Unauthorized direct-to-MX SMTP connection from 221.120.57.174 targeting wadge.com mail server. Sende ...
show moreUnauthorized direct-to-MX SMTP connection from 221.120.57.174 targeting wadge.com mail server. Sender used spoofed/randomized address [email protected]. Exim rejected session with "Number of failed recipients exceeded." Multiple invalid RCPT attempts targeting administrative addresses including [email protected]. Rejected before DATA phase (0 bytes accepted). Source appears to be compromised residential/mobile host or automated spam bot performing recipient harvesting.
show less
From Address: 2c3ruu38822g@licenteneplagiate
Unauthorized SMTP recipient harvesting against wadge.c ...
show moreFrom Address: 2c3ruu38822g@licenteneplagiate
Unauthorized SMTP recipient harvesting against wadge.com. Exim rejection: "Number of failed recipients exceeded." Multiple invalid RCPT attempts from 45.82.110.150. Rejected before DATA phase (0 bytes accepted).
show less
Unauthorized SMTP recipient harvesting against wadge.com. Exim rejection: "Number of failed recipien ...
show moreUnauthorized SMTP recipient harvesting against wadge.com. Exim rejection: "Number of failed recipients exceeded." Multiple invalid RCPT attempts from 45.82.110.150. Rejected before DATA phase (0 bytes accepted). Also a showing from licenteneplagiate.com address
show less
IP observed in upstream email relay headers associated with a sextortion/backscatter spam message us ...
show moreIP observed in upstream email relay headers associated with a sextortion/backscatter spam message using forged sender information.
Header excerpt:
Received: from uywoged ([135.56.65.91]) by 03474.com with MailEnable ESMTP
Indicators included:
- spoofed sender using my domain
- suspicious/random HELO hostname
- MailEnable/qmail relay chain
- sextortion subject/content
- extremely high SpamAssassin score (47.8)
This IP appeared in upstream relay headers and may represent compromised, spoofed, or abused SMTP infrastructure involved in spam delivery or bounce-backscatter activity.
show less
IP observed in headers associated with sextortion/backscatter spam using forged sender information.
...
show moreIP observed in headers associated with sextortion/backscatter spam using forged sender information.
Characteristics included:
spoofed sender address using my domain
suspicious HELO mismatch
MailEnable/qmail relay chain
sextortion subject line
high SpamAssassin score (47.8)
Relevant excerpts:
Received: from [125.209.103.116] (helo=[125.209.103.113])
Received: from uywoged ([135.56.65.91]) by 03474.com with MailEnable ESMTP
This may represent compromised or abused SMTP infrastructure involved in a spam campaign or bounce-backscatter event.
show less
Observed sextortion/backscatter spam activity associated with IP 155.223.104.41.
Email headers show ...
show moreObserved sextortion/backscatter spam activity associated with IP 155.223.104.41.
Email headers showed:
forged sender address using my domain
suspicious HELO/hostname values
MailEnable/qmail relay chain
sextortion subject line (โYOU PERVERT! I RECORDED YOU!โ)
spam score 43.8/438 from SpamAssassin
Relevant header excerpt:
Received: from jqauecb ([155.223.104.41]) by 10164.com with MailEnable ESMTP
show less
SMTP source observed delivering spam email to wadge.com.
HELO/EHLO hostname: wpb-e2.bbbdhi99.pro
E ...
show moreSMTP source observed delivering spam email to wadge.com.
HELO/EHLO hostname: wpb-e2.bbbdhi99.pro
Envelope sender: [email protected]
Source IP observed in Exim/cPanel Track Delivery logs.
Likely spam or compromised hosting infrastructure.
show less
Sextortion spam campaign spoofing my own domain email address ([email protected]). SMTP connection ob ...
show moreSextortion spam campaign spoofing my own domain email address ([email protected]). SMTP connection observed directly from 46.42.242.74 to my mail server (Exim 4.99.2). Message attempted cryptocurrency extortion and falsely claimed device compromise/webcam recording.
Subject:
SPAM YOU PERVERT! I RECORDED YOU!
Included multiple cryptocurrency wallet addresses and spoofed sender identity.
Relevant header:
Received: from [46.42.242.74] by mail6-ssd.bzybhosting.com with esmtp
No evidence of legitimate mail activity.
show less
IP observed sending spoofed sextortion/phishing email to my mail server.
The message spoofed my o ...
show moreIP observed sending spoofed sextortion/phishing email to my mail server.
The message spoofed my own domain (wadge.com), falsely claimed device compromise, and demanded cryptocurrency payment using multiple wallet addresses.
Observed in SMTP headers:
Received: from [173.244.159.157]
Subject:
"YOU PERVERT! I RECORDED YOU!"
This appears to be part of a bulk extortion spam campaign.
show less
Automated SMTP recipient harvesting / dictionary probing against mail server.
Remote host attempt ...
show moreAutomated SMTP recipient harvesting / dictionary probing against mail server.
Remote host attempted repeated deliveries to invalid recipients at wadge.com.
Server rejected further attempts with:
"Number of failed recipients exceeded. Come back in a few hours."
Unauthenticated remote SMTP activity. Likely automated spam bot or compromised host.
show less
Automated SMTP recipient harvesting / dictionary attack against mail server.
Remote IP attempted ...
show moreAutomated SMTP recipient harvesting / dictionary attack against mail server.
Remote IP attempted repeated invalid recipient deliveries to multiple addresses at wadge.com.
Server rejected connection after excessive failed recipients:
"Number of failed recipients exceeded. Come back in a few hours."
No authentication involved. Unauthorized SMTP probing activity.
show less
SMTP spam source delivering spoofed sextortion email to my mail server.
Observed:
- forged sen ...
show moreSMTP spam source delivering spoofed sextortion email to my mail server.
Observed:
- forged sender using my domain (wadge.com)
- spoofed self-sender
- sextortion/RAT scam content
- suspicious MailEnable relay infrastructure (17398.com)
- random HELO values
- no meaningful reverse DNS
- SpamAssassin score >45
Header excerpt:
Received: from [82.115.47.207] by mail6-ssd.bzybhosting.com with esmtp
Subject:
YOU PERVERT! I RECORDED YOU!
show less
Repeated SMTP connections from 27.123.104.142 attempting delivery to multiple randomly generated and ...
show moreRepeated SMTP connections from 27.123.104.142 attempting delivery to multiple randomly generated and role-based addresses at my domain (dictionary harvesting behavior).
Forged sender example:
[email protected]
Connections were rejected during SMTP transaction with:
"Sender verify failed"
No authentication used.
No message body accepted (0-byte rejection).
Observed May 10, 2026 around 05:16 MDT.
show less
SMTP spam source delivering spoofed sextortion email to my mail server.
Observed:
- forged sen ...
show moreSMTP spam source delivering spoofed sextortion email to my mail server.
Observed:
- forged sender using my domain (wadge.com)
- spoofed self-sender
- sextortion/RAT scam content
- suspicious MailEnable relay infrastructure
- invalid/random HELO values
- no meaningful reverse DNS
- SpamAssassin score >45
Header excerpt:
Received: from [113.69.182.39] by mail6-ssd.bzybhosting.com with esmtp
Subject:
YOU PERVERT! I RECORDED YOU!
show less
Email SpamSpoofingExploited Host
By clicking โAccept allโ, you agree to the storing of cookies on your device to remember preferences and
analyze site usage.
Read more
- Required to log into your AbuseIPDB account, and store these cookie preferences.