Is there a way that cPanel could block this type of phishing/scam?
Never the less, I have already updated my filters to block emails like this, but think that cPanel should do a kind of KEY to prevent scammers to impersonate this or any other email coming from the OS in the servers.
Here are the related Email headers, I have suppressed any info about my servers or accounts:
======================
Received from IP 81.169.146.201:
Code:
Received: from mail-62-r20.ipv4.per01.ds.network ([27.123.24.218]:50604)
by WHIPED FROM REPORT
(envelope-from <[email protected]>)
id WHIPED FROM REPORT
for WHIPED FROM REPORT; WHIPED FROM REPORT
Received: from cp-wc87.per01.ds.network (cp-wc87.per01.ds.network [103.67.235.61])
by halon-out02.au.ds.network (Halon) with ESMTPS
id 3e4f15c2-3586-11ec-bc81-f8bc1204ff90;
WHIPED FROM REPORT
DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed;
d=test.artworkexpert.com.au; s=default; h=Date:Message-Id:Reply-To:From:
Content-Type:MIME-Version:Subject:To:Sender:Cc:Content-Transfer-Encoding:
Content-ID:Content-Description:Resent-Date:Resent-From:Resent-Sender:
Resent-To:Resent-Cc:Resent-Message-ID:In-Reply-To:References:List-Id:
List-Help:List-Unsubscribe:List-Subscribe:List-Post:List-Owner:List-Archive;
bh=TEqqyGSV1Ad5Xu2o/Hdb+/GyX/OKCfZWE2pkJHX/B1g=; b=MosumGZiICSi+YqtHjqIIvt42v
ThIJfDOQR/Qw+RyfSG7TH4AWfazfN0Xz0FfMBOrvi9mNzvpfJyII79bX6gJ0qxKn0+IlCg9pqvu37
oXSocMdE+UmBVGojYC5orehkEOh5FZTQW9Pdid/2s65Ct1pWxBdK2jEiFMRbhSNnmplfYMVw8g8VL
fobj0KEP+eQ5bc681alWwxKQ9KK+DGQAZkAOIOVmUhEZ0IY2ReBSLiVGf0TO+lA2ZJCRgL1FJ92XS
mhZzDqRp5qjKO/TyMIodDIHBBj+fTX74Eb0T0aEa9YPJSj2Tcarh6q92zQoSzYADy4Inl92sSXpRj
wIK5nbtw==;
Received: from bmaproje by cp-wc87.per01.ds.network with local (Exim 4.94.2)
(envelope-from <[email protected]>)
id WHIPED FROM REPORT
for WHIPED FROM REPORT; Mon, WHIPED FROM REPORT
To: WHIPED FROM REPORT
Subject: [ WHIPED FROM REPORT ] WARNING The domain "WHIPED FROM REPORT" has reached their disk quota.
X-PHP-Script: test.artworkexpert.com.au/class.lib.php for 91.207.102.163, 141.101.77.234
X-PHP-Filename: /home3/bmaproje/public_html/class.lib.php REMOTE_ADDR: 141.101.77.234
MIME-Version: 1.0
Content-Type: multipart/alternative;boundary=4e1ca46924d55f68a4d2093989c69b55
From: cPanel on WHIPED FROM REPORT <cPanelonWHIPED FROM [email protected]>
Reply-To: cPanelonWHIPED FROM [email protected]
Message-Id: <[email protected]>
Date: Mon, WHIPED FROM REPORT
X-AntiAbuse: This header was added to track abuse, please include it with any abuse report
X-AntiAbuse: Primary Hostname - cp-wc87.per01.ds.network
X-AntiAbuse: Original Domain - WHIPED FROM REPORT
X-AntiAbuse: Originator/Caller UID/GID - [3198 991] / [47 12]
X-AntiAbuse: Sender Address Domain - cp-wc87.per01.ds.network
X-Get-Message-Sender-Via: cp-wc87.per01.ds.network: authenticated_id: bmaproje/from_h
