Hello Contabo,
Several of our customers received phishing e-mails today originating from the host below:
Jun 17 08:56:05 mail3 amavis[49720]: (49720-20) Passed CLEAN {RelayedInbound}, [109.199.96.224]:46238 [109.199.96.224] ESMTP/ESMTP <noreply@1and1.com.de> -> <andi@bikefabrik.at>, (ESMTPS://[109.199.96.224]:46238), Queue-ID: 4bLyM72Ys7zSl5Q, Message-ID: <20250617065556.D8C40BB35167601F@mail.1and1.com.de>, mail_id: djPpbBAV-FcJ, b: nRFc23oEN, Hits: 3.372, size: 35 252, queued_as: 4bLyM95FTSzSl6d, Subject: "Offene Rechnung für bikefabrik.at – bitte begleichen", From: <"Rechnungsstellel_noreply"@1and1.com.de> (dkim:AUTHOR), helo=mail.1and1.com.de, Tests: [BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_EF=-0.1, HTML_FONT_LOW_CONTRAST=0.001, HTML_MESSAGE=0.001, HTML_OBFUSCATE_05_10=0.26, MIME_HEADER_CTYPE_ONLY=0.1, SCHAALIT_HEADER_6168=5, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, T_HTML_ATTACH=0.01], autolearn=disabled, autolearnscore=5.014, relaycountry=RO, dkim_i=@1and1.com.de, dkim_sd=default:1and1.com.de, 2281 ms
Please block the offending user or otherwise prevent further traffic from 109.199.96.224. We have already spent significant time cleaning up the incident.
Best regards,
Tom Knienieder
peaknetworks Hosting GmbH
Eduard-Bodem-Gasse 5–7, 6020 Innsbruck, Austria
Phone: +43 512 319780 | E-mail: support@peaknetworks.net
Web: www.peaknetworks.at
peaknetworks Schweiz GmbH
Birkenstrasse 49, 6343 Rotkreuz, Switzerland
Phone: +41 52 208 20 90 | E-mail: support@peaknetworks.net
Web: www.peaknetworks.ch
🌱 Sustainable Hosting: Platinum partner of RZO Gais
🔒 Security & Quality: Highest standards for data protection and performance
