(Incoming Emails Suspension)

From Address: [email protected]

Forged from address, email did not originate from qwestoffice.net.

Actual sending domain: sitemail.siteprotect.com

Sending domain is an email service provider, probably used in violation of their terms. Abuse contact is listed in Abuse.net.

Sending abuse contact: [email protected]

Email Body:

Dear Email User,

We have just completed an upgrade to all our webmail servers. Our severs are now upgraded to the 2023 F-Secure antivirus platform for improved security, faster downloading of IMAP emails on email clients (Microsoft Outlook, Mozilla Thunderbird), enhanced email sending capabilities and lots more. However due to this upgrade, you will need update the mail settings for seamless configuration to avoid interruption of incoming mails.

No verification is needed. just follow (link-1) to update now.


Webmail Admin

This notification was sent to you by webmail Server Administrator
© Cpanel Webmail. Trading as a division of internet Solutions Digital (Pty) Ltd. All Rights Reserved.

Link-1: hxxps://potent-pentagonal-century.glitch.me/

URLScan: potent-pentagonal-century.glitch.me - urlscan.io

IP Address:

Hosting: Amazon

URLScan shows many different phishing pages on this IP address, all with glitch.me domains

Abuse reported to Amazon: [email protected]

Glitch.me appears to be a legitimate site offering subdomains.

1 Like

I’ve gotten webmail suspension scams on my GMX and also on my self-hosted (on a VPS) qmail server. It’s always this shallow.