X-Authenticated-Sender: cp-wc87.per01.ds.network: cPanelonWHIPED FROM [email protected]
X-Source:
X-Source-Args:
X-Source-Dir: /
======================
Received from IP 27.123.24.218:
Received: from mail-62-r20.ipv4.per01.ds.network ([27.123.24.218]:50604)
by WHIPED FROM REPORT
(envelope-from <[email protected]01.ds.network>)
id WHIPED FROM REPORT
for WHIPED FROM REPORT; WHIPED FROM REPORT
Received: from cp-wc87.per01.ds.network (cp-wc87.per01.ds.network [103.67.235.61])
by halon-out02.au.ds.network (Halon) with ESMTPS
id WHIPED FROM REPORT;
WHIPED FROM REPORT
DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed;
d=test.artworkexpert.com.au; s=default; h=Date:Message-Id:Reply-To:From:
Content-Type:MIME-Version:Subject:To:Sender:Cc:Content-Transfer-Encoding:
Content-ID:Content-Description:Resent-Date:Resent-From:Resent-Sender:
Resent-To:Resent-Cc:Resent-Message-ID:In-Reply-To:References:List-Id:
List-Help:List-Unsubscribe:List-Subscribe:List-Post:List-Owner:List-Archive;
bh=TEqqyGSV1Ad5Xu2o/Hdb+/GyX/OKCfZWE2pkJHX/B1g=; b=MosumGZiICSi+YqtHjqIIvt42v
ThIJfDOQR/Qw+RyfSG7TH4AWfazfN0Xz0FfMBOrvi9mNzvpfJyII79bX6gJ0qxKn0+IlCg9pqvu37
oXSocMdE+UmBVGojYC5orehkEOh5FZTQW9Pdid/2s65Ct1pWxBdK2jEiFMRbhSNnmplfYMVw8g8VL
fobj0KEP+eQ5bc681alWwxKQ9KK+DGQAZkAOIOVmUhEZ0IY2ReBSLiVGf0TO+lA2ZJCRgL1FJ92XS
mhZzDqRp5qjKO/TyMIodDIHBBj+fTX74Eb0T0aEa9YPJSj2Tcarh6q92zQoSzYADy4Inl92sSXpRj
wIK5nbtw==;
Received: from bmaproje by cp-wc87.per01.ds.network with local (Exim 4.94.2)
(envelope-from <[email protected]01.ds.network>)
id WHIPED FROM REPORT
for WHIPED FROM REPORT; WHIPED FROM REPORT
To: WHIPED FROM REPORT
Subject: [ WHIPED FROM REPORT ] WARNING The domain "WHIPED FROM REPORT" has reached their disk quota.
X-PHP-Script: test.artworkexpert.com.au/class.lib.php for 91.207.102.163, 141.101.77.234
X-PHP-Filename: /home3/bmaproje/public_html/class.lib.php REMOTE_ADDR: 141.101.77.234
MIME-Version: 1.0
Content-Type: multipart/alternative;boundary=4e1ca46924d55f68a4d2093989c69b55
From: cPanel on WHIPED FROM REPORT <cPanelonWHIPED FROM REPORT@test.artworkexpert.com.au>
Reply-To: cPanelonWHIPED FROM REPORT@test.artworkexpert.com.au
Message-Id: <E1mey77-001ikG-MM@cp-wc87.per01.ds.network>
Date: WHIPED FROM REPORT
X-AntiAbuse: This header was added to track abuse, please include it with any abuse report
X-AntiAbuse: Primary Hostname - cp-wc87.per01.ds.network
X-AntiAbuse: Original Domain - WHIPED FROM REPORT
X-AntiAbuse: Originator/Caller UID/GID - [3198 991] / [47 12]
X-AntiAbuse: Sender Address Domain - cp-wc87.per01.ds.network
X-Get-Message-Sender-Via: cp-wc87.per01.ds.network: authenticated_id: bmaproje/from_h
X-Authenticated-Sender: cp-wc87.per01.ds.network: cPanelonWHIPED FROM REPORT@test.artworkexpert.com.au
X-Source:
X-Source-Args:
X-Source-Dir: /
======